Vulnerability Summary for the Week of January 25, 2021


rocket.chat — rocket.chat Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. 2021-01-26 not yet calculated CVE-2020-8292
MISC
MISC 4images — image_gallary_management_system
  4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload. 2021-01-26 not yet calculated CVE-2020-35853
MISC abi_stable — abi_stable
  An issue was discovered in the abi_stable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop. 2021-01-26 not yet calculated CVE-2020-36212
MISC abi_stable — abi_stable
  An issue was discovered in the abi_stable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness. 2021-01-26 not yet calculated CVE-2020-36213
MISC accfly — wireless_security_ir_camera_720p
  An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling. 2021-01-28 not yet calculated CVE-2020-25783
MISC accfly — wireless_security_ir_camera_720p
  An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update procedure. 2021-01-28 not yet calculated CVE-2020-25785
MISC accfly — wireless_security_ir_camera_720p
  An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling. 2021-01-28 not yet calculated CVE-2020-25782
MISC accfly — wireless_security_ir_camera_720p
  An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling. 2021-01-28 not yet calculated CVE-2020-25784
MISC acdsee — professional_2021
  PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image. 2021-01-26 not yet calculated CVE-2021-26026
MISC acdsee — professional_2021
  PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image. 2021-01-26 not yet calculated CVE-2021-26025
MISC acronis_true_image — acronis_true_image
  Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. 2021-01-29 not yet calculated CVE-2020-35145
MISC
CONFIRM aovec — aovec
  An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. 2021-01-26 not yet calculated CVE-2020-36207
MISC apache — activemq_artemis The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. 2021-01-27 not yet calculated CVE-2021-26117
MLIST
MLIST
MISC apache — activemq_artemis
  While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. 2021-01-27 not yet calculated CVE-2021-26118
MLIST
MISC apache — druid
  Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process. 2021-01-29 not yet calculated CVE-2021-25646
MLIST
MLIST
MLIST
MLIST
MISC apache — hadoop
  In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. 2021-01-26 not yet calculated CVE-2020-9492
MISC
MLIST archer — archer Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks. 2021-01-29 not yet calculated CVE-2020-29536
CONFIRM
MISC archer — archer Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. 2021-01-29 not yet calculated CVE-2020-29537
CONFIRM
MISC archer — archer Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks. 2021-01-29 not yet calculated CVE-2020-29538
CONFIRM
MISC archer — archer
  Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. 2021-01-29 not yet calculated CVE-2020-29535
CONFIRM
MISC assuweb — assuweb
  Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server. 2021-01-28 not yet calculated CVE-2021-3160
MISC
MISC async-h1 — async-h1
  An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. 2021-01-26 not yet calculated CVE-2020-36202
MISC aterm — wf800hp_firmware
  Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-01-28 not yet calculated CVE-2021-20620
MISC
MISC
MISC aterm — wg2600hp_firmware
  Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2021-01-28 not yet calculated CVE-2021-20621
MISC
MISC
MISC aterm — wg2600hp_firmware
  Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. 2021-01-28 not yet calculated CVE-2021-20622
MISC
MISC
MISC atlassian — bamboo
  Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2. 2021-01-28 not yet calculated CVE-2021-26067
MISC atomic-option — atomic-option
  An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur. 2021-01-26 not yet calculated CVE-2020-36219
MISC autoand — autoand
  An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. 2021-01-26 not yet calculated CVE-2020-36210
MISC av-data — av-data
  An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault. 2021-01-26 not yet calculated CVE-2021-25904
MISC bakeshop — online_ordering_system
  Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard – “Categories”. 2021-01-26 not yet calculated CVE-2020-35309
MISC basic_dsp_matrix — basic_dsp_matrix
  An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed. 2021-01-26 not yet calculated CVE-2021-25906
MISC bitcoin — core
  bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. 2021-01-26 not yet calculated CVE-2021-3195
MISC bosch — fsm-2500_server_and_fsm-5000_server
  Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system. 2021-01-26 not yet calculated CVE-2020-6779
MISC bosch — fsm-2500_server_and_fsm-5000_server
  Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. 2021-01-26 not yet calculated CVE-2020-6780
MISC bra — bra
  An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory. 2021-01-26 not yet calculated CVE-2021-25905
MISC buttplug — buttplug
  An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send|!Sync) objects, leading to a data race. 2021-01-26 not yet calculated CVE-2020-36218
MISC cache — cache
  An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced. 2021-01-26 not yet calculated CVE-2021-25903
MISC cakephp — cakephp
  A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method. 2021-01-26 not yet calculated CVE-2020-35239
