Vulnerability Summary for the Week of March 1, 2021
Released
Mar 08, 2021
Document ID
SB21-067
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accellion -- fta | Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. | 2021-03-02 | 7.5 | CVE-2021-27730 MISC |
| apache -- tomcat | The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. | 2021-03-01 | 7.5 | CVE-2021-25329 MLIST MLIST CONFIRM MLIST MLIST MLIST MLIST |
| bam_project -- bam | An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. | 2021-03-05 | 7.5 | CVE-2021-28027 MISC |
| bittacora -- bpanel | In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise. | 2021-03-02 | 7.5 | CVE-2020-28657 MISC |
| byte_struct_project -- byte_struct | An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. | 2021-03-05 | 7.5 | CVE-2021-28033 MISC |
| doctor_appointment_system_project -- doctor_appointment_system | SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. | 2021-03-05 | 7.5 | CVE-2021-27314 MISC |
| eprints -- eprints | EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. | 2021-03-01 | 7.5 | CVE-2021-26703 CONFIRM CONFIRM MISC |
| eprints -- eprints | EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. | 2021-03-01 | 7.5 | CVE-2021-26476 CONFIRM MISC |
| fireblink -- object-collider | Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution. | 2021-03-01 | 7.5 | CVE-2021-25914 MISC MISC |
| google -- android | In performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05466547. | 2021-02-26 | 7.2 | CVE-2021-0405 MISC |
| google -- android | In jpeg, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05433311. | 2021-02-26 | 7.2 | CVE-2021-0402 MISC |
| google -- android | In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418. | 2021-02-26 | 7.2 | CVE-2021-0406 MISC |
| internment_project -- internment | An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern<T>. | 2021-03-05 | 7.5 | CVE-2021-28037 MISC |
| isida -- retriever | LMA ISIDA Retriever 5.2 allows SQL Injection. | 2021-02-26 | 7.5 | CVE-2021-26904 MISC MISC |
| jpeg -- jpeg_xl | JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. | 2021-03-02 | 7.5 | CVE-2021-27804 MISC FULLDISC MISC MISC |
| onlyoffice -- document_server | An improper binary stream data handling issue was found in the [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can eventually shut down the target server. | 2021-03-01 | 7.8 | CVE-2021-25829 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| qcubed -- qcubed | A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. | 2021-03-04 | 7.5 | CVE-2020-24913 MISC MISC MISC |
| saltstack -- salt | An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. | 2021-02-27 | 7.5 | CVE-2021-3148 MISC FEDORA FEDORA CONFIRM |
| saltstack -- salt | An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. | 2021-02-27 | 7.5 | CVE-2021-25283 MISC FEDORA FEDORA CONFIRM |
| saltstack -- salt | An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. | 2021-02-27 | 7.5 | CVE-2021-25281 MISC FEDORA FEDORA CONFIRM MISC |
| saltstack -- salt | An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. | 2021-02-27 | 7.5 | CVE-2021-3197 MISC FEDORA FEDORA CONFIRM |
| saltstack -- salt | In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) | 2021-02-27 | 7.5 | CVE-2021-3144 MISC FEDORA FEDORA CONFIRM |
| scratchpad_project -- scratchpad | An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. | 2021-03-05 | 7.5 | CVE-2021-28031 MISC |
| scytl -- secure_vote | An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. | 2021-02-27 | 7.5 | CVE-2019-25022 MISC |
| sercomm -- agcombo_vd625_firmware | SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. | 2021-02-27 | 7.5 | CVE-2021-27132 MISC MISC |
| stack_dst_project -- stack_dst | An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic. | 2021-03-05 | 7.5 | CVE-2021-28034 MISC |
| stack_dst_project -- stack_dst | An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. | 2021-03-05 | 7.5 | CVE-2021-28035 MISC |
| toodee_project -- toodee | An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. | 2021-03-05 | 7.5 | CVE-2021-28028 MISC |
| totaljs -- total.js | The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. | 2021-03-04 | 7.5 | CVE-2021-23344 MISC MISC |
| visualware -- myconnection_server | An issue was discovered in Visualware MyConnection Server through 11.0b build 5382. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. | 2021-02-26 | 10 | CVE-2021-27198 MISC MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb -- pm554_firmware | The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. | 2021-02-26 | 5 | CVE-2020-24686 CONFIRM |
| accellion -- fta | Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later. | 2021-03-02 | 4.3 | CVE-2021-27731 MISC |
| aiohttp_project -- aiohttp | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middlewares.normalize_path_middleware` middleware. This security problem has been fixed in 3.7.4. Upgrade your dependency using pip as follows "pip install aiohttp >= 3.7.4". If upgrading is not an option for you, a workaround can be to avoid using `aiohttp.web_middlewares.normalize_path_middleware` in your applications. | 2021-02-26 | 5.8 | CVE-2021-21330 MISC MISC CONFIRM FEDORA MISC DEBIAN |
| apache -- tomcat | When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. | 2021-03-01 | 5 | CVE-2021-25122 MLIST CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
| atlassian -- crowd | The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | 2021-03-01 | 5 | CVE-2020-36240 MISC |
| bestit -- amazon_pay | best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor. | 2021-02-26 | 6.4 | CVE-2020-28199 MISC MISC |
| courier_management_system_project -- courier_management_system | Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. | 2021-03-04 | 4 | CVE-2020-35329 MISC |
| dataiku -- data_science_studio | In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access. | 2021-03-01 | 5.5 | CVE-2021-27225 CONFIRM MISC |
| eclipse -- jetty | In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | 2021-02-26 | 5 | CVE-2020-27223 CONFIRM CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MISC MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MISC MLIST MLIST MLIST |
| eprints -- eprints | EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. | 2021-03-01 | 6.8 | CVE-2021-3342 CONFIRM CONFIRM MISC |
| eprints -- eprints | EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. | 2021-03-01 | 4.3 | CVE-2021-26475 CONFIRM MISC |
| eprints -- eprints | EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. | 2021-03-01 | 4.3 | CVE-2021-26702 CONFIRM MISC |
| eprints -- eprints | EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. | 2021-03-01 | 6.5 | CVE-2021-26704 CONFIRM CONFIRM MISC |
| google -- android | In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379085. | 2021-02-26 | 6.9 | CVE-2021-0367 MISC |
| google -- android | In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265. | 2021-02-26 | 6.9 | CVE-2021-0401 MISC |
| google -- android | In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALPS05379093. | 2021-02-26 | 6.9 | CVE-2021-0366 MISC |
| isida -- retriever | LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. | 2021-02-26 | 4.3 | CVE-2021-26903 MISC MISC |
