Vulnerability Summary for the Week of March 1, 2021

Original release date: March 8, 2021

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
accellion -- fta Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. 2021-03-02 7.5 CVE-2021-27730
MISC
apache -- tomcat The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. 2021-03-01 7.5 CVE-2021-25329
MLIST
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
bam_project -- bam An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. 2021-03-05 7.5 CVE-2021-28027
MISC
bittacora -- bpanel In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise. 2021-03-02 7.5 CVE-2020-28657
MISC
byte_struct_project -- byte_struct An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. 2021-03-05 7.5 CVE-2021-28033
MISC
doctor_appointment_system_project -- doctor_appointment_system SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. 2021-03-05 7.5 CVE-2021-27314
MISC
eprints -- eprints EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. 2021-03-01 7.5 CVE-2021-26703
CONFIRM
CONFIRM
MISC
eprints -- eprints EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. 2021-03-01 7.5 CVE-2021-26476
CONFIRM
MISC
fireblink -- object-collider Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. 2021-03-01 7.5 CVE-2021-25914
MISC
MISC
google -- android In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547. 2021-02-26 7.2 CVE-2021-0405
MISC
google -- android In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311. 2021-02-26 7.2 CVE-2021-0402
MISC
google -- android In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418. 2021-02-26 7.2 CVE-2021-0406
MISC
internment_project -- internment An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>. 2021-03-05 7.5 CVE-2021-28037
MISC
isida -- retriever LMA ISIDA Retriever 5.2 allows SQL Injection. 2021-02-26 7.5 CVE-2021-26904
MISC
MISC
jpeg -- jpeg_xl JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. 2021-03-02 7.5 CVE-2021-27804
MISC
FULLDISC
MISC
MISC
onlyoffice -- document_server An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server. 2021-03-01 7.8 CVE-2021-25829
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
qcubed -- qcubed A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. 2021-03-04 7.5 CVE-2020-24913
MISC
MISC
MISC
saltstack -- salt An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. 2021-02-27 7.5 CVE-2021-3148
MISC
FEDORA
FEDORA
CONFIRM
saltstack -- salt An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. 2021-02-27 7.5 CVE-2021-25283
MISC
FEDORA
FEDORA
CONFIRM
saltstack -- salt An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. 2021-02-27 7.5 CVE-2021-25281
MISC
FEDORA
FEDORA
CONFIRM
MISC
saltstack -- salt An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. 2021-02-27 7.5 CVE-2021-3197
MISC
FEDORA
FEDORA
CONFIRM
saltstack -- salt In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) 2021-02-27 7.5 CVE-2021-3144
MISC
FEDORA
FEDORA
CONFIRM
scratchpad_project -- scratchpad An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. 2021-03-05 7.5 CVE-2021-28031
MISC
scytl -- secure_vote An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. 2021-02-27 7.5 CVE-2019-25022
MISC
sercomm -- agcombo_vd625_firmware SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. 2021-02-27 7.5 CVE-2021-27132
MISC
MISC
stack_dst_project -- stack_dst An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic. 2021-03-05 7.5 CVE-2021-28034
MISC
stack_dst_project -- stack_dst An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. 2021-03-05 7.5 CVE-2021-28035
MISC
toodee_project -- toodee An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. 2021-03-05 7.5 CVE-2021-28028
MISC
totaljs -- total.js The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. 2021-03-04 7.5 CVE-2021-23344
MISC
MISC
visualware -- myconnection_server An issue was discovered in Visualware MyConnection Server through 11.0b build 5382. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. 2021-02-26 10 CVE-2021-27198
MISC
MISC
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
abb -- pm554_firmware The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. 2021-02-26 5 CVE-2020-24686
CONFIRM
accellion -- fta Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later. 2021-03-02 4.3 CVE-2021-27731
MISC
aiohttp_project -- aiohttp aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications. 2021-02-26 5.8 CVE-2021-21330
MISC
MISC
CONFIRM
FEDORA
MISC
