| CVE Number |
Description |
Base Score |
Reference |
| CVE-2021-3133 |
The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3133 |
| CVE-2021-29658 |
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29658 |
| CVE-2021-28792 |
The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite, swift.path.sourcekiteDockerMode, swift.path.swift_driver_bin, or swift.path.shell configuration value that triggers execution upon opening the workspace. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28792 |
| CVE-2021-27243 |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11924. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27243 |
| CVE-2021-27242 |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27242 |
| CVE-2021-27239 |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27239 |
| CVE-2021-26919 |
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26919 |
| CVE-2021-25924 |
In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or execute system commands in the post_backup_script field. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25924 |
| CVE-2021-25646 |
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25646 |
| CVE-2021-25150 |
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25150 |
| CVE-2021-25144 |
A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25144 |
| CVE-2021-23988 |
Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 87. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23988 |
| CVE-2021-23987 |
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23987 |
| CVE-2021-23363 |
This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23363 |
| CVE-2021-23348 |
This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23348 |
| CVE-2021-22993 |
On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22993 |
| CVE-2021-22988 |
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22988 |
| CVE-2021-22538 |
A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own. This occurs due to insufficient checks on the allowed set of permissions. The new user creation event would be captured in the Event Log. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22538 |
| CVE-2021-21782 |
An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21782 |
| CVE-2021-21638 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21638 |
| CVE-2021-21633 |
A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21633 |
| CVE-2021-21629 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21629 |
| CVE-2021-21412 |
Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled). PR with patch has been submitted and will has been released as of v0.4.0 By default the EGF parse functions do NOT attempt to decrypt values (since GPG only available in non-browser env). However, if GPG encrypted values are used/required: 1. Perform a regex search for `#gpg`-tagged values in the EGF source file/string and check for backtick (\\`) chars in the encrypted value string 2. Replace/remove them or skip parsing if present. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21412 |
| CVE-2021-21389 |
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21389 |
| CVE-2021-21372 |
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21372 |
| CVE-2021-21190 |
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21190 |
| CVE-2021-21188 |
Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21188 |
| CVE-2021-21180 |
Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21180 |
| CVE-2021-21179 |
Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21179 |
| CVE-2021-21174 |
Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21174 |
| CVE-2021-21169 |
Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21169 |
| CVE-2021-21167 |
Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21167 |
| CVE-2021-21166 |
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21166 |
| CVE-2021-21165 |
Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21165 |
| CVE-2021-21162 |
Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21162 |
| CVE-2021-21161 |
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21161 |
| CVE-2021-21160 |
Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21160 |
| CVE-2021-21159 |
Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21159 |
| CVE-2020-8112 |
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-8112 |
| CVE-2020-7468 |
In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a ftpd(8) bug in the implementation of the file system sandbox, combined with capabilities available to an authenticated FTP user, can be used to escape the file system restriction configured in ftpchroot(5). Moreover, the bug allows a malicious client to gain root privileges. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7468 |
| CVE-2020-6507 |
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6507 |
| CVE-2020-35135 |
The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-35135 |
| CVE-2020-28695 |
Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28695 |
| CVE-2020-27920 |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing maliciously crafted web content may lead to code execution. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27920 |
| CVE-2020-19641 |
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19641 |
| CVE-2020-19639 |
Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19639 |
| CVE-2020-13936 |
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13936 |
| CVE-2017-7662 |
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7662 |
| CVE-2017-7661 |
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7661 |
| CVE-2017-12631 |
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-12631 |
| CVE-2020-25582 |
In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. |
8.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25582 |
| CVE-2021-22659 |
Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user. |
8.6 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22659 |
| CVE-2021-21349 |
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. |
8.6 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21349 |
| CVE-2020-25097 |
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. |
8.6 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25097 |
| CVE-2021-21332 |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains. This is fixed in version 1.27.0. |
8.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21332 |
| CVE-2020-35517 |
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. |
8.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-35517 |
| CVE-2020-11988 |
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. |
8.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11988 |
| CVE-2021-28546 |
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to modify content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28546 |
| CVE-2021-27245 |
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27245 |
| CVE-2021-25162 |
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25162 |
| CVE-2021-25148 |
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25148 |
| CVE-2021-23981 |
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23981 |
| CVE-2021-23923 |
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23923 |
| CVE-2021-21772 |
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21772 |
| CVE-2021-21172 |
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21172 |
| CVE-2021-20235 |
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20235 |
| CVE-2020-28052 |
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28052 |
| CVE-2019-13616 |
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2019-13616 |
| CVE-2018-8039 |
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2018-8039 |
| CVE-2017-7571 |
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges. |
8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7571 |
| CVE-2021-29098 |
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29098 |
| CVE-2021-29097 |
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29097 |
| CVE-2021-29096 |
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29096 |
| CVE-2021-28954 |
In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28954 |
| CVE-2021-28953 |
The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28953 |
| CVE-2021-28818 |
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28818 |
| CVE-2021-28791 |
The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configuration value that triggers execution upon opening the workspace. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28791 |
| CVE-2021-28790 |
The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configuration value that triggers execution upon opening the workspace. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28790 |
| CVE-2021-28789 |
The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-format.path configuration value that triggers execution upon opening the workspace. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28789 |
| CVE-2021-28660 |
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28660 |
| CVE-2021-28375 |
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28375 |
| CVE-2021-27579 |
Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions that may be deployed and in use across an IT environment. A privilege-escalation vulnerability exists if CPUID is enabled, and thus it should be disabled via configuration settings. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27579 |
| CVE-2021-27365 |
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27365 |
| CVE-2021-27271 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12438. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27271 |
| CVE-2021-27270 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12230. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27270 |
| CVE-2021-27269 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-12390. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27269 |
| CVE-2021-27268 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12295. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27268 |
| CVE-2021-27267 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12294. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27267 |
| CVE-2021-27261 |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12269. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27261 |
| CVE-2021-27240 |
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27240 |
| CVE-2021-26930 |
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26930 |
| CVE-2021-25352 |
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25352 |
| CVE-2021-25349 |
Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25349 |
| CVE-2021-21776 |
An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21776 |
| CVE-2021-21773 |
An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21773 |
| CVE-2021-21420 |
vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The update addresses the vulnerability by modifying the way the extension validates its settings. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21420 |