| joomla -- joomla\! | An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret. | 2021-03-04 | 5 | CVE-2021-23126 MISC |
| joomla -- joomla\! | An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager. | 2021-03-04 | 5 | CVE-2021-23131 MISC |
| joomla -- joomla\! | An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads | 2021-03-04 | 5 | CVE-2021-23132 MISC |
| joomla -- joomla\! | An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues. | 2021-03-04 | 4.3 | CVE-2021-23130 MISC |
| joomla -- joomla\! | An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. | 2021-03-04 | 4.3 | CVE-2021-23129 MISC |
| joomla -- joomla\! | An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat. | 2021-03-04 | 6.4 | CVE-2021-23128 MISC |
| joomla -- joomla\! | An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes. | 2021-03-04 | 6.4 | CVE-2021-23127 MISC |
| kaspersky -- endpoint_security | A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component. | 2021-02-26 | 4.6 | CVE-2020-26200 MISC MISC |
| matrix -- synapse | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation. | 2021-02-26 | 4.3 | CVE-2021-21274 MISC MISC MISC CONFIRM |
| matrix -- synapse | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. | 2021-02-26 | 5.8 | CVE-2021-21273 MISC MISC MISC CONFIRM |
| microfocus -- solutions_business_manager | Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | 2021-02-26 | 5.2 | CVE-2019-18943 MISC |
| microfocus -- solutions_business_manager | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | 2021-02-26 | 5.2 | CVE-2019-18945 CONFIRM |
| mozilla -- firefox | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86. | 2021-02-26 | 6.8 | CVE-2021-23979 MISC MISC |
| mozilla -- firefox | Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | 2021-02-26 | 6.8 | CVE-2021-23954 MISC MISC MISC MISC |
| mozilla -- firefox | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | 2021-02-26 | 6.8 | CVE-2021-23960 MISC MISC MISC MISC |
| mozilla -- firefox | If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | 2021-02-26 | 4.3 | CVE-2021-23953 MISC MISC MISC MISC |
| mozilla -- firefox | The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. | 2021-02-26 | 4.3 | CVE-2021-23955 MISC MISC |
| mozilla -- firefox | Incorrect use of the '<RowCountChanged>' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox < 85. | 2021-02-26 | 6.8 | CVE-2021-23962 MISC MISC |
| mozilla -- firefox | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | 2021-02-26 | 6.8 | CVE-2021-23964 MISC MISC MISC MISC |
| mozilla -- firefox | Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85. | 2021-02-26 | 6.8 | CVE-2021-23965 MISC MISC |
| mozilla -- firefox | One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. | 2021-02-26 | 6.8 | CVE-2021-23972 MISC MISC |
| mozilla -- firefox | An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox < 85. | 2021-02-26 | 4.3 | CVE-2021-23956 MISC MISC |
| mozilla -- firefox | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | 2021-02-26 | 6.8 | CVE-2021-23978 MISC MLIST DEBIAN MISC MISC MISC |
| mozilla -- firefox | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage." Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | 2021-02-26 | 4.3 | CVE-2021-23969 MISC MLIST DEBIAN MISC MISC MISC |
| mozilla -- firefox | The developer page about:memory has a Measure function for exploring what object types the browser has allocated and their sizes. When this function was invoked we incorrectly called the sizeof function, instead of using the API method that checks for invalid pointers. This vulnerability affects Firefox < 86. | 2021-02-26 | 4.3 | CVE-2021-23975 MISC MISC |
| mozilla -- firefox | The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | 2021-02-26 | 4.3 | CVE-2021-23974 MISC MISC |
| mozilla -- firefox | If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | 2021-02-26 | 4.3 | CVE-2021-23968 MISC MLIST DEBIAN MISC MISC MISC |
| mozilla -- firefox | The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85. | 2021-02-26 | 4.3 | CVE-2021-23958 MISC MISC |
| mozilla -- firefox | An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | 2021-02-26 | 4.3 | CVE-2021-23959 MISC MISC |
| mozilla -- firefox | When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8. | 2021-02-26 | 4.3 | CVE-2021-23973 MISC MLIST DEBIAN MISC MISC MISC |
| mozilla -- firefox | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. Note: This issue is a different issue from CVE-2020-26954 and only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. | 2021-02-26 | 5.8 | CVE-2021-23976 MISC MISC |
| mozilla -- firefox | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redirect's Referrer-Policy. This would have potentially resulted in more information than intended by the original origin being provided to the destination of the redirect. This vulnerability affects Firefox < 86. | 2021-02-26 | 4.3 | CVE-2021-23971 MISC MISC |
| mozilla -- firefox | Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85. | 2021-02-26 | 4.3 | CVE-2021-23961 MISC MISC |
| mozilla -- firefox | When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. | 2021-02-26 | 4.3 | CVE-2021-23963 MISC MISC |
| mozilla -- firefox | Context-specific code was included in a shared jump table; resulting in assertions being triggered in multithreaded wasm code. This vulnerability affects Firefox < 86. | 2021-02-26 | 4.3 | CVE-2021-23970 MISC MISC |
| mozilla -- firefox | Navigations through the Android-specific `intent` URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | 2021-02-26 | 4.3 | CVE-2021-23957 MISC MISC |
| nodered -- node-red | Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default behaviour of the Node-RED runtime. The vulnerability is patched in the 1.2.8 release. A workaround is to ensure only authorized users are able to access the editor url. | 2021-02-26 | 4 | CVE-2021-21297 MISC CONFIRM MISC MISC |
| onlyoffice -- document_server | A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer. | 2021-03-01 | 6.8 | CVE-2021-25830 MISC MISC MISC MISC MISC MISC |
| onlyoffice -- document_server | A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer. | 2021-03-01 | 6.8 | CVE-2021-25831 MISC MISC MISC MISC MISC MISC |
| onlyoffice -- document_server | A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer. | 2021-03-01 | 6.8 | CVE-2021-25832 MISC MISC MISC MISC MISC MISC MISC |
| onlyoffice -- document_server | A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code execution on DocumentServer. | 2021-03-01 | 6.8 | CVE-2021-25833 MISC MISC MISC MISC MISC MISC |
| owncloud -- owncloud | ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. | 2021-02-26 | 4.4 | CVE-2020-28646 MISC MISC |
| prestashop -- prestashop | PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2 | 2021-02-26 | 6.4 | CVE-2021-21308 MISC MISC CONFIRM |
| prestashop -- prestashop | PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2 | 2021-02-26 | 6.5 | CVE-2021-21302 MISC MISC CONFIRM |
| prosoft-technology -- icx35-hwc-a_firmware | Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and prior). | 2021-02-26 | 5 | CVE-2021-22661 MISC |
| quinn_project -- quinn | An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | 2021-03-05 | 5 | CVE-2021-28036 MISC |