DEBIAN
apache -- tomcat When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. 2021-03-01 5 CVE-2021-25122
MLIST
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
atlassian -- crowd The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. 2021-03-01 5 CVE-2020-36240
MISC
bestit -- amazon_pay best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor. 2021-02-26 6.4 CVE-2020-28199
MISC
MISC
courier_management_system_project -- courier_management_system Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. 2021-03-04 4 CVE-2020-35329
MISC
dataiku -- data_science_studio In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access. 2021-03-01 5.5 CVE-2021-27225
CONFIRM
MISC
eclipse -- jetty In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. 2021-02-26 5 CVE-2020-27223
CONFIRM
CONFIRM
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
eprints -- eprints EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. 2021-03-01 6.8 CVE-2021-3342
CONFIRM
CONFIRM
MISC
eprints -- eprints EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. 2021-03-01 4.3 CVE-2021-26475
CONFIRM
MISC
eprints -- eprints EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. 2021-03-01 4.3 CVE-2021-26702
CONFIRM
MISC
eprints -- eprints EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. 2021-03-01 6.5 CVE-2021-26704
CONFIRM
CONFIRM
MISC
google -- android In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085. 2021-02-26 6.9 CVE-2021-0367
MISC
google -- android In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265. 2021-02-26 6.9 CVE-2021-0401
MISC
google -- android In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093. 2021-02-26 6.9 CVE-2021-0366
MISC
isida -- retriever LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. 2021-02-26 4.3 CVE-2021-26903
MISC
MISC
joomla -- joomla\! An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret. 2021-03-04 5 CVE-2021-23126
MISC
joomla -- joomla\! An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager. 2021-03-04 5 CVE-2021-23131
MISC
joomla -- joomla\! An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads 2021-03-04 5 CVE-2021-23132
MISC
joomla -- joomla\! An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues. 2021-03-04 4.3 CVE-2021-23130
MISC
joomla -- joomla\! An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. 2021-03-04 4.3 CVE-2021-23129
MISC
joomla -- joomla\! An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat. 2021-03-04 6.4 CVE-2021-23128
MISC
joomla -- joomla\! An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes. 2021-03-04 6.4 CVE-2021-23127
MISC
kaspersky -- endpoint_security A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component. 2021-02-26 4.6 CVE-2020-26200
MISC
MISC
matrix -- synapse Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. 2021-02-26 4.3 CVE-2021-21274
MISC
MISC
MISC
CONFIRM
matrix -- synapse Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. 2021-02-26 5.8 CVE-2021-21273
MISC
MISC
MISC
CONFIRM
microfocus -- solutions_business_manager Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. 2021-02-26 5.2 CVE-2019-18943
MISC
microfocus -- solutions_business_manager Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. 2021-02-26 5.2 CVE-2019-18945
CONFIRM
mozilla -- firefox Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. 2021-02-26 6.8 CVE-2021-23979
MISC
MISC
mozilla -- firefox Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2021-02-26 6.8 CVE-2021-23954
MISC
MISC
MISC
MISC
mozilla -- firefox Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2021-02-26 6.8 CVE-2021-23960
MISC
MISC
MISC
MISC
mozilla -- firefox If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2021-02-26 4.3 CVE-2021-23953
MISC
MISC
MISC
MISC
mozilla -- firefox The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. 2021-02-26 4.3 CVE-2021-23955
MISC
MISC
mozilla -- firefox Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. 2021-02-26 6.8 CVE-2021-23962
MISC
MISC
mozilla -- firefox Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. 2021-02-26 6.8 CVE-2021-23964
MISC
MISC
MISC
MISC
mozilla -- firefox Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. 2021-02-26 6.8 CVE-2021-23965
MISC
MISC
mozilla -- firefox One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. 2021-02-26 6.8 CVE-2021-23972
MISC
MISC
mozilla -- firefox An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. 2021-02-26 4.3 CVE-2021-23956
MISC
MISC