| CVE-2021-20226 |
A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20226 |
| CVE-2021-20194 |
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20194 |
| CVE-2020-9147 |
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers may exploit this vulnerability by carefully constructing attack scenarios to cause out-of-bounds read. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-9147 |
| CVE-2020-7850 |
NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7850 |
| CVE-2020-6656 |
Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6656 |
| CVE-2020-6655 |
The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6655 |
| CVE-2020-28243 |
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28243 |
| CVE-2020-27931 |
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27931 |
| CVE-2020-27924 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27924 |
| CVE-2020-27923 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted image may lead to arbitrary code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27923 |
| CVE-2020-27922 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted font file may lead to arbitrary code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27922 |
| CVE-2020-27919 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27919 |
| CVE-2020-27918 |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27918 |
| CVE-2020-27814 |
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27814 |
| CVE-2020-24995 |
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-24995 |
| CVE-2020-12497 |
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-12497 |
| CVE-2020-10642 |
In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10642 |
| CVE-2019-19787 |
ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-19787 |
| CVE-2019-19786 |
ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-19786 |
| CVE-2019-19785 |
ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-19785 |
| CVE-2017-8927 |
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-8927 |
| CVE-2017-6669 |
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-6669 |
| CVE-2017-2886 |
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2886 |
| CVE-2020-7467 |
In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. |
7.6 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7467 |
| CVE-2021-29938 |
An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29938 |
| CVE-2021-29933 |
An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29933 |
| CVE-2021-29932 |
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29932 |
| CVE-2021-29931 |
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop(). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29931 |
| CVE-2021-29930 |
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default(). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29930 |
| CVE-2021-29929 |
An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29929 |
| CVE-2021-29376 |
ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and client crash, disconnecting the victim from an IRC server) via a crafted CTCP UTC message. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29376 |
| CVE-2021-29255 |
MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29255 |
| CVE-2021-29249 |
BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29249 |
| CVE-2021-28994 |
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28994 |
| CVE-2021-28937 |
The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext. The page can be intercepted on HTTP. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28937 |
| CVE-2021-28936 |
The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28936 |
| CVE-2021-28831 |
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28831 |
| CVE-2021-28669 |
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28669 |
| CVE-2021-28245 |
PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28245 |
| CVE-2021-28165 |
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28165 |
| CVE-2021-28117 |
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28117 |
| CVE-2021-27358 |
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27358 |
| CVE-2021-26119 |
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26119 |
| CVE-2021-25143 |
A remote denial of service (dos) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25143 |
| CVE-2021-23924 |
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23924 |
| CVE-2021-23840 |
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23840 |
| CVE-2021-23004 |
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23004 |
| CVE-2021-23003 |
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23003 |
| CVE-2021-23000 |
On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23000 |
| CVE-2021-22999 |
On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22999 |
| CVE-2021-22997 |
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22997 |
| CVE-2021-22996 |
On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22996 |
| CVE-2021-22995 |
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22995 |
| CVE-2021-22506 |
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22506 |
| CVE-2021-21975 |
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21975 |
| CVE-2021-21727 |
A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets to the affected devices, which eventually leads to device denial of service. This affects:<ZXHN F623><All versions up to V6.0.0P3T33> |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21727 |
| CVE-2021-21348 |
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21348 |
| CVE-2021-21343 |
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21343 |
| CVE-2021-21341 |
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21341 |
| CVE-2021-20679 |
Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273, DocuCentre-VII C7788/C6688/C5588, ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372 C2273, ApeosPort-VII C7788/C6688/C5588, ApeosPort C7070/C6570/C5570/C4570/C3570/C3070/C7070G/C6570G/C5570G/C4570G/C3570G/C3070G, ApeosPort-VII C4421/C3321, ApeosPort C3060/C2560/C2060/C3060G/C2560G/C2060G, ApeosPort-VII CP4421, ApeosPort Print C5570, ApeosPort 5570/4570/5570G/4570G, ApeosPort 3560/3060/2560/3560G/3060G/2560G, ApeosPort-VII 5021/ 4021, ApeosPort-VII P5021, DocuPrint CP 555 d/505 d, DocuPrint P505 d, PrimeLink C9065/C9070, DocuPrint CP475AP, and DocuPrint P475AP) allow an attacker to cause a denial of service (DoS) condition and abnormal end (ABEND) of the affected products via sending a specially crafted command. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20679 |
| CVE-2021-1460 |
A vulnerability in the Cisco IOx Application Framework of Cisco 809 Industrial Integrated Services Routers (Industrial ISRs), Cisco 829 Industrial ISRs, Cisco CGR 1000 Compute Module, and Cisco IC3000 Industrial Compute Gateway could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error handling during packet processing. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the IOx web server on an affected device. A successful exploit could allow the attacker to cause the IOx web server to stop processing requests, resulting in a DoS condition. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1460 |
| CVE-2021-1437 |
A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1437 |
| CVE-2020-8286 |
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-8286 |
| CVE-2020-8285 |
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-8285 |
| CVE-2020-8231 |
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-8231 |
| CVE-2020-8169 |
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-8169 |
| CVE-2020-7238 |
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7238 |
| CVE-2020-6851 |
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6851 |
| CVE-2020-5398 |
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-5398 |
| CVE-2020-36281 |
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36281 |
| CVE-2020-36279 |
Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36279 |
| CVE-2020-36278 |
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36278 |
| CVE-2020-36277 |
Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36277 |
| CVE-2020-36002 |
Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36002 |
| CVE-2020-35733 |
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-35733 |
| CVE-2020-27543 |
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27543 |
| CVE-2020-26797 |
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-26797 |
| CVE-2020-25581 |
In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25581 |
| CVE-2020-19640 |
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19640 |
| CVE-2020-19613 |
Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19613 |
| CVE-2020-13933 |
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13933 |
| CVE-2020-13432 |
rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13432 |
| CVE-2020-11612 |
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11612 |
| CVE-2020-10663 |
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10663 |
| CVE-2019-12423 |
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-12423 |
| CVE-2019-0222 |
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-0222 |
| CVE-2018-8038 |
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2018-8038 |
| CVE-2018-13982 |
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2018-13982 |
| CVE-2018-1110 |
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1110 |
| CVE-2017-6751 |
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-6751 |
| CVE-2017-5656 |
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-5656 |
| CVE-2017-3156 |
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-3156 |
| CVE-2016-8739 |
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2016-8739 |
| CVE-2015-5175 |
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2015-5175 |
| CVE-2021-3450 |
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). |
7.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3450 |
| CVE-2021-1439 |
A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition. |
7.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1439 |
| CVE-2020-35662 |
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. |
7.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-35662 |
| CVE-2021-29942 |
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large. |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29942 |
| CVE-2021-29941 |
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small. |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29941 |
| CVE-2021-29939 |
An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data. |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29939 |
| CVE-2021-29935 |
An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics. |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29935 |
| CVE-2021-29934 |