| saltstack -- salt | An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | 2021-02-27 | 4.6 | CVE-2020-28243 MISC FEDORA FEDORA CONFIRM MISC |
| saltstack -- salt | In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | 2021-02-27 | 4.3 | CVE-2020-28972 FEDORA FEDORA CONFIRM |
| saltstack -- salt | In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | 2021-02-27 | 5.8 | CVE-2020-35662 FEDORA FEDORA CONFIRM |
| saltstack -- salt | An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. | 2021-02-27 | 6.4 | CVE-2021-25282 MISC FEDORA FEDORA CONFIRM |
| scytl -- secure_vote | An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. | 2021-02-27 | 5 | CVE-2019-25020 MISC |
| scytl -- secure_vote | An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. | 2021-02-27 | 6.4 | CVE-2019-25023 MISC |
| scytl -- secure_vote | An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | 2021-02-27 | 5 | CVE-2019-25021 MISC |
| synology -- diskstation_manager | Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | 2021-02-26 | 4.3 | CVE-2021-26560 CONFIRM |
| synology -- diskstation_manager | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. | 2021-02-26 | 4.3 | CVE-2021-26565 CONFIRM |
| synology -- diskstation_manager | Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. | 2021-02-26 | 4.3 | CVE-2021-26564 CONFIRM |
| synology -- diskstation_manager | Use of unmaintained third party components vulnerability in faad in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via a crafted file path. | 2021-02-26 | 6.5 | CVE-2021-26567 CONFIRM |
| synology -- diskstation_manager | Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | 2021-02-26 | 6.8 | CVE-2021-26561 CONFIRM |
| synology -- diskstation_manager | Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. | 2021-02-26 | 6.8 | CVE-2021-26562 CONFIRM |
| synology -- diskstation_manager | Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. | 2021-02-26 | 6.8 | CVE-2021-26566 CONFIRM |
| toodee_project -- toodee | An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. | 2021-03-05 | 5 | CVE-2021-28029 MISC |
| tpm2_software_stack_project -- tpm2_software_stack | Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3. | 2021-02-26 | 4.6 | CVE-2020-24455 CONFIRM CONFIRM CONFIRM |
| truetype_project -- truetype | An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. | 2021-03-05 | 5 | CVE-2021-28030 MISC |
| vapor_project -- vapor | Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters. | 2021-02-26 | 5 | CVE-2021-21328 MISC MISC CONFIRM MISC |
| w1.fi -- wpa_supplicant | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | 2021-02-26 | 5.4 | CVE-2021-27803 MLIST MLIST FEDORA MISC MISC MISC |
| xerox -- altalink_b8045_firmware | Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. | 2021-03-04 | 4 | CVE-2019-18628 MISC CONFIRM |
| zenphoto -- zenphoto | ** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site." | 2021-02-26 | 6.5 | CVE-2020-36079 MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| courier_management_system_project -- courier_management_system | Courier Management System 1.0 - 'First Name' Stored XSS | 2021-03-04 | 3.5 | CVE-2020-35328 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request. | 2021-03-03 | 3.5 | CVE-2021-22182 CONFIRM MISC MISC |
| gnu -- glibc | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. | 2021-02-26 | 2.1 | CVE-2020-27618 MISC MISC |
| google -- android | In mobile_log_d, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457039. | 2021-02-26 | 2.1 | CVE-2021-0404 MISC |
| google -- android | In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124. | 2021-02-26 | 2.1 | CVE-2021-0403 MISC |
| i-doit -- i-doit | i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS. | 2021-02-27 | 3.5 | CVE-2021-3151 MISC MISC |
| ibm -- doors_next | IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190459. | 2021-03-04 | 3.5 | CVE-2020-4856 XF CONFIRM |
| ibm -- doors_next | IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190460. | 2021-03-04 | 3.5 | CVE-2020-4857 XF CONFIRM |
| ibm -- doors_next | IBM Engineering products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190566. | 2021-03-04 | 3.5 | CVE-2020-4863 XF CONFIRM |
| ibm -- doors_next | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190742. | 2021-03-04 | 3.5 | CVE-2020-4866 XF CONFIRM |
| ibm -- doors_next | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451. | 2021-03-04 | 3.5 | CVE-2021-20340 XF CONFIRM |
| ibm -- doors_next | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707. | 2021-03-04 | 3.5 | CVE-2021-20350 XF CONFIRM |
| ibm -- doors_next | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708. | 2021-03-04 | 3.5 | CVE-2021-20351 XF CONFIRM |
| microfocus -- solutions_business_manager | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. | 2021-02-26 | 3.8 | CVE-2019-18946 CONFIRM |
| microfocus -- solutions_business_manager | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. | 2021-02-26 | 2.7 | CVE-2019-18947 CONFIRM |
| microfocus -- solutions_business_manager | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | 2021-02-26 | 2.3 | CVE-2019-18944 CONFIRM |
| microfocus -- solutions_business_manager | Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. | 2021-02-26 | 2.3 | CVE-2019-18942 CONFIRM |
| mozilla -- firefox | Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86. | 2021-02-26 | 2.6 | CVE-2021-23977 MISC MISC |
| opentext -- content_server | There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. | 2021-02-26 | 3.5 | CVE-2021-3010 MISC MISC |
| saltstack -- salt | An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level. | 2021-02-27 | 1.9 | CVE-2021-25284 MISC FEDORA FEDORA CONFIRM |
| samsung -- internet | Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. | 2021-03-04 | 2.1 | CVE-2021-25348 MISC CONFIRM |
| samsung -- s_assistant | Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. | 2021-03-04 | 2.1 | CVE-2021-25341 MISC CONFIRM |
| synology -- diskstation_manager | Improper access control vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows local users to obtain sensitive information via a crafted kernel module. | 2021-02-26 | 2.1 | CVE-2021-26563 CONFIRM |
| zte -- zxr10_8900e_firmware | A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1. | 2021-02-26 | 2.1 | CVE-2021-21724 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| activerecord-session_store -- activerecord-session_store | The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a correct guess in a relatively short amount of time. This is a related issue to CVE-2019-16782. | 2021-03-05 | not yet calculated | CVE-2019-25025 MISC |
| adguard -- adguard | An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie. | 2021-03-03 | not yet calculated | CVE-2021-27935 MISC |
| advantech -- webaccess/scada | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 2021-03-03 | not yet calculated | CVE-2020-13554 MISC |
| afterlogic -- aurora | An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x. | 2021-03-04 | not yet calculated | CVE-2021-26293 CONFIRM |
| ansi -- ansi | The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0. | 2021-03-05 | not yet calculated | CVE-2021-3377 MISC MISC |