mozilla -- firefox Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2021-02-26 6.8 CVE-2021-23978
MISC
MLIST
DEBIAN
MISC
MISC
MISC
mozilla -- firefox As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2021-02-26 4.3 CVE-2021-23969
MISC
MLIST
DEBIAN
MISC
MISC
MISC
mozilla -- firefox The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86. 2021-02-26 4.3 CVE-2021-23975
MISC
MISC
mozilla -- firefox The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. 2021-02-26 4.3 CVE-2021-23974
MISC
MISC
mozilla -- firefox If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2021-02-26 4.3 CVE-2021-23968
MISC
MLIST
DEBIAN
MISC
MISC
MISC
mozilla -- firefox The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. 2021-02-26 4.3 CVE-2021-23958
MISC
MISC
mozilla -- firefox An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. 2021-02-26 4.3 CVE-2021-23959
MISC
MISC
mozilla -- firefox When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. 2021-02-26 4.3 CVE-2021-23973
MISC
MLIST
DEBIAN
MISC
MISC
MISC
mozilla -- firefox When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. 2021-02-26 5.8 CVE-2021-23976
MISC
MISC
mozilla -- firefox When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. 2021-02-26 4.3 CVE-2021-23971
MISC
MISC
mozilla -- firefox Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. 2021-02-26 4.3 CVE-2021-23961
MISC
MISC
mozilla -- firefox When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. 2021-02-26 4.3 CVE-2021-23963
MISC
MISC
mozilla -- firefox Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. 2021-02-26 4.3 CVE-2021-23970
MISC
MISC
mozilla -- firefox Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. 2021-02-26 4.3 CVE-2021-23957
MISC
MISC
nodered -- node-red Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url. 2021-02-26 4 CVE-2021-21297
MISC
CONFIRM
MISC
MISC
onlyoffice -- document_server A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer. 2021-03-01 6.8 CVE-2021-25830
MISC
MISC
MISC
MISC
MISC
MISC
onlyoffice -- document_server A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer. 2021-03-01 6.8 CVE-2021-25831
MISC
MISC
MISC
MISC
MISC
MISC
onlyoffice -- document_server A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer. 2021-03-01 6.8 CVE-2021-25832
MISC
MISC
MISC
MISC
MISC
MISC
MISC
onlyoffice -- document_server A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code execution on DocumentServer. 2021-03-01 6.8 CVE-2021-25833
MISC
MISC
MISC
MISC
MISC
MISC
owncloud -- owncloud ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. 2021-02-26 4.4 CVE-2020-28646
MISC
MISC
prestashop -- prestashop PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2 2021-02-26 6.4 CVE-2021-21308
MISC
MISC
CONFIRM
prestashop -- prestashop PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2 2021-02-26 6.5 CVE-2021-21302
MISC
MISC
CONFIRM
prosoft-technology -- icx35-hwc-a_firmware Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior). 2021-02-26 5 CVE-2021-22661
MISC
quinn_project -- quinn An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. 2021-03-05 5 CVE-2021-28036
MISC
saltstack -- salt An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. 2021-02-27 4.6 CVE-2020-28243
MISC
FEDORA
FEDORA
CONFIRM
MISC
saltstack -- salt In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. 2021-02-27 4.3 CVE-2020-28972
FEDORA
FEDORA
CONFIRM
saltstack -- salt In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. 2021-02-27 5.8 CVE-2020-35662
FEDORA
FEDORA
CONFIRM
saltstack -- salt An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. 2021-02-27 6.4 CVE-2021-25282
MISC
FEDORA
FEDORA
CONFIRM
scytl -- secure_vote An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. 2021-02-27 5 CVE-2019-25020
MISC
scytl -- secure_vote An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. 2021-02-27 6.4 CVE-2019-25023
MISC
scytl -- secure_vote An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. 2021-02-27 5 CVE-2019-25021
MISC
synology -- diskstation_manager Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. 2021-02-26 4.3 CVE-2021-26560
CONFIRM
synology -- diskstation_manager Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. 2021-02-26 4.3 CVE-2021-26565
CONFIRM
synology -- diskstation_manager Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. 2021-02-26 4.3 CVE-2021-26564
CONFIRM
synology -- diskstation_manager Use of unmaintained third party components vulnerability in faad in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via a crafted file path. 2021-02-26 6.5 CVE-2021-26567