An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation. |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29934 |
| CVE-2020-7461 |
In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7461 |
| CVE-2021-25146 |
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25146 |
| CVE-2021-22990 |
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22990 |
| CVE-2021-20206 |
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20206 |
| CVE-2020-7712 |
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7712 |
| CVE-2020-6234 |
SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6234 |
| CVE-2020-28173 |
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28173 |
| CVE-2020-26820 |
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-26820 |
| CVE-2020-25217 |
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25217 |
| CVE-2020-24635 |
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-24635 |
| CVE-2019-11539 |
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2019-11539 |
| CVE-2018-13790 |
A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL functionality on the File Manager page. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2018-13790 |
| CVE-2021-27364 |
An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27364 |
| CVE-2021-25353 |
Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25353 |
| CVE-2021-20502 |
IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 198059. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20502 |
| CVE-2021-20482 |
IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20482 |
| CVE-2020-8177 |
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-8177 |
| CVE-2020-15075 |
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-15075 |
| CVE-2021-3348 |
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3348 |
| CVE-2021-20271 |
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20271 |
| CVE-2020-35508 |
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-35508 |
| CVE-2020-27921 |
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27921 |
| CVE-2020-27216 |
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27216 |
| CVE-2021-29095 |
Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29095 |
| CVE-2021-29094 |
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29094 |
| CVE-2021-29093 |
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29093 |
| CVE-2021-1452 |
A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set. An attacker could exploit this vulnerability by setting malicious values for a specific ROMMON variable. A successful exploit could allow the attacker to execute unsigned code and bypass the image verification check during the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated, physical access to the device or obtain privileged access to the root shell on the device. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1452 |
| CVE-2019-5317 |
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5317 |
| CVE-2017-5646 |
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-5646 |
| CVE-2021-25372 |
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25372 |
| CVE-2021-25371 |
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25371 |
| CVE-2021-1449 |
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1449 |
| CVE-2021-1371 |
A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges. |
6.6 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1371 |
| CVE-2021-29416 |
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29416 |
| CVE-2021-29251 |
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29251 |
| CVE-2021-28038 |
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28038 |
| CVE-2021-27244 |
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11925. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27244 |
| CVE-2021-26597 |
An issue was discovered in Nokia NetAct 18A. A remote user, authenticated to the NOKIA NetAct Web Page, can visit the Site Configuration Tool web site section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26597 |
| CVE-2021-26581 |
A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch BMC must be rebooted to recover from this situation. Other BMC management is not impacted. HPE has made the following software update to resolve the vulnerability in HPE Superdome Flex Server: Superdome Flex Server Firmware 3.30.142 or later. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26581 |
| CVE-2021-25159 |
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25159 |
| CVE-2021-25155 |
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25155 |
| CVE-2021-25145 |
A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25145 |
| CVE-2021-23986 |
A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing a same-origin policy bypass by the extension, which should not have cross-origin permissions. This cross-origin request was made without cookies, so the sensitive information disclosed by the violation was limited to local-network resources or resources that perform IP-based authentication. This vulnerability affects Firefox < 87. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23986 |
| CVE-2021-23985 |
If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user. This would have allowed a remote attacker (able to make a direct network connection to the victim) to monitor the user's browsing activity and (plaintext) network traffic. This was addressed by providing a visual cue when Devtools has an open network socket. This vulnerability affects Firefox < 87. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23985 |
| CVE-2021-23984 |
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23984 |
| CVE-2021-23983 |
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 87. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23983 |
| CVE-2021-23982 |
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23982 |
| CVE-2021-23890 |
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23890 |
| CVE-2021-21983 |
Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21983 |
| CVE-2021-21637 |
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21637 |
| CVE-2021-21634 |
Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21634 |
| CVE-2021-21632 |
A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21632 |
| CVE-2021-21421 |
node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21421 |
| CVE-2021-21396 |
wire-server is an open-source back end for Wire, a secure collaboration platform. In wire-server from version 2021-02-16 and before version 2021-03-02, the client metadata of all users was exposed in the `GET /users/list-clients` endpoint. The endpoint could be used by any logged in user who could request client details of any other user (no connection required) as far as they can find their User ID. The exposed metadata included id, class, type, location, time, and cookie. A user on a Wire backend could use this endpoint to find registration time and location for each device for a given list of users. As a workaround, remove `/list-clients` from nginx config. This has been fixed in version 2021-03-02. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21396 |
| CVE-2021-21182 |
Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21182 |
| CVE-2021-21181 |
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21181 |
| CVE-2021-21178 |
Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21178 |
| CVE-2021-21177 |
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21177 |
| CVE-2021-21176 |
Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21176 |
| CVE-2021-21175 |
Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21175 |
| CVE-2021-21173 |
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21173 |
| CVE-2021-21171 |
Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21171 |
| CVE-2021-21170 |
Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21170 |
| CVE-2021-21168 |
Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21168 |
| CVE-2021-21164 |
Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21164 |
| CVE-2021-21163 |
Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21163 |
| CVE-2021-20291 |
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20291 |
| CVE-2021-20234 |
An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20234 |
| CVE-2020-35773 |
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-35773 |
| CVE-2020-35137 |
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-35137 |
| CVE-2020-28591 |
An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28591 |
| CVE-2020-16040 |
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16040 |
| CVE-2020-15389 |
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-15389 |
| CVE-2020-10730 |
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-10730 |
| CVE-2019-20808 |
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-20808 |
| CVE-2019-12406 |
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-12406 |
| CVE-2021-20197 |
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. |
6.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20197 |
| CVE-2021-30002 |
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. |
6.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-30002 |
| CVE-2020-19642 |
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card. |
6.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19642 |
| CVE-2021-3275 |
Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3275 |
| CVE-2021-3189 |
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3189 |
| CVE-2021-29652 |
Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29652 |
| CVE-2021-29651 |
Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29651 |
| CVE-2021-29272 |
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29272 |
| CVE-2021-29271 |
remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29271 |
| CVE-2021-29267 |
Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29267 |
| CVE-2021-28796 |
Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28796 |
| CVE-2021-27349 |
Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27349 |
| CVE-2021-27241 |
This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27241 |
| CVE-2021-26580 |
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.80 or later. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26580 |
| CVE-2021-25894 |
Magnolia CMS contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25894 |
| CVE-2021-25161 |
A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25161 |
| CVE-2021-23925 |
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23925 |
| CVE-2021-23006 |
On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23006 |
| CVE-2021-22994 |
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22994 |
| CVE-2021-21476 |
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21476 |
| CVE-2021-21333 |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21333 |
| CVE-2021-1629 |
Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1629 |
| CVE-2020-25840 |