| anuko -- time_tracker | Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In TimeTracker before version 1.19.24.5415 tokens used in password reset feature in Time Tracker are based on system time and, therefore, are predictable. This opens a window for brute force attacks to guess user tokens and, once successful, change user passwords, including that of a system administrator. This vulnerability is pathced in version 1.19.24.5415 (started to use more secure tokens) with an additional improvement in 1.19.24.5416 (limited an available window for brute force token guessing). | 2021-03-03 | not yet calculated | CVE-2021-21352 MISC CONFIRM MISC |
| apache -- ambari_views | A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4. | 2021-03-02 | not yet calculated | CVE-2020-1936 MLIST CONFIRM |
| apache -- asterixdb | When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB | 2021-03-01 | not yet calculated | CVE-2020-9479 MLIST MISC |
| apache -- superset | Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code. | 2021-03-05 | not yet calculated | CVE-2021-27907 MISC MLIST |
| argopro -- argopro | The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | 2021-03-03 | not yet calculated | CVE-2021-23347 CONFIRM CONFIRM |
| aruba -- airwave_management_platform | A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. | 2021-03-05 | not yet calculated | CVE-2021-26969 MISC |
| aruba -- airwave_management_platform | A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | 2021-03-05 | not yet calculated | CVE-2021-26968 MISC |
| aruba -- airwave_management_platform | A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. | 2021-03-05 | not yet calculated | CVE-2021-26967 MISC |
| aruba -- airwave_management_platform | A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. | 2021-03-05 | not yet calculated | CVE-2021-26966 MISC |
| aruba -- airwave_management_platform | A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database. | 2021-03-05 | not yet calculated | CVE-2021-26965 MISC |
| aruba -- airwave_management_platform | A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | 2021-03-05 | not yet calculated | CVE-2021-26963 MISC |
| aruba -- airwave_management_platform | A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. | 2021-03-05 | not yet calculated | CVE-2021-26970 MISC |
| aruba -- airwave_management_platform | A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise. | 2021-03-05 | not yet calculated | CVE-2021-26971 MISC |
| aruba -- airwave_management_platform | A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. | 2021-03-05 | not yet calculated | CVE-2021-26964 MISC |
| aruba -- airwave_management_platform | A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. | 2021-03-05 | not yet calculated | CVE-2021-26960 MISC |
| aruba -- airwave_management_platform | A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user. | 2021-03-05 | not yet calculated | CVE-2021-26961 MISC |
| aruba -- airwave_management_platform | A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | 2021-03-05 | not yet calculated | CVE-2021-26962 MISC |
| bitnami -- containers | In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application. | 2021-03-03 | not yet calculated | CVE-2021-21979 MISC |
| blackboard -- collaborate_ultra | Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. | 2021-03-02 | not yet calculated | CVE-2020-25902 MISC MISC |
| cgal -- libcal | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability. | 2021-03-04 | not yet calculated | CVE-2020-35636 MISC |
| cgal -- libcal | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. | 2021-03-04 | not yet calculated | CVE-2020-35628 MISC |
| cgal -- libcgal | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability. | 2021-03-04 | not yet calculated | CVE-2020-28636 MISC |
| cgal -- libcgal | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. | 2021-03-04 | not yet calculated | CVE-2020-28601 MISC |
| clustered_data -- ontap | Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs. | 2021-03-04 | not yet calculated | CVE-2021-26988 MISC |
| clustered_data -- ontap | Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P9 and 9.8 are susceptible to a vulnerability which could allow a remote authenticated attacker to cause a Denial of Service (DoS) on clustered Data ONTAP configured for SMB access. | 2021-03-04 | not yet calculated | CVE-2021-26989 MISC |
| courier -- management_system | SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php | 2021-03-04 | not yet calculated | CVE-2020-35327 MISC |
| datadog -- datadog | The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. The method `prepareDownloadFilecreates` creates a temporary file with the permissions bits of `-rw-r--r--` on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded via the `downloadFileFromResponse` method will be visible to all other users on the local system. Analysis of the finding determined that the affected code was unused, meaning that the exploitation likelihood is low. The unused code has been removed, effectively mitigating this issue. This issue has been patched in version 1.0.0-beta.9. As a workaround one may specify `java.io.tmpdir` when starting the JVM with the flag `-Djava.io.tmpdir`, specifying a path to a directory with `drw-------` permissions owned by `dd-agent`. | 2021-03-03 | not yet calculated | CVE-2021-21331 CONFIRM CONFIRM |
| dell -- emc_openmanage_server_administrator | Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. | 2021-03-02 | not yet calculated | CVE-2021-21513 CONFIRM |
| dell -- emc_openmanage_server_administrator | Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. | 2021-03-02 | not yet calculated | CVE-2021-21514 CONFIRM |
| dell -- emc_sourceone | Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. | 2021-03-01 | not yet calculated | CVE-2021-21515 MISC |
| deutsche -- post_mailoptimizer | Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. | 2021-03-05 | not yet calculated | CVE-2021-28042 MISC MISC |
| docker -- dashboard | rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product. | 2021-03-02 | not yet calculated | CVE-2021-27886 MISC MISC MISC |
| doctor_appointment_system -- doctor_appointment_system | Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter. | 2021-03-01 | not yet calculated | CVE-2021-27318 MISC MISC |
| doctor_appointment_system -- doctor_appointment_system | Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. | 2021-03-01 | not yet calculated | CVE-2021-27317 MISC MISC |
| e107 -- e107 | usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism. | 2021-03-02 | not yet calculated | CVE-2021-27885 MISC MISC MISC |
| epignosis -- efontpro | A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice. | 2021-03-03 | not yet calculated | CVE-2020-28597 MISC |
| fastify-reply-form -- fastify-reply-form | fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing `/priv` on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.3.1. | 2021-03-02 | not yet calculated | CVE-2021-21322 MISC CONFIRM MISC |
| fastify-reply-form -- fastify-reply-form | fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is "/pub/", a user expect that accessing "/priv" on the target service would not be possible. In affected versions, it is possible. This is fixed in version 4.0.2. | 2021-03-02 | not yet calculated | CVE-2021-21321 MISC CONFIRM MISC |