CONFIRM
synology -- diskstation_manager Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. 2021-02-26 6.8 CVE-2021-26561
CONFIRM
synology -- diskstation_manager Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. 2021-02-26 6.8 CVE-2021-26562
CONFIRM
synology -- diskstation_manager Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. 2021-02-26 6.8 CVE-2021-26566
CONFIRM
toodee_project -- toodee An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. 2021-03-05 5 CVE-2021-28029
MISC
tpm2_software_stack_project -- tpm2_software_stack Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. 2021-02-26 4.6 CVE-2020-24455
CONFIRM
CONFIRM
CONFIRM
truetype_project -- truetype An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. 2021-03-05 5 CVE-2021-28030
MISC
vapor_project -- vapor Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters. 2021-02-26 5 CVE-2021-21328
MISC
MISC
CONFIRM
MISC
w1.fi -- wpa_supplicant A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. 2021-02-26 5.4 CVE-2021-27803
MLIST
MLIST
FEDORA
MISC
MISC
MISC
xerox -- altalink_b8045_firmware Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. 2021-03-04 4 CVE-2019-18628
MISC
CONFIRM
zenphoto -- zenphoto ** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site." 2021-02-26 6.5 CVE-2020-36079
MISC
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
courier_management_system_project -- courier_management_system Courier Management System 1.0 - 'First Name' Stored XSS 2021-03-04 3.5 CVE-2020-35328
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request. 2021-03-03 3.5 CVE-2021-22182
CONFIRM
MISC
MISC
gnu -- glibc The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. 2021-02-26 2.1 CVE-2020-27618
MISC
MISC
google -- android In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039. 2021-02-26 2.1 CVE-2021-0404
MISC
google -- android In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124. 2021-02-26 2.1 CVE-2021-0403
MISC
i-doit -- i-doit i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS. 2021-02-27 3.5 CVE-2021-3151
MISC
MISC
ibm -- doors_next IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459. 2021-03-04 3.5 CVE-2020-4856
XF
CONFIRM
ibm -- doors_next IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460. 2021-03-04 3.5 CVE-2020-4857
XF
CONFIRM
ibm -- doors_next IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566. 2021-03-04 3.5 CVE-2020-4863
XF
CONFIRM
ibm -- doors_next IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742. 2021-03-04 3.5 CVE-2020-4866
XF
CONFIRM
ibm -- doors_next IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451. 2021-03-04 3.5 CVE-2021-20340
XF
CONFIRM
ibm -- doors_next IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707. 2021-03-04 3.5 CVE-2021-20350
XF
CONFIRM
ibm -- doors_next IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708. 2021-03-04 3.5 CVE-2021-20351
XF
CONFIRM
microfocus -- solutions_business_manager Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. 2021-02-26 3.8 CVE-2019-18946
CONFIRM
microfocus -- solutions_business_manager Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. 2021-02-26 2.7 CVE-2019-18947
CONFIRM
microfocus -- solutions_business_manager Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. 2021-02-26 2.3 CVE-2019-18944
CONFIRM
microfocus -- solutions_business_manager Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. 2021-02-26 2.3 CVE-2019-18942
CONFIRM
mozilla -- firefox Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. 2021-02-26 2.6 CVE-2021-23977
MISC
MISC
opentext -- content_server There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. 2021-02-26 3.5 CVE-2021-3010
MISC
MISC
saltstack -- salt An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. 2021-02-27 1.9 CVE-2021-25284
MISC
FEDORA
FEDORA
CONFIRM
samsung -- internet Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. 2021-03-04 2.1 CVE-2021-25348
MISC
CONFIRM
samsung -- s_assistant Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. 2021-03-04 2.1 CVE-2021-25341
MISC
CONFIRM
synology -- diskstation_manager Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module. 2021-02-26 2.1 CVE-2021-26563
CONFIRM
zte -- zxr10_8900e_firmware A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1. 2021-02-26 2.1 CVE-2021-21724
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
activerecord-session_store -- activerecord-session_store
 