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25840 |
| CVE-2020-24550 |
An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-24550 |
| CVE-2020-23839 |
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-23839 |
| CVE-2020-19643 |
Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19643 |
| CVE-2020-13954 |
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13954 |
| CVE-2019-3826 |
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2019-3826 |
| CVE-2019-17573 |
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2019-17573 |
| CVE-2019-12962 |
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2019-12962 |
| CVE-2018-13380 |
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2018-13380 |
| CVE-2017-7725 |
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2017-7725 |
| CVE-2016-6812 |
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2016-6812 |
| CVE-2016-10510 |
Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2016-10510 |
| CVE-2015-5532 |
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2015-5532 |
| CVE-2020-27171 |
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. |
6 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27171 |
| CVE-2021-3449 |
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3449 |
| CVE-2021-25158 |
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25158 |
| CVE-2021-23841 |
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23841 |
| CVE-2021-23336 |
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23336 |
| CVE-2021-21373 |
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21373 |
| CVE-2021-21295 |
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21295 |
| CVE-2020-28972 |
In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28972 |
| CVE-2018-10237 |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2018-10237 |
| CVE-2016-4830 |
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2016-4830 |
| CVE-2011-2487 |
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2011-2487 |
| CVE-2021-3479 |
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3479 |
| CVE-2021-3478 |
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3478 |
| CVE-2021-3477 |
There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, subsequently leading to an out-of-bounds read. The greatest risk of this flaw is to application availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3477 |
| CVE-2021-29650 |
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29650 |
| CVE-2021-29649 |
An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29649 |
| CVE-2021-29648 |
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly consider that resolved_ids and resolved_sizes are intentionally uninitialized in the vmlinux BPF Type Format (BTF), which can cause a system crash upon an unexpected access attempt (in map_create in kernel/bpf/syscall.c or check_btf_info in kernel/bpf/verifier.c), aka CID-350a5c4dd245. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29648 |
| CVE-2021-29647 |
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29647 |
| CVE-2021-29646 |
An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29646 |
| CVE-2021-28657 |
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28657 |
| CVE-2021-27906 |
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27906 |
| CVE-2021-27807 |
A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27807 |
| CVE-2021-26932 |
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26932 |
| CVE-2021-26931 |
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26931 |
| CVE-2021-26579 |
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26579 |
| CVE-2021-25369 |
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25369 |
| CVE-2021-21411 |
OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in `--gitlab-group` added to the new `X-Forwarded-Groups` header to the upstream application. While adding GitLab project based authorization support in #630, a bug was introduced where the user session's groups field was populated with the `--gitlab-group` config entries instead of pulling the individual user's group membership from the GitLab Userinfo endpoint. When the session groups where compared against the allowed groups for authorization, they matched improperly (since both lists were populated with the same data) so authorization was allowed. This impacts GitLab Provider users who relies on group membership for authorization restrictions. Any authenticated users in your GitLab environment can access your applications regardless of `--gitlab-group` membership restrictions. This is patched in v7.1.0. There is no workaround for the Group membership bug. But `--gitlab-project` can be set to use Project membership as the authorization checks instead of groups; it is not broken. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21411 |
| CVE-2021-21290 |
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21290 |
| CVE-2021-20284 |
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20284 |
| CVE-2021-20227 |
A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20227 |
| CVE-2021-20193 |
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20193 |
| CVE-2020-9149 |
An application error verification vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to modify and delete user SMS messages. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-9149 |
| CVE-2020-9148 |
An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to delete user SMS messages. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-9148 |
| CVE-2020-9146 |
A memory buffer error vulnerability exists in a component interface of Huawei Smartphone. Local attackers can exploit this vulnerability to cause memory leakage and doS attacks by carefully constructing attack scenarios. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-9146 |
| CVE-2020-7463 |
In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7463 |
| CVE-2020-7462 |
In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7462 |
| CVE-2020-4944 |
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain in plain text after a manuel edit, which can be read by a local user. IBM X-Force ID: 191944. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4944 |
| CVE-2020-4884 |
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4884 |
| CVE-2020-27845 |
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27845 |
| CVE-2020-27843 |
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27843 |
| CVE-2020-27842 |
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27842 |
| CVE-2020-27841 |
There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27841 |
| CVE-2020-27618 |
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27618 |
| CVE-2020-16599 |
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16599 |
| CVE-2020-16593 |
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16593 |
| CVE-2020-16591 |
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils through 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16591 |
| CVE-2020-16590 |
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils through 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16590 |
| CVE-2020-15250 |
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-15250 |
| CVE-2017-6834 |
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-6834 |
| CVE-2017-6831 |
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-6831 |
| CVE-2017-5976 |
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-5976 |
| CVE-2017-5975 |
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-5975 |
| CVE-2017-5974 |
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-5974 |
| CVE-2017-14928 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-14928 |
| CVE-2017-14926 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-14926 |
| CVE-2017-12624 |
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-12624 |
| CVE-2021-29343 |
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29343 |
| CVE-2021-28935 |
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28935 |
| CVE-2021-28047 |
Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28047 |
| CVE-2021-27352 |
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27352 |
| CVE-2021-26596 |
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26596 |
| CVE-2021-25893 |
Magnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25893 |
| CVE-2021-23922 |
An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23922 |
| CVE-2021-21635 |
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21635 |
| CVE-2021-21630 |
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21630 |
| CVE-2021-21628 |
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21628 |
| CVE-2021-21418 |
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1 |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21418 |
| CVE-2021-21398 |
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3 |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21398 |
| CVE-2021-20520 |
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20520 |
| CVE-2021-20518 |
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198437. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20518 |
| CVE-2021-20506 |
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20506 |
| CVE-2021-20504 |
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20504 |
| CVE-2021-20503 |
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20503 |
| CVE-2021-20447 |
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20447 |
| CVE-2021-20352 |
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20352 |
| CVE-2020-4848 |
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4848 |
| CVE-2020-20545 |
Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-20545 |
| CVE-2020-19619 |
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19619 |
| CVE-2020-19618 |
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19618 |
| CVE-2020-19617 |
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19617 |
| CVE-2020-19616 |
Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-19616 |
| CVE-2020-1725 |
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1725 |
| CVE-2021-3476 |
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3476 |
| CVE-2021-3475 |
There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file to be processed by OpenEXR could cause an integer overflow, potentially leading to problems with application availability. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3475 |
| CVE-2021-3474 |
There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3474 |
| CVE-2021-3470 |
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3470 |
| CVE-2021-3391 |
MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3391 |
| CVE-2021-29642 |
GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29642 |
| CVE-2021-29418 |
The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29418 |
| CVE-2021-27220 |
An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG's Web server. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27220 |