| fatek -- fvdesigner
| An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | 2021-03-03 | not yet calculated | CVE-2021-22670 MISC |
| fatek -- fvdesigner | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | 2021-03-03 | not yet calculated | CVE-2021-22683 MISC |
| fatek -- fvdesigner | A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | 2021-03-03 | not yet calculated | CVE-2021-22662 MISC |
| fatek -- fvdesigner | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | 2021-03-03 | not yet calculated | CVE-2021-22638 MISC |
| fatek -- fvdesigner | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while project files are being processed, allowing an attacker to craft a special project file that may permit arbitrary code execution. | 2021-03-03 | not yet calculated | CVE-2021-22666 MISC |
| fork -- forkcms | PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | 2021-03-04 | not yet calculated | CVE-2020-24036 MISC MISC MISC |
| fortinet -- fortigate | When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. | 2021-03-04 | not yet calculated | CVE-2020-15938 CONFIRM |
| fortinet -- fortigate | An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard. | 2021-03-03 | not yet calculated | CVE-2020-15937 CONFIRM |
| fortinet -- fortiproxy | An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality. | 2021-03-04 | not yet calculated | CVE-2021-22128 CONFIRM |
| fs-path -- fs-path | fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods. | 2021-03-04 | not yet calculated | CVE-2020-8298 MISC MISC MISC |
| gigaset -- dx600a_devices | The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks. | 2021-03-02 | not yet calculated | CVE-2021-25309 MISC |
| gigaset -- dx600a_devices | A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands. | 2021-03-02 | not yet calculated | CVE-2021-25306 MISC |
| github -- enterprise_server | A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program. | 2021-03-03 | not yet calculated | CVE-2020-10519 MISC MISC MISC |
| github -- github
| An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference of a pull request to be updated to point to an arbitrary SHA or another pull request outside of the fork repository. By establishing this incorrect reference in a PR, the restrictions that limit the Actions secrets sent a workflow from forks could be bypassed. This vulnerability affected GitHub Enterprise Server version 3.0.0, 3.0.0.rc2, and 3.0.0.rc1. This vulnerability was reported via the GitHub Bug Bounty program. | 2021-03-03 | not yet calculated | CVE-2021-22862 MISC |
| github -- github
| An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker would be able to gain access to head branches of pull requests opened on repositories of which they are a maintainer. Forking is disabled by default for organization owned private repositories and would prevent this vulnerability. Additionally, branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.12.22 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2021-03-03 | not yet calculated | CVE-2021-22863 MISC MISC MISC MISC |
| github -- github | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the targeted repository, a setting that is disabled by default for organization owned private repositories. Branch protections such as required pull request reviews or status checks would prevent unauthorized commits from being merged without further review or validation. This vulnerability affected all versions of GitHub Enterprise Server since 2.4.21 and was fixed in versions 2.20.24, 2.21.15, 2.22.7 and 3.0.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2021-03-03 | not yet calculated | CVE-2021-22861 MISC MISC MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue titles in Gitlab were readable by an unauthorised user via branch logs. | 2021-03-03 | not yet calculated | CVE-2021-22188 CONFIRM MISC MISC |
| gitlab -- gitlab | Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. | 2021-03-04 | not yet calculated | CVE-2021-22189 CONFIRM MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. | 2021-03-04 | not yet calculated | CVE-2021-22183 CONFIRM MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 12.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. | 2021-03-02 | not yet calculated | CVE-2021-22187 CONFIRM MISC |
| glpi -- glpi | GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI from version 9.5.0 and before version 9.5.4, there is a cross-site scripting injection vulnerability when using ajax/kanban.php. This is fixed in version 9.5.4. | 2021-03-02 | not yet calculated | CVE-2021-21258 MISC CONFIRM |
| glpi -- glpi | GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: "Web Link" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: " accesskey="x" onclick="alert(1)" x=", the content will be saved within the database without any control. And then once you return to the summary documents page, by clicking on the "Web Link" of the newly created file it will create a new empty tab, but on the initial tab the pop-up "1" will appear. | 2021-03-03 | not yet calculated | CVE-2021-21312 MISC CONFIRM |
| glpi -- glpi | GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not properly sanitized. Here are two payloads (due to two different exploitations depending on which parameter you act) to exploit the vulnerability:/ajax/common.tabs.php?_target=javascript:alert(document.cookie)&_itemtype=DisplayPreference&_glpi_tab=DisplayPreference$2&id=258&displaytype=Ticket (Payload triggered if you click on the button). /ajax/common.tabs.php?_target=/front/ticket.form.php&_itemtype=Ticket&_glpi_tab=Ticket$1&id=(){};(function%20(){alert(document.cookie);})();function%20a&#. | 2021-03-03 | not yet calculated | CVE-2021-21313 MISC CONFIRM |
| glpi -- glpi | GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket. | 2021-03-03 | not yet calculated | CVE-2021-21314 MISC CONFIRM |
| glpi -- glpi | GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4. | 2021-03-02 | not yet calculated | CVE-2021-21255 MISC CONFIRM |
| grub2 -- grub2 | A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-03-03 | not yet calculated | CVE-2021-20233 MISC |
| grub2 -- grub2 | A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-03-03 | not yet calculated | CVE-2021-20225 MISC |
| grub2 -- grub2 | A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-03-03 | not yet calculated | CVE-2020-25632 MISC |
| grub2 -- grub2 | A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-03-03 | not yet calculated | CVE-2020-25647 MISC |
| grub2 -- grub2 | A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-03-03 | not yet calculated | CVE-2020-27749 MISC |
| grub2 -- grub2 | A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-03-03 | not yet calculated | CVE-2020-27779 MISC |
| gunua -- genugate | An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the provided data (when a certain manipulation occurs) and returns OK for any authentication request. This allows an attacker to login to the admin panel as a user of his choice, e.g., the root user (with highest privileges) or even a non-existing user. | 2021-03-03 | not yet calculated | CVE-2021-27215 MISC MISC MISC |