The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782. 2021-03-05 not yet calculated CVE-2019-25025
MISC
adguard -- adguard
 
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. 2021-03-03 not yet calculated CVE-2021-27935
MISC
advantech -- webaccess/scada
 
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. 2021-03-03 not yet calculated CVE-2020-13554
MISC
afterlogic -- aurora
 
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x. 2021-03-04 not yet calculated CVE-2021-26293
CONFIRM
ansi -- ansi
 
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0. 2021-03-05 not yet calculated CVE-2021-3377
MISC
MISC
anuko -- time_tracker
 
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator. This vulnerability is pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing). 2021-03-03 not yet calculated CVE-2021-21352
MISC
CONFIRM
MISC
apache -- ambari_views
 
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4. 2021-03-02 not yet calculated CVE-2020-1936
MLIST
CONFIRM
apache -- asterixdb
 
When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB 2021-03-01 not yet calculated CVE-2020-9479
MLIST
MISC
apache -- superset
 
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code. 2021-03-05 not yet calculated CVE-2021-27907
MISC
MLIST
argopro -- argopro
 
The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. 2021-03-03 not yet calculated CVE-2021-23347
CONFIRM
CONFIRM
aruba -- airwave_management_platform A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. 2021-03-05 not yet calculated CVE-2021-26969
MISC
aruba -- airwave_management_platform A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2021-03-05 not yet calculated CVE-2021-26968
MISC
aruba -- airwave_management_platform A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. 2021-03-05 not yet calculated CVE-2021-26967
MISC
aruba -- airwave_management_platform A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. 2021-03-05 not yet calculated CVE-2021-26966
MISC
aruba -- airwave_management_platform A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. 2021-03-05 not yet calculated CVE-2021-26965
MISC
aruba -- airwave_management_platform A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. 2021-03-05 not yet calculated CVE-2021-26963
MISC
aruba -- airwave_management_platform A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. 2021-03-05 not yet calculated CVE-2021-26970
MISC
aruba -- airwave_management_platform A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. 2021-03-05 not yet calculated CVE-2021-26971
MISC
aruba -- airwave_management_platform
 
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. 2021-03-05 not yet calculated CVE-2021-26964
MISC
aruba -- airwave_management_platform
 
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. 2021-03-05 not yet calculated CVE-2021-26960
MISC
aruba -- airwave_management_platform
 
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. 2021-03-05 not yet calculated CVE-2021-26961
MISC
aruba -- airwave_management_platform
 
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. 2021-03-05 not yet calculated CVE-2021-26962
MISC
bitnami -- containers
 
In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application. 2021-03-03 not yet calculated CVE-2021-21979
MISC
blackboard -- collaborate_ultra
 
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. 2021-03-02 not yet calculated CVE-2020-25902
MISC
MISC
cgal -- libcal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability. 2021-03-04 not yet calculated CVE-2020-35636
MISC
cgal -- libcal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. 2021-03-04 not yet calculated CVE-2020-35628
MISC
cgal -- libcgal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability. 2021-03-04 not yet calculated CVE-2020-28636
MISC
cgal -- libcgal
 
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. 2021-03-04 not yet calculated CVE-2020-28601
MISC
clustered_data -- ontap
 
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs. 2021-03-04 not yet calculated CVE-2021-26988
MISC
clustered_data -- ontap
 
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access. 2021-03-04 not yet calculated CVE-2021-26989
MISC
courier -- management_system
 
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php 2021-03-04 not yet calculated CVE-2020-35327
MISC
datadog -- datadog
 