| CVE-2021-26540 |
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\\\example.com". |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26540 |
| CVE-2021-23362 |
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23362 |
| CVE-2021-23007 |
On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23007 |
| CVE-2021-22998 |
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22998 |
| CVE-2021-22876 |
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22876 |
| CVE-2021-20296 |
A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20296 |
| CVE-2021-20289 |
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20289 |
| CVE-2020-7464 |
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7464 |
| CVE-2020-36286 |
The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36286 |
| CVE-2020-36238 |
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36238 |
| CVE-2020-35518 |
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-35518 |
| CVE-2020-27223 |
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27223 |
| CVE-2020-25580 |
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 a regression in the login.access(5) rule processor has the effect of causing rules to fail to match even when they should not. This means that rules denying access may be ignored. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25580 |
| CVE-2020-25579 |
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25579 |
| CVE-2020-25578 |
In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25578 |
| CVE-2020-1954 |
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1954 |
| CVE-2018-1109 |
A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1109 |
| CVE-2018-1107 |
It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause it to consume an excessive amount of CPU time when validated. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1107 |
| CVE-2017-5653 |
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2017-5653 |
| CVE-2021-27653 |
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27653 |
| CVE-2021-25160 |
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25160 |
| CVE-2021-25157 |
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25157 |
| CVE-2021-25156 |
A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.6 and below; Aruba Instant 8.7.x: 8.7.1.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25156 |
| CVE-2021-29663 |
CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever anyone visits the registration page. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29663 |
| CVE-2021-27969 |
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27969 |
| CVE-2020-27170 |
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. |
4.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27170 |
| CVE-2021-23002 |
When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
4.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23002 |
| CVE-2021-27363 |
An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27363 |
| CVE-2021-25370 |
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25370 |
| CVE-2021-25284 |
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25284 |
| CVE-2021-20077 |
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20077 |
| CVE-2021-1423 |
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1423 |
| CVE-2021-26072 |
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26072 |
| CVE-2021-23001 |
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23001 |
| CVE-2021-22177 |
Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22177 |
| CVE-2021-21636 |
A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21636 |
| CVE-2021-21631 |
Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21631 |
| CVE-2021-21189 |
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21189 |
| CVE-2021-21187 |
Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21187 |
| CVE-2021-21186 |
Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a crafted QR code. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21186 |
| CVE-2021-21185 |
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21185 |
| CVE-2021-21184 |
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21184 |
| CVE-2021-21183 |
Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21183 |
| CVE-2019-18252 |
BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2019-18252 |
| CVE-2019-18248 |
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2019-18248 |
| CVE-2019-18246 |
BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2019-18246 |
| CVE-2021-22890 |
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22890 |
| CVE-2020-8284 |
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-8284 |
| CVE-2021-26071 |
The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. |
3.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26071 |
| CVE-2014-3566 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. |
3.4 |
https://nvd.nist.gov/vuln/detail/CVE-2014-3566 |
| CVE-2021-27266 |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12293. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27266 |
| CVE-2021-27265 |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12292. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27265 |
| CVE-2021-27264 |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12291. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27264 |
| CVE-2021-27263 |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12290. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27263 |
| CVE-2021-27262 |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12270. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27262 |
| CVE-2021-20263 |
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20263 |
| CVE-2020-8908 |
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-8908 |
| CVE-2021-20677 |
UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command. |
3.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20677 |
| CVE-2021-21416 |
django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password). |
2.6 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21416 |
| CVE-2021-25755 |
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. |
2.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25755 |
| CVE-2021-3447 |
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3447 |
| CVE-2021-3393 |
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3393 |
| CVE-2021-3374 |
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3374 |
| CVE-2021-30164 |
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass the add_issue_notes permission requirement by leveraging the Issues API. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30164 |
| CVE-2021-30163 |
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30163 |
| CVE-2021-30162 |
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30162 |
| CVE-2021-30161 |
An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30161 |
| CVE-2021-30158 |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30158 |
| CVE-2021-30157 |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30157 |
| CVE-2021-30154 |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30154 |
| CVE-2021-30151 |
Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30151 |
| CVE-2021-30150 |
Composr 10.0.36 allows XSS in an XML script. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30150 |
| CVE-2021-30149 |
Composr 10.0.36 allows upload and execution of PHP files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30149 |
| CVE-2021-30146 |
Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30146 |
| CVE-2021-30144 |
The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30144 |
| CVE-2021-30140 |
LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30140 |
| CVE-2021-30130 |
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30130 |
| CVE-2021-30127 |
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30127 |
| CVE-2021-30126 |
Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30126 |
| CVE-2021-30125 |
Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30125 |
| CVE-2021-30109 |
Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30109 |
| CVE-2021-30074 |
docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30074 |
| CVE-2021-30072 |
An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30072 |
| CVE-2021-30058 |
Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30058 |
| CVE-2021-30057 |
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30057 |
| CVE-2021-30056 |
Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30056 |
| CVE-2021-30055 |
A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30055 |
| CVE-2021-30046 |
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30046 |
| CVE-2021-30045 |
SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30045 |
| CVE-2021-30004 |
In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30004 |
| CVE-2021-30003 |
An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30003 |
| CVE-2021-30000 |
An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30000 |
| CVE-2021-29996 |
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29996 |
| CVE-2021-29662 |
The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29662 |
| CVE-2021-29661 |
Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29661 |
| CVE-2021-29660 |
A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29660 |
| CVE-2021-29424 |
The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29424 |
| CVE-2021-29421 |
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29421 |
| CVE-2021-29349 |
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29349 |
| CVE-2021-29261 |
The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29261 |
| CVE-2021-29136 |
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29136 |
| CVE-2021-29083 |
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29083 |
| CVE-2021-29012 |
DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29012 |
| CVE-2021-29011 |
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-29011 |
| CVE-2021-28970 |
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28970 |
| CVE-2021-28969 |
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the software. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28969 |
| CVE-2021-28941 |
Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28941 |
| CVE-2021-28940 |
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28940 |
| CVE-2021-28874 |
SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerability in LibTextCode through opening a crafted file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28874 |
| CVE-2021-28832 |
VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28832 |
| CVE-2021-28688 |
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28688 |
| CVE-2021-28658 |
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28658 |
| CVE-2021-28545 |