| harmonyos -- harmonyos | A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources. | 2021-03-02 | not yet calculated | CVE-2021-22294 MISC |
| harmonyos -- harmonyos | A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability to mount a file system to the target device, causing DoS of the file system. | 2021-03-02 | not yet calculated | CVE-2021-22296 MISC MISC MISC |
| html-parse-stringify -- html-parse-stringify | This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process. | 2021-03-04 | not yet calculated | CVE-2021-23346 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| ibm -- cloud_apm | IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974. | 2021-03-02 | not yet calculated | CVE-2020-4725 XF CONFIRM |
| ibm -- cloud_apm | The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861. | 2021-03-02 | not yet calculated | CVE-2020-4719 XF CONFIRM |
| ibm -- cloud_apm | The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 187975. | 2021-03-02 | not yet calculated | CVE-2020-4726 XF CONFIRM |
| ibm -- multiple_products | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435. | 2021-03-04 | not yet calculated | CVE-2020-4975 XF CONFIRM |
| ibm -- security_verify_bridge | IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196617. | 2021-03-03 | not yet calculated | CVE-2021-20441 XF CONFIRM |
| ibm -- security_verify_bridge | IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196618. | 2021-03-03 | not yet calculated | CVE-2021-20442 XF CONFIRM |
| identitymodel -- identitymodel | An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens. | 2021-03-05 | not yet calculated | CVE-2020-36255 MISC MISC MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. | 2021-03-04 | not yet calculated | CVE-2021-26029 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path. | 2021-03-04 | not yet calculated | CVE-2021-26028 MISC |
| joomla! -- joomla! | An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article. | 2021-03-04 | not yet calculated | CVE-2021-26027 MISC |
| kentico -- the_blog | The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter. | 2021-03-05 | not yet calculated | CVE-2021-27581 MISC MISC |
| lg -- mobile_devices | An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021). | 2021-03-02 | not yet calculated | CVE-2021-27901 MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. | 2021-03-05 | not yet calculated | CVE-2021-28039 MLIST MISC |
| linux -- linux_kernel | An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. | 2021-03-05 | not yet calculated | CVE-2021-28038 MLIST MISC |
| linux -- linux_kernel | A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. | 2021-03-04 | not yet calculated | CVE-2020-25639 MISC |
| lumisxp -- lumisxp | LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. | 2021-03-03 | not yet calculated | CVE-2021-27931 MISC |
| markdown -- markdown | markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time. | 2021-03-03 | not yet calculated | CVE-2021-26813 MISC |
| matrix-react-sdk -- matrix-react-sdk | matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messages and secrets are not at risk. This has been fixed in version 3.15.0. | 2021-03-02 | not yet calculated | CVE-2021-21320 MISC MISC CONFIRM MISC |
| microsoft -- exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078. | 2021-03-03 | not yet calculated | CVE-2021-26858 MISC |
| microsoft -- exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065. | 2021-03-03 | not yet calculated | CVE-2021-27078 MISC |
| microsoft -- exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. | 2021-03-03 | not yet calculated | CVE-2021-26857 MISC |
| microsoft -- exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078. | 2021-03-03 | not yet calculated | CVE-2021-27065 MISC |
| microsoft -- exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. | 2021-03-03 | not yet calculated | CVE-2021-26412 MISC |
| microsoft -- exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. | 2021-03-03 | not yet calculated | CVE-2021-26854 MISC |
| microsoft -- exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. | 2021-03-03 | not yet calculated | CVE-2021-26855 MISC |
| misp -- misp | An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors. | 2021-03-02 | not yet calculated | CVE-2021-27904 MISC |
| mobilewips -- mobilewips | Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. | 2021-03-02 | not yet calculated | CVE-2021-25330 MISC |
| mongodb -- mongodb_server | A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.6; MongoDB Server v3.6 versions prior to 3.6.11. | 2021-03-01 | not yet calculated | CVE-2018-25004 MISC |
| mongodb -- mongodb_server | A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. | 2021-03-01 | not yet calculated | CVE-2020-7929 CONFIRM |
| movable -- multiple_products | Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-03-05 | not yet calculated | CVE-2021-20665 MISC MISC |
| movable -- multiple_products | Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-03-05 | not yet calculated | CVE-2021-20663 MISC MISC |
| movable -- multiple_products | Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4705 and earlier (Movable Type Advanced 7 Series), Movable Type 6.7.5 and earlier (Movable Type 6.7 Series), Movable Type Premium 1.39 and earlier, and Movable Type Premium Advanced 1.39 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. | 2021-03-05 | not yet calculated | CVE-2021-20664 MISC MISC |
| msi -- dragon_center | The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request. | 2021-03-05 | not yet calculated | CVE-2021-27965 MISC MISC |
| mymvconnect24 -- mymvconnect24 | An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter. | 2021-03-02 | not yet calculated | CVE-2020-12530 CONFIRM |
| mymvconnect24 -- mymvconnect24 | An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports. | 2021-03-02 | not yet calculated | CVE-2020-12529 CONFIRM |
| mymvconnect24 -- mymvconnect24 | An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to. | 2021-03-02 | not yet calculated | CVE-2020-12528 CONFIRM |
| mymvconnect24 -- mymvconnect24 | An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to interact with devices in the account he should not have access to. | 2021-03-02 | not yet calculated | CVE-2020-12527 CONFIRM |
| netgear -- r7800_devices
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_save.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12355. | 2021-03-05 | not yet calculated | CVE-2021-27256 N/A N/A |
| netgear -- r7800_devices
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of authentication required to start a service on the server. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12360. | 2021-03-05 | not yet calculated | CVE-2021-27255 N/A N/A |
| netgear -- r7800_devices | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. | 2021-03-05 | not yet calculated | CVE-2021-27254 N/A N/A |
| netgear -- r7800_devices | This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362. | 2021-03-05 | not yet calculated | CVE-2021-27257 N/A N/A |
| newlib -- newlib | A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow. | 2021-03-05 | not yet calculated | CVE-2021-3420 MISC |