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. The method `prepareDownloadFilecreates` creates a temporary file with the permissions bits of `-rw-r--r--` on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded via the `downloadFileFromResponse` method will be visible to all other users on the local system. Analysis of the finding determined that the affected code was unused, meaning that the exploitation likelihood is low. The unused code has been removed, effectively mitigating this issue. This issue has been patched in version 1.0.0-beta.9. As a workaround one may specify `java.io.tmpdir` when starting the JVM with the flag `-Djava.io.tmpdir`, specifying a path to a directory with `drw-------` permissions owned by `dd-agent`. 2021-03-03 not yet calculated CVE-2021-21331
CONFIRM
CONFIRM
dell -- emc_openmanage_server_administrator
 
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. 2021-03-02 not yet calculated CVE-2021-21513
CONFIRM
dell -- emc_openmanage_server_administrator
 
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. 2021-03-02 not yet calculated CVE-2021-21514
CONFIRM
dell -- emc_sourceone
 
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. 2021-03-01 not yet calculated CVE-2021-21515
MISC
deutsche -- post_mailoptimizer
 
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. 2021-03-05 not yet calculated CVE-2021-28042
MISC
MISC
docker -- dashboard
 
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product. 2021-03-02 not yet calculated CVE-2021-27886
MISC
MISC
MISC
doctor_appointment_system -- doctor_appointment_system Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter. 2021-03-01 not yet calculated CVE-2021-27318
MISC
MISC
doctor_appointment_system -- doctor_appointment_system
 
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. 2021-03-01 not yet calculated CVE-2021-27317
MISC
MISC
e107 -- e107
 
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. 2021-03-02 not yet calculated CVE-2021-27885
MISC
MISC
MISC
epignosis -- efontpro
 
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice. 2021-03-03 not yet calculated CVE-2020-28597
MISC
fastify-reply-form -- fastify-reply-form fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1. 2021-03-02 not yet calculated CVE-2021-21322
MISC
CONFIRM
MISC
fastify-reply-form -- fastify-reply-form
 
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2. 2021-03-02 not yet calculated CVE-2021-21321
MISC
CONFIRM
MISC
fatek -- fvdesigner

 
An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. 2021-03-03 not yet calculated CVE-2021-22670
MISC
fatek -- fvdesigner
 
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. 2021-03-03 not yet calculated CVE-2021-22683
MISC
fatek -- fvdesigner
 
A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. 2021-03-03 not yet calculated CVE-2021-22662
MISC
fatek -- fvdesigner
 
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. 2021-03-03 not yet calculated CVE-2021-22638
MISC
fatek -- fvdesigner
 
Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution. 2021-03-03 not yet calculated CVE-2021-22666
MISC
fork -- forkcms PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. 2021-03-04 not yet calculated CVE-2020-24036
MISC
MISC
MISC
fortinet -- fortigate
 
When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. 2021-03-04 not yet calculated CVE-2020-15938
CONFIRM
fortinet -- fortigate
 
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard. 2021-03-03 not yet calculated CVE-2020-15937
CONFIRM
fortinet -- fortiproxy
 
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. 2021-03-04 not yet calculated CVE-2021-22128
CONFIRM
fs-path -- fs-path fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods. 2021-03-04 not yet calculated CVE-2020-8298
MISC
MISC
MISC
gigaset -- dx600a_devices The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks. 2021-03-02 not yet calculated CVE-2021-25309
MISC
gigaset -- dx600a_devices
 
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands. 2021-03-02 not yet calculated CVE-2021-25306
MISC
github -- enterprise_server
 
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program. 2021-03-03 not yet calculated CVE-2020-10519
MISC
MISC
MISC
github -- github

 
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program. 2021-03-03 not yet calculated CVE-2021-22862
MISC
github -- github

 
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. 2021-03-03 not yet calculated CVE-2021-22863
MISC
MISC
MISC
MISC
github -- github
 
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. 2021-03-03 not yet calculated CVE-2021-22861
MISC
MISC
MISC
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. 2021-03-03 not yet calculated CVE-2021-22188
CONFIRM
MISC
MISC
gitlab -- gitlab
 