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. An unauthenticated attacker could leverage this vulnerability to show arbitrary content in a certified PDF without invalidating the certification. Exploitation of this issue requires user interaction in that a victim must open the tampered file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28545 |
| CVE-2021-28209 |
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28209 |
| CVE-2021-28208 |
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28208 |
| CVE-2021-28207 |
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28207 |
| CVE-2021-28206 |
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28206 |
| CVE-2021-28205 |
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28205 |
| CVE-2021-28204 |
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28204 |
| CVE-2021-28203 |
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28203 |
| CVE-2021-28202 |
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28202 |
| CVE-2021-28201 |
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28201 |
| CVE-2021-28200 |
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28200 |
| CVE-2021-28199 |
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28199 |
| CVE-2021-28198 |
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28198 |
| CVE-2021-28197 |
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28197 |
| CVE-2021-28196 |
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28196 |
| CVE-2021-28195 |
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28195 |
| CVE-2021-28194 |
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28194 |
| CVE-2021-28193 |
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28193 |
| CVE-2021-28192 |
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28192 |
| CVE-2021-28191 |
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28191 |
| CVE-2021-28190 |
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28190 |
| CVE-2021-28189 |
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28189 |
| CVE-2021-28188 |
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28188 |
| CVE-2021-28187 |
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28187 |
| CVE-2021-28186 |
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28186 |
| CVE-2021-28185 |
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28185 |
| CVE-2021-28184 |
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28184 |
| CVE-2021-28183 |
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28183 |
| CVE-2021-28182 |
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28182 |
| CVE-2021-28181 |
The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28181 |
| CVE-2021-28180 |
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28180 |
| CVE-2021-28179 |
The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28179 |
| CVE-2021-28178 |
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28178 |
| CVE-2021-28177 |
The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28177 |
| CVE-2021-28176 |
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28176 |
| CVE-2021-28175 |
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28175 |
| CVE-2021-28173 |
The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28173 |
| CVE-2021-28172 |
There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28172 |
| CVE-2021-28171 |
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28171 |
| CVE-2021-28164 |
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28164 |
| CVE-2021-28163 |
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28163 |
| CVE-2021-28142 |
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete." |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28142 |
| CVE-2021-28124 |
A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. Missing server authentication in impacted versions can allow an attacker to Man-in-the-middle (MITM) support channel UI session to Cohesity DataPlatform cluster. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28124 |
| CVE-2021-28123 |
Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b. The ssh key can provide an attacker access to the linux system in the affected version. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28123 |
| CVE-2021-28113 |
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28113 |
| CVE-2021-28075 |
iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-28075 |
| CVE-2021-27973 |
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-27973 |
| CVE-2021-27900 |
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-27900 |
| CVE-2021-27899 |
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-27899 |
| CVE-2021-27698 |
RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-27698 |
| CVE-2021-27697 |
RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c through the gnrc_rpl_validation_options() function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-27697 |
| CVE-2021-27357 |
RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-27357 |
| CVE-2021-27343 |
SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information (context-dependent). The component is: /Userland/Libraries/LibCrypto/ASN1/DER.h Crypto::der_decode_sequence() function. The attack vector is: Parsing RSA Key ASN.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-27343 |
| CVE-2021-26943 |
The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-26943 |
| CVE-2021-26833 |
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-26833 |
| CVE-2021-26718 |
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-26718 |
| CVE-2021-25692 |
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-25692 |
| CVE-2021-24212 |
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24212 |
| CVE-2021-24211 |
The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24211 |
| CVE-2021-24210 |
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24210 |
| CVE-2021-24209 |
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24209 |
| CVE-2021-24208 |
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24208 |
| CVE-2021-24207 |
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24207 |
| CVE-2021-24206 |
In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24206 |
| CVE-2021-24205 |
In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_size’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24205 |
| CVE-2021-24204 |
In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘title_html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24204 |
| CVE-2021-24203 |
In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘text’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24203 |
| CVE-2021-24202 |
In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request with this parameter set to ‘script’ and combined with a ‘title’ parameter containing JavaScript, which will then be executed when the saved page is viewed or previewed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24202 |
| CVE-2021-24201 |
In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘save_builder’ request containing JavaScript in the ‘html_tag’ parameter, which is not filtered and is output without escaping. This JavaScript will then be executed when the saved page is viewed or previewed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24201 |
| CVE-2021-24196 |
The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is directly echoed without being sanitized |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24196 |
| CVE-2021-24187 |
The setting page of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin through 6.3 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before being output in an attribute. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24187 |
| CVE-2021-24186 |
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24186 |
| CVE-2021-24185 |
The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24185 |
| CVE-2021-24184 |
Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24184 |
| CVE-2021-24183 |
The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24183 |
| CVE-2021-24182 |
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24182 |
| CVE-2021-24181 |
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24181 |
| CVE-2021-24180 |
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24180 |
| CVE-2021-24177 |
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24177 |
| CVE-2021-24176 |
The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24176 |
| CVE-2021-24175 |
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24175 |
| CVE-2021-24174 |
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24174 |
| CVE-2021-24173 |
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24173 |
| CVE-2021-24172 |
The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current . |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24172 |
| CVE-2021-24171 |
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24171 |
| CVE-2021-24170 |
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24170 |
| CVE-2021-24169 |
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24169 |
| CVE-2021-24168 |
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24168 |
| CVE-2021-24167 |
When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24167 |
| CVE-2021-24166 |
The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24166 |
| CVE-2021-24165 |
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24165 |
| CVE-2021-24164 |
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24164 |
| CVE-2021-24163 |
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24163 |
| CVE-2021-24162 |
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to include malicious JavaScript, therefore allowing an attacker to inject payloads that could aid in further infection of the site. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24162 |
| CVE-2021-24161 |
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted site. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24161 |
| CVE-2021-24160 |
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24160 |
| CVE-2021-24159 |
Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24159 |
| CVE-2021-24158 |
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24158 |
| CVE-2021-24157 |
Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be malicious. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24157 |
| CVE-2021-24156 |
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24156 |
| CVE-2021-24155 |
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24155 |
| CVE-2021-24154 |
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24154 |
| CVE-2021-24153 |
A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several functions such as alert but bypasses were found. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24153 |
| CVE-2021-24152 |
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24152 |
| CVE-2021-24150 |
The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24150 |
| CVE-2021-24027 |
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24027 |
| CVE-2021-24026 |