| nextcloud -- nexcloud_server | Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. | 2021-03-03 | not yet calculated | CVE-2021-22878 MISC MISC MISC |
| nextcloud -- nexcloud_server | A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. | 2021-03-03 | not yet calculated | CVE-2021-22877 MISC MISC MISC MISC |
| nextcloud -- nextcloud_server | Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | 2021-03-03 | not yet calculated | CVE-2020-8296 MISC MISC MISC MISC |
| node.js -- node.js | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. | 2021-03-03 | not yet calculated | CVE-2021-22884 MISC MISC MISC |
| node.js -- node.js | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. | 2021-03-03 | not yet calculated | CVE-2021-22883 MISC MISC |
| online_invoicing_system -- online_invoicing_system | A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to. | 2021-03-03 | not yet calculated | CVE-2021-27839 MISC MISC |
| openark -- orchestrator | resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter. | 2021-03-03 | not yet calculated | CVE-2021-27940 MISC MISC MISC |
| openssh -- openssh | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | 2021-03-05 | not yet calculated | CVE-2021-28041 MISC MISC MISC MISC |
| oracle -- cloud_infrastructure_data_science_notebook | Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes to compromise Oracle Cloud Infrastructure Data Science Notebook Sessions. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Data Science Notebook Sessions accessible data. All affected customers were notified of CVE-2021-2138 by Oracle. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) | 2021-03-03 | not yet calculated | CVE-2021-2138 MISC |
| ossec -- ossec | An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached. | 2021-03-05 | not yet calculated | CVE-2021-28040 MISC |
| pillow -- pillow | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | 2021-03-03 | not yet calculated | CVE-2021-27922 MISC |
| pillow -- pillow | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | 2021-03-03 | not yet calculated | CVE-2021-27923 MISC |
| pillow -- pillow | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | 2021-03-03 | not yet calculated | CVE-2021-27921 MISC |
| pug -- pug | Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade. | 2021-03-03 | not yet calculated | CVE-2021-21353 MISC MISC MISC MISC CONFIRM MISC MISC |
| qcubed -- qcubed
| A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | 2021-03-04 | not yet calculated | CVE-2020-24914 MISC MISC MISC |
| qcubed -- qcubed | A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. | 2021-03-04 | not yet calculated | CVE-2020-24912 MISC MISC MISC |
| readpermutation -- readpermutation | jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service. | 2021-03-05 | not yet calculated | CVE-2021-28026 MISC |
| red_hat -- red_hat | A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. | 2021-03-03 | not yet calculated | CVE-2020-14372 MISC MISC |
| redis -- redis | Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways. | 2021-02-26 | not yet calculated | CVE-2021-21309 MISC MISC CONFIRM |
| rockwell_automation -- studio_5000_logix_designer_and_rslogic_5000 | Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. Rockwell Automation Studio 5000 Logix Designer Versions 21 and later and RSLogix 5000: Versions 16 through 20 are vulnerable because an unauthenticated attacker could bypass this verification mechanism and authenticate with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730, 1794-L34; Compact GuardLogix 5370, 5380; GuardLogix 5570, 5580; SoftLogix 5800. | 2021-03-03 | not yet calculated | CVE-2021-22681 MISC |
| rust -- rust | An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free. | 2021-03-05 | not yet calculated | CVE-2021-28032 MISC |
| samsung -- keyboard | Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | 2021-03-04 | not yet calculated | CVE-2021-25340 MISC CONFIRM |
| samsung -- mobile_devices | Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | 2021-03-04 | not yet calculated | CVE-2021-25338 MISC CONFIRM |
| samsung -- mobile_devices | Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. | 2021-03-04 | not yet calculated | CVE-2021-25337 MISC CONFIRM |
| samsung -- mobile_devices | Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | 2021-03-04 | not yet calculated | CVE-2021-25339 MISC CONFIRM |
| samsung -- mobile_devices | Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. | 2021-03-04 | not yet calculated | CVE-2021-25334 MISC CONFIRM |
| samsung -- mobile_devices | Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | 2021-03-04 | not yet calculated | CVE-2021-25335 MISC CONFIRM |
| samsung -- mobile_devices | Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. | 2021-03-04 | not yet calculated | CVE-2021-25336 MISC CONFIRM |
| samsung -- pay | Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code. | 2021-03-04 | not yet calculated | CVE-2021-25333 MISC CONFIRM |
| samsung -- pay | Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition. | 2021-03-04 | not yet calculated | CVE-2021-25332 MISC CONFIRM |
| samsung -- pay | Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition. | 2021-03-04 | not yet calculated | CVE-2021-25331 MISC CONFIRM |
| samsung -- samsung | Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed. | 2021-03-04 | not yet calculated | CVE-2021-25347 MISC CONFIRM |
| samsung -- samsung | A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. | 2021-03-04 | not yet calculated | CVE-2021-25346 MISC CONFIRM |
| samsung -- samsung | Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. | 2021-03-04 | not yet calculated | CVE-2021-25345 MISC CONFIRM |
| samsung -- samsung | Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | 2021-03-04 | not yet calculated | CVE-2021-25343 MISC CONFIRM |
| samsung -- samsung | Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. | 2021-03-04 | not yet calculated | CVE-2021-25344 MISC CONFIRM |
| sangoma -- asterisk | An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. | 2021-03-05 | not yet calculated | CVE-2019-18351 MISC MISC |
| secomea -- sitemanager | Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea GateManager allows an attacker to execute malicious code. This issue affects: Secomea GateManager All versions prior to 9.4. | 2021-03-05 | not yet calculated | CVE-2020-29030 MISC |
| secomea -- sitemanager | Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. | 2021-03-05 | not yet calculated | CVE-2020-29028 MISC |
| secomea -- sitemanager | Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. | 2021-03-05 | not yet calculated | CVE-2020-29029 MISC |
| secomea -- sitemanager | Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022 | 2021-03-05 | not yet calculated | CVE-2020-29032 MISC |
| secomea -- sitemanager | Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. | 2021-03-05 | not yet calculated | CVE-2020-29020 MISC |
| slic3r -- slic3r | An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | 2021-03-03 | not yet calculated | CVE-2020-28591 MISC |
| smp -- smp | Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | 2021-03-04 | not yet calculated | CVE-2021-25342 MISC CONFIRM |
| sonicwall -- sonicwall | SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | 2021-03-05 | not yet calculated | CVE-2020-5148 CONFIRM |