MISC cdr-rs — cdr-rs
  An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness. 2021-01-29 not yet calculated CVE-2021-26305
MISC churchrota — churchrota
  ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file via a POST request to resources.php. 2021-01-26 not yet calculated CVE-2021-3164
MISC
MISC ckeditor — ckeditor It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). 2021-01-26 not yet calculated CVE-2021-26271
MISC ckeditor — ckeditor
  It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). 2021-01-26 not yet calculated CVE-2021-26272
MISC ckeditor — ckeditor
  CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) before version 25.0.0 has a regex denial of service (ReDoS) vulnerability. The vulnerability allowed to abuse link recognition regular expression, which could cause a significant performance drop resulting in browser tab freeze. It affects all users using CKEditor 5 Markdown plugin at version <= 24.0.0. The problem has been recognized and patched. The fix will be available in version 25.0.0. 2021-01-29 not yet calculated CVE-2021-21254
MISC
CONFIRM
MISC codiad — codiad
  ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate. 2021-01-27 not yet calculated CVE-2020-23355
MISC conquer-once — conquer-once
  An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. 2021-01-26 not yet calculated CVE-2020-36208
MISC containers — containers
  An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed. 2021-01-26 not yet calculated CVE-2021-25907
MISC cpanel — cpanel
  cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578). 2021-01-26 not yet calculated CVE-2021-26266
MISC cpanel — cpanel
  cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579). 2021-01-26 not yet calculated CVE-2021-26267
MISC d-link — dir_825_r1_devices
  An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. 2021-01-29 not yet calculated CVE-2020-29557
MISC
MISC delta_electronics — ispsoft
  A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. 2021-01-26 not yet calculated CVE-2020-27280
MISC dh2i — dxenterprise_and_dxodyssey
  A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request. 2021-01-29 not yet calculated CVE-2021-3341
MISC duncaen — opendoas
  In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue. 2021-01-28 not yet calculated CVE-2019-25016
MISC
MISC
MISC
MISC ecostruxure — operator_terminal_expert_and_pro-face_blue
  A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI. 2021-01-26 not yet calculated CVE-2020-28221
MISC ecostruxure — power_build A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build – Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed. 2021-01-26 not yet calculated CVE-2021-22698
MISC ecostruxure — power_build
  A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build – Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed. 2021-01-26 not yet calculated CVE-2021-22697
MISC egavilan — media_crud_operation
  Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the ‘Add New Record Feature’. 2021-01-28 not yet calculated CVE-2020-36115
MISC egavilanmedia — user_registration_and_login_system
  EgavilanMedia User Registration & Login System 1.0 is affected by SQL injection to the admin panel, which may allow arbitrary code execution. 2021-01-26 not yet calculated CVE-2020-35263
MISC electron — electron
  The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue. 2021-01-28 not yet calculated CVE-2020-26272
MISC
MISC
MISC
CONFIRM
MISC eset — multiple_products
  A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower. 2021-01-26 not yet calculated CVE-2020-26941
MISC eventio — eventio
  An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur. 2021-01-26 not yet calculated CVE-2020-36216
MISC fil-ocl — fil-ocl
  An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free. 2021-01-26 not yet calculated CVE-2021-25908
MISC flarum — flarum
  Flarum is an open source discussion platform for websites. The “Flarum Sticky” extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through the m.trust() helper. This resulted in an HTML injection where <script> tags would not be executed. However it was possible to run javascript from other HTML attributes, enabling a cross-site scripting (XSS) attack to be performed. Since the exploit only happens with the first post of a pinned discussion, an attacker would need the ability to pin their own discussion, or be able to edit a discussion that was previously pinned. On forums where all pinned posts are authored by your staff, you can be relatively certain the vulnerability has not been exploited. Forums where some user-created discussions were pinned can look at the first post edit date to find whether the vulnerability might have been exploited. Because Flarum doesn’t store the post content history, you cannot be certain if a malicious edit was reverted. The fix will be available in version v0.1.0-beta.16 with Flarum beta 16. The fix has already been back-ported to Flarum beta 15 as version v0.1.0-beta.15.1 of the Sticky extension. Forum administrators can disable the Sticky extension until they are able to apply the update. The vulnerability cannot be exploited while the extension is disabled. 2021-01-26 not yet calculated CVE-2021-21283
MISC
MISC
MISC
CONFIRM foris — foris
  Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. 2021-01-29 not yet calculated CVE-2021-3346
MISC
MISC
MISC ftpd