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-24026 |
| CVE-2021-22865 |
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. The private repository metadata returned would be limited to repositories owned by the user the token identifies. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.4 and was fixed in versions 3.0.4, 2.22.10, 2.21.18. This vulnerability was reported via the GitHub Bug Bounty program. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22865 |
| CVE-2021-22696 |
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22696 |
| CVE-2021-22203 |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary files on the server. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22203 |
| CVE-2021-22202 |
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22202 |
| CVE-2021-22201 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22201 |
| CVE-2021-22200 |
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22200 |
| CVE-2021-22198 |
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22198 |
| CVE-2021-22197 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22197 |
| CVE-2021-22196 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22196 |
| CVE-2021-22195 |
Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22195 |
| CVE-2021-22158 |
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22158 |
| CVE-2021-22157 |
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-22157 |
| CVE-2021-21533 |
Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-21533 |
| CVE-2021-21532 |
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-21532 |
| CVE-2021-21529 |
Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to cause the system to run out of memory by running multiple instances of the vulnerable application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-21529 |
| CVE-2021-21423 |
`projen` is a project generation tool that synthesizes project configuration files such as `package.json`, `tsconfig.json`, `.gitignore`, GitHub Workflows, `eslint`, `jest`, and more, from a well-typed definition written in JavaScript. Users of projen's `NodeProject` project type (including any project type derived from it) include a `.github/workflows/rebuild-bot.yml` workflow that may allow any GitHub user to trigger execution of un-trusted code in the context of the "main" repository (as opposed to that of a fork). In some situations, such untrusted code may potentially be able to commit to the "main" repository. The rebuild-bot workflow is triggered by comments including `@projen rebuild` on pull-request to trigger a re-build of the projen project, and updating the pull request with the updated files. This workflow is triggered by an `issue_comment` event, and thus always executes with a `GITHUB_TOKEN` belonging to the repository into which the pull-request is made (this is in contrast with workflows triggered by `pull_request` events, which always execute with a `GITHUB_TOKEN` belonging to the repository from which the pull-request is made). Repositories that do not have branch protection configured on their default branch (typically `main` or `master`) could possibly allow an untrusted user to gain access to secrets configured on the repository (such as NPM tokens, etc). Branch protection prohibits this escalation, as the managed `GITHUB_TOKEN` would not be able to modify the contents of a protected branch and affected workflows must be defined on the default branch. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-21423 |
| CVE-2021-21413 |
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an environment where the implementer has exposed a Reference instance to an attacker they would be able to use it to acquire a Reference to the nodejs context's Function object. Similar application-specific attacks could be possible by modifying the local prototype of other API objects. Access to NativeModule objects could allow an attacker to load and run native code from anywhere on the filesystem. If combined with, for example, a file upload API this would allow for arbitrary code execution. This is addressed in v4.0.0 through a series of related changes. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-21413 |
| CVE-2021-21409 |
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-21409 |
| CVE-2021-21404 |
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-21404 |
| CVE-2021-21400 |
wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give focus to the input field. Input element focus is enforced programatically in version 2021-03-15-production.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-21400 |
| CVE-2021-20334 |
A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-20334 |
| CVE-2021-20308 |
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-20308 |
| CVE-2021-20307 |
Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-20307 |
| CVE-2021-20305 |
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-20305 |
| CVE-2021-1879 |
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1879 |
| CVE-2021-1871 |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1871 |
| CVE-2021-1870 |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1870 |
| CVE-2021-1844 |
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1844 |
| CVE-2021-1818 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1818 |
| CVE-2021-1806 |
A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1806 |
| CVE-2021-1805 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1805 |
| CVE-2021-1803 |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1803 |
| CVE-2021-1802 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1802 |
| CVE-2021-1801 |
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1801 |
| CVE-2021-1800 |
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1800 |
| CVE-2021-1799 |
A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1799 |
| CVE-2021-1797 |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1797 |
| CVE-2021-1796 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1796 |
| CVE-2021-1795 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1795 |
| CVE-2021-1794 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1794 |
| CVE-2021-1793 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1793 |
| CVE-2021-1792 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1792 |
| CVE-2021-1791 |
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1791 |
| CVE-2021-1790 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1790 |
| CVE-2021-1789 |
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1789 |
| CVE-2021-1788 |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1788 |
| CVE-2021-1787 |
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1787 |
| CVE-2021-1786 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1786 |
| CVE-2021-1785 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1785 |
| CVE-2021-1783 |
An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1783 |
| CVE-2021-1782 |
A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1782 |
| CVE-2021-1781 |
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1781 |
| CVE-2021-1780 |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker in a privileged position may be able to perform a denial of service attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1780 |
| CVE-2021-1779 |
A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1779 |
| CVE-2021-1778 |
An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1778 |
| CVE-2021-1777 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1777 |
| CVE-2021-1776 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1776 |
| CVE-2021-1775 |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1775 |
| CVE-2021-1774 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1774 |
| CVE-2021-1773 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1773 |
| CVE-2021-1772 |
A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1772 |
| CVE-2021-1771 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1771 |
| CVE-2021-1769 |
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1769 |
| CVE-2021-1768 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1768 |
| CVE-2021-1767 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1767 |
| CVE-2021-1766 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1766 |
| CVE-2021-1765 |
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1765 |
| CVE-2021-1764 |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1764 |
| CVE-2021-1763 |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1763 |
| CVE-2021-1761 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1761 |
| CVE-2021-1760 |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1760 |
| CVE-2021-1759 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1759 |
| CVE-2021-1758 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1758 |
| CVE-2021-1757 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1757 |
| CVE-2021-1756 |
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.4 and iPadOS 14.4. An attacker with physical access to a device may be able to see private contact information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1756 |
| CVE-2021-1755 |
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1755 |
| CVE-2021-1754 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1754 |
| CVE-2021-1753 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1753 |
| CVE-2021-1751 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1751 |
| CVE-2021-1750 |
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1750 |
| CVE-2021-1748 |
A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1748 |
| CVE-2021-1747 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1747 |
| CVE-2021-1746 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1746 |
| CVE-2021-1745 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1745 |
| CVE-2021-1744 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1744 |
| CVE-2021-1743 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1743 |
| CVE-2021-1742 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1742 |
| CVE-2021-1741 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1741 |
| CVE-2021-1738 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1738 |
| CVE-2021-1737 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1737 |
| CVE-2021-1736 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-1736 |
| CVE-2020-9995 |
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9995 |
| CVE-2020-9978 |
This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9978 |
| CVE-2020-9975 |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9975 |
| CVE-2020-9971 |
A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9971 |
| CVE-2020-9967 |
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9967 |
| CVE-2020-9962 |
A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9962 |
| CVE-2020-9960 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9960 |
| CVE-2020-9956 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9956 |