| sonlogger -- sonlogger | SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file. | 2021-03-05 | not yet calculated | CVE-2021-27964 MISC MISC |
| sonlogger -- sonlogger | SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header. | 2021-03-05 | not yet calculated | CVE-2021-27963 MISC MISC |
| spire -- spire
| In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the value of an EC2 tag prior to attestation, and the attestor is configured for agent ID templating where the tag value is the last element in the path. This issue has been fixed in SPIRE versions 0.11.3 and 0.12.1 | 2021-03-05 | not yet calculated | CVE-2021-27099 MISC |
| spire -- spire | In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1. | 2021-03-05 | not yet calculated | CVE-2021-27098 MISC |
| spring-integration-zip -- spring-integration-zip | Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. | 2021-03-01 | not yet calculated | CVE-2021-22114 MISC |
| squarebox -- catdv_server | An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the application, such as disclosing password hashes. | 2021-03-05 | not yet calculated | CVE-2021-26705 MISC |
| srs -- policy_manager | SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service. | 2021-03-01 | not yet calculated | CVE-2021-21517 MISC |
| stormshield -- network_security | A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection related to ARP/NDP tables management, which would temporarily prevent the system to contact new hosts via IPv4 or IPv6. This affects versions 2.0.0 to 2.7.7, 2.8.0 to 2.16.0, 3.0.0 to 3.7.16, 3.8.0 to 3.11.4, and 4.0.0 to 4.1.5. Fixed in versions 2.7.8, 3.7.17, 3.11.5, and 4.2.0. | 2021-03-02 | not yet calculated | CVE-2021-3384 CONFIRM |
| suse -- linux_enterprise_server | A Incorrect Implementation of Authentication Algorithm vulnerability in of SUSE SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. | 2021-03-03 | not yet calculated | CVE-2021-25315 CONFIRM |
| suse -- rancher | A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6. | 2021-03-05 | not yet calculated | CVE-2021-25313 CONFIRM CONFIRM CONFIRM |
| tenable.sc -- core | Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution (RCE) on the Tenable.sc server via Hypertext Preprocessor unserialization. | 2021-03-03 | not yet calculated | CVE-2021-20076 MISC |
| thinkadmin -- thinkadmin | ThinkAdmin v6 has default administrator credentials, which allows attackers to gain unrestricted administratior dashboard access. | 2021-03-03 | not yet calculated | CVE-2020-35296 MISC MISC MISC |
| totvs -- fluig_luke | TOTVS Fluig Luke 1.7.0 allows directory traversal via a base64 encoded file=../ to a volume/stream/ URI. This affects: Fluig Lake 1.7.0-210217, Fluig Lake 1.7.0-210112, Fluig Lake 1.7.0-201215, Fluig Lake 1.7.0-201124 and Fluig Lake 1.7.0-200915. | 2021-03-05 | not yet calculated | CVE-2020-29134 MISC MISC |
| trend_micro -- virus_scan_api_and_advanced_threat_scan_engine | Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | 2021-03-03 | not yet calculated | CVE-2021-25252 MISC |
| ultimatekode -- neo_billing | Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - Accounting, Invoicing And CRM Software up to version 3.5 which allows remote attackers to inject arbitrary web script or HTML. | 2021-03-02 | not yet calculated | CVE-2020-23518 MISC |
| veritas -- backup_exec | An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges. | 2021-03-01 | not yet calculated | CVE-2021-27878 MISC |
| veritas -- backup_exec | An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands. | 2021-03-01 | not yet calculated | CVE-2021-27877 MISC |
| veritas -- backup_exec | An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges. | 2021-03-01 | not yet calculated | CVE-2021-27876 MISC |
| vmware -- view_planner | VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. | 2021-03-03 | not yet calculated | CVE-2021-21978 MISC |
| wazuh -- wazuh | Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script. | 2021-03-06 | not yet calculated | CVE-2021-26814 MISC MISC |
| webkit -- webkitgtk | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | 2021-03-03 | not yet calculated | CVE-2020-13558 MISC |
| wordpress -- wordpress | The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php. | 2021-03-03 | not yet calculated | CVE-2020-29047 MISC MISC |
| wps_hide_login -- wps_hide_login | WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. | 2021-03-01 | not yet calculated | CVE-2021-3332 MISC |
| xerox -- altalink | Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a compromised private key. | 2021-03-04 | not yet calculated | CVE-2019-18629 MISC CONFIRM |
| xerox -- altalink | On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure. | 2021-03-04 | not yet calculated | CVE-2019-18630 MISC |
| xmlhttprequest -- xmlhttprequest | This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run. | 2021-03-05 | not yet calculated | CVE-2020-28502 MISC MISC MISC MISC MISC |
| ymfe -- yapi | Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used. | 2021-03-01 | not yet calculated | CVE-2021-27884 MISC MISC |
| ytnef -- ytnef | In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | 2021-03-04 | not yet calculated | CVE-2021-3404 MISC MISC |
| ytnef -- ytnef | In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | 2021-03-04 | not yet calculated | CVE-2021-3403 MISC MISC |
| yubico -- yubihsm-shell | An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running process, depending on the memory layout. This could be used by an attacker to cause a client-side denial of service. The yubihsm-shell project is included in the YubiHSM 2 SDK product. | 2021-03-04 | not yet calculated | CVE-2021-27217 MISC CONFIRM |
| zabbix -- zabbix | In Zabbix before 4.0.28rc1, 5.x before 5.0.8rc1, 5.1.x and 5.2.x before 5.2.4rc1, and 5.3.x and 5.4.x before 5.4.0alpha1, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. | 2021-03-03 | not yet calculated | CVE-2021-27927 MISC |
| zendto -- zendto | ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters. | 2021-03-02 | not yet calculated | CVE-2021-27888 MISC |
| zint -- barcode_generator | ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code. | 2021-02-26 | not yet calculated | CVE-2021-27799 MISC MISC MISC MISC MISC |
| zoho -- manageengine_admanager_plus | Zoho ManageEngine ADManager Plus before 7066 allows XSS. | 2021-03-05 | not yet calculated | CVE-2020-35594 MISC |
| zoho -- manageengine_application_control_plus | Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation. | 2021-03-05 | not yet calculated | CVE-2020-29658 MISC |
| zoho -- manageengine_desktop_central | Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. | 2021-03-05 | not yet calculated | CVE-2020-28050 CONFIRM CONFIRM |
| zstd -- zstd | In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. | 2021-03-04 | not yet calculated | CVE-2021-24031 MISC MISC MISC |
| zstd -- zstd | Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. | 2021-03-04 | not yet calculated | CVE-2021-24032 MISC MISC MISC |
| zte -- zte | A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2. | 2021-03-05 | not yet calculated | CVE-2021-21725 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.