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. 2021-03-04 not yet calculated CVE-2021-22189
CONFIRM
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. 2021-03-04 not yet calculated CVE-2021-22183
CONFIRM
MISC
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 12.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. 2021-03-02 not yet calculated CVE-2021-22187
CONFIRM
MISC
glpi -- glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4. 2021-03-02 not yet calculated CVE-2021-21258
MISC
CONFIRM
glpi -- glpi
 
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: "Web Link" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: " accesskey="x" onclick="alert(1)" x=", the content will be saved within the database without any control. And then once you return to the summary documents page, by clicking on the "Web Link" of the newly created file it will create a new empty tab, but on the initial tab the pop-up "1" will appear. 2021-03-03 not yet calculated CVE-2021-21312
MISC
CONFIRM
glpi -- glpi
 
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads (due to two different exploitations depending on which parameter you act) to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript:alert(document.cookie)&_itemtype=DisplayPreference&_glpi_tab=DisplayPreference$2&id=258&displaytype=Ticket (Payload triggered if you click on the button). /ajax/common.tabs.php?_target=/front/ticket.form.php&_itemtype=Ticket&_glpi_tab=Ticket$1&id=(){};(function%20(){alert(document.cookie);})();function%20a&#. 2021-03-03 not yet calculated CVE-2021-21313
MISC
CONFIRM
glpi -- glpi
 
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket. 2021-03-03 not yet calculated CVE-2021-21314
MISC
CONFIRM
glpi -- glpi
 
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4. 2021-03-02 not yet calculated CVE-2021-21255
MISC
CONFIRM
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-03 not yet calculated CVE-2021-20233
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-03 not yet calculated CVE-2021-20225
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-03 not yet calculated CVE-2020-25632
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-03 not yet calculated CVE-2020-25647
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-03 not yet calculated CVE-2020-27749
MISC
grub2 -- grub2
 
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2021-03-03 not yet calculated CVE-2020-27779
MISC
gunua -- genugate
 
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user. 2021-03-03 not yet calculated CVE-2021-27215
MISC
MISC
MISC
harmonyos -- harmonyos
 
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. 2021-03-02 not yet calculated CVE-2021-22294
MISC
harmonyos -- harmonyos
 
A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. 2021-03-02 not yet calculated CVE-2021-22296
MISC
MISC
MISC
html-parse-stringify -- html-parse-stringify
 
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process. 2021-03-04 not yet calculated CVE-2021-23346
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm -- cloud_apm
 
IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974. 2021-03-02 not yet calculated CVE-2020-4725
XF
CONFIRM
ibm -- cloud_apm
 
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861. 2021-03-02 not yet calculated CVE-2020-4719
XF
CONFIRM
ibm -- cloud_apm
 
The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. 2021-03-02 not yet calculated CVE-2020-4726
XF
CONFIRM
ibm -- multiple_products
 
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435. 2021-03-04 not yet calculated CVE-2020-4975
XF
CONFIRM
ibm -- security_verify_bridge
 
IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617. 2021-03-03 not yet calculated CVE-2021-20441
XF
CONFIRM
ibm -- security_verify_bridge
 
IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618. 2021-03-03 not yet calculated CVE-2021-20442
XF
CONFIRM
identitymodel -- identitymodel
 
An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. 2021-03-05 not yet calculated CVE-2020-36255
MISC
MISC
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. 2021-03-04 not yet calculated CVE-2021-26029
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path. 2021-03-04 not yet calculated CVE-2021-26028
MISC
joomla! -- joomla!
 