| CVE-2020-9955 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9955 |
| CVE-2020-9930 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. A local user may be able to cause unexpected system termination or read kernel memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9930 |
| CVE-2020-9926 |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-9926 |
| CVE-2020-4997 |
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914 |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-4997 |
| CVE-2020-4792 |
IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 189441. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-4792 |
| CVE-2020-36309 |
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-36309 |
| CVE-2020-36308 |
Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-36308 |
| CVE-2020-36307 |
Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-36307 |
| CVE-2020-36306 |
Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-36306 |
| CVE-2020-36285 |
Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-36285 |
| CVE-2020-36284 |
Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-36284 |
| CVE-2020-29639 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font may result in the disclosure of process memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29639 |
| CVE-2020-29633 |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29633 |
| CVE-2020-29625 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29625 |
| CVE-2020-29624 |
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29624 |
| CVE-2020-29623 |
"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29623 |
| CVE-2020-29621 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29621 |
| CVE-2020-29620 |
This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29620 |
| CVE-2020-29619 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29619 |
| CVE-2020-29618 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29618 |
| CVE-2020-29617 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29617 |
| CVE-2020-29616 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29616 |
| CVE-2020-29615 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29615 |
| CVE-2020-29614 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29614 |
| CVE-2020-29613 |
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPadOS 14.3. An enterprise application installation prompt may display the wrong domain. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29613 |
| CVE-2020-29612 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29612 |
| CVE-2020-29611 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29611 |
| CVE-2020-29610 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29610 |
| CVE-2020-29608 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-29608 |
| CVE-2020-27952 |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27952 |
| CVE-2020-27951 |
This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27951 |
| CVE-2020-27949 |
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27949 |
| CVE-2020-27948 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27948 |
| CVE-2020-27947 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27947 |
| CVE-2020-27946 |
An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27946 |
| CVE-2020-27945 |
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27945 |
| CVE-2020-27944 |
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27944 |
| CVE-2020-27943 |
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27943 |
| CVE-2020-27941 |
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27941 |
| CVE-2020-27939 |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27939 |
| CVE-2020-27938 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27938 |
| CVE-2020-27937 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to access private information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27937 |
| CVE-2020-27936 |
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A local user may be able to cause unexpected system termination or read kernel memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27936 |
| CVE-2020-27935 |
Multiple issues were addressed with improved logic. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A sandboxed process may be able to circumvent sandbox restrictions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27935 |
| CVE-2020-27933 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27933 |
| CVE-2020-27915 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27915 |
| CVE-2020-27914 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A malicious application may be able to execute arbitrary code with system privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27914 |
| CVE-2020-27908 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, watchOS 7.1, tvOS 14.2. Processing a maliciously crafted audio file may lead to arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27908 |
| CVE-2020-27907 |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27907 |
| CVE-2020-27901 |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27901 |
| CVE-2020-27899 |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27899 |
| CVE-2020-27897 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27897 |
| CVE-2020-27893 |
An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27893 |
| CVE-2020-27600 |
HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-27600 |
| CVE-2020-23533 |
Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-23533 |
| CVE-2020-21590 |
Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-21590 |
| CVE-2020-21588 |
Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-21588 |
| CVE-2020-21585 |
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-21585 |
| CVE-2020-19596 |
Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-19596 |
| CVE-2020-19595 |
Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-19595 |
| CVE-2020-17453 |
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-17453 |
| CVE-2020-13422 |
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-13422 |
| CVE-2020-13421 |
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-13421 |
| CVE-2020-13420 |
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-13420 |
| CVE-2020-13419 |
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-13419 |
| CVE-2020-13418 |
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-13418 |
| CVE-2020-11925 |
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of this model. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-11925 |
| CVE-2020-11924 |
An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-11924 |
| CVE-2020-11923 |
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-11923 |
| CVE-2020-11922 |
An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.) |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-11922 |
| CVE-2020-10015 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-10015 |
| CVE-2020-10008 |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-10008 |
| CVE-2020-10001 |
An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-10001 |
| CVE-2019-25026 |
Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25026 |
| CVE-2019-20466 |
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A local attacker with the "default" account is capable of reading the /etc/passwd file, which contains a weakly hashed root password. By taking this hash and cracking it, the attacker can obtain root rights on the device. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-20466 |
| CVE-2019-20465 |
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. It is possible (using TELNET without a password) to control the camera's pan/zoom/tilt functionality. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-20465 |
| CVE-2019-20464 |
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-20464 |
| CVE-2019-20463 |
An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-20463 |
| CVE-2015-7299 |
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2015-7299 |
| CVE-2015-5253 |
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." |
– |
https://nvd.nist.gov/vuln/detail/CVE-2015-5253 |
| CVE-2014-3677 |
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-3677 |
| CVE-2014-3623 |
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-3623 |
| CVE-2014-3584 |
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-3584 |
| CVE-2014-3577 |
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-3577 |
| CVE-2014-0110 |
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-0110 |
| CVE-2014-0109 |
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-0109 |
| CVE-2014-0035 |
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-0035 |
| CVE-2014-0034 |
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-0034 |
| CVE-2013-2160 |
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-2160 |
| CVE-2013-0239 |
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-0239 |
| CVE-2012-5633 |
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-5633 |
| CVE-2012-5575 |
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-5575 |
| CVE-2012-3451 |
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-3451 |
| CVE-2012-3268 |
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-3268 |
| CVE-2012-2379 |
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-2379 |
| CVE-2012-2378 |
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-2378 |
| CVE-2012-1255 |
SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-1255 |
| CVE-2012-1254 |
Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-1254 |
| CVE-2011-1096 |
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." |
– |
https://nvd.nist.gov/vuln/detail/CVE-2011-1096 |
| CVE-2010-2808 |
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2808 |
| CVE-2010-2807 |
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2807 |
| CVE-2010-2806 |
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2806 |
| CVE-2010-2805 |
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2805 |
| CVE-2010-2541 |
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2541 |
| CVE-2010-2527 |
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2527 |
| CVE-2010-2499 |
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2499 |
| CVE-2010-2498 |
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2498 |
| CVE-2010-2076 |
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2010-2076 |
| CVE-2009-0946 |
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2009-0946 |
| CVE-2007-2768 |
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2007-2768 |
| CVE-2007-2728 |
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2007-2728 |
| CVE-2007-2379 |
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." |
– |
https://nvd.nist.gov/vuln/detail/CVE-2007-2379 |
| CVE-2006-2661 |
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2006-2661 |
| CVE-2002-0184 |
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2002-0184 |