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article. 2021-03-04 not yet calculated CVE-2021-26027
MISC
kentico -- the_blog
 
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. 2021-03-05 not yet calculated CVE-2021-27581
MISC
MISC
lg -- mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021). 2021-03-02 not yet calculated CVE-2021-27901
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. 2021-03-05 not yet calculated CVE-2021-28039
MLIST
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. 2021-03-05 not yet calculated CVE-2021-28038
MLIST
MISC
linux -- linux_kernel
 
A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. 2021-03-04 not yet calculated CVE-2020-25639
MISC
lumisxp -- lumisxp
 
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. 2021-03-03 not yet calculated CVE-2021-27931
MISC
markdown -- markdown
 
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. 2021-03-03 not yet calculated CVE-2021-26813
MISC
matrix-react-sdk -- matrix-react-sdk
 
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0. 2021-03-02 not yet calculated CVE-2021-21320
MISC
MISC
CONFIRM
MISC
microsoft -- exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078. 2021-03-03 not yet calculated CVE-2021-26858
MISC
microsoft -- exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065. 2021-03-03 not yet calculated CVE-2021-27078
MISC
microsoft -- exchange_server Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. 2021-03-03 not yet calculated CVE-2021-26857
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078. 2021-03-03 not yet calculated CVE-2021-27065
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. 2021-03-03 not yet calculated CVE-2021-26412
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. 2021-03-03 not yet calculated CVE-2021-26854
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. 2021-03-03 not yet calculated CVE-2021-26855
MISC
misp -- misp
 
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. 2021-03-02 not yet calculated CVE-2021-27904
MISC
mobilewips -- mobilewips
 
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. 2021-03-02 not yet calculated CVE-2021-25330
MISC
mongodb -- mongodb_server
 
A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11. 2021-03-01 not yet calculated CVE-2018-25004
MISC
mongodb -- mongodb_server
 
A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. 2021-03-01 not yet calculated CVE-2020-7929
CONFIRM
movable -- multiple_products Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-03-05 not yet calculated CVE-2021-20665
MISC
MISC
movable -- multiple_products
 
Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-03-05 not yet calculated CVE-2021-20663
MISC
MISC
movable -- multiple_products
 
Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-03-05 not yet calculated CVE-2021-20664
MISC
MISC
msi -- dragon_center
 
The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request. 2021-03-05 not yet calculated CVE-2021-27965
MISC
MISC
mymvconnect24 -- mymvconnect24
 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter. 2021-03-02 not yet calculated CVE-2020-12530
CONFIRM
mymvconnect24 -- mymvconnect24
 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports. 2021-03-02 not yet calculated CVE-2020-12529
CONFIRM
mymvconnect24 -- mymvconnect24
 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to. 2021-03-02 not yet calculated CVE-2020-12528
CONFIRM
mymvconnect24 -- mymvconnect24
 
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to. 2021-03-02 not yet calculated CVE-2020-12527
CONFIRM
netgear -- r7800_devices

 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. 2021-03-05 not yet calculated CVE-2021-27256
N/A
N/A
netgear -- r7800_devices

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. 2021-03-05 not yet calculated CVE-2021-27255
N/A
N/A
netgear -- r7800_devices
 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. 2021-03-05 not yet calculated CVE-2021-27254
N/A
N/A
netgear -- r7800_devices
 
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362. 2021-03-05 not yet calculated CVE-2021-27257
N/A
N/A
newlib -- newlib
 
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow. 2021-03-05 not yet calculated CVE-2021-3420
MISC
nextcloud -- nexcloud_server
 
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. 2021-03-03 not yet calculated CVE-2021-22878
MISC
MISC
MISC
nextcloud -- nexcloud_server
 
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. 2021-03-03 not yet calculated CVE-2021-22877
MISC
MISC
MISC
MISC
nextcloud -- nextcloud_server
 
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. 2021-03-03 not yet calculated CVE-2020-8296
MISC
MISC
MISC
MISC
node.js -- node.js
 
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. 2021-03-03 not yet calculated CVE-2021-22884
MISC
MISC
MISC
node.js -- node.js
 
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. 2021-03-03 not yet calculated CVE-2021-22883
MISC
MISC
online_invoicing_system -- online_invoicing_system
 
A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. 2021-03-03 not yet calculated CVE-2021-27839
MISC
MISC
openark -- orchestrator
 
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter. 2021-03-03 not yet calculated CVE-2021-27940
MISC
MISC
MISC
openssh -- openssh
 
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. 2021-03-05 not yet calculated CVE-2021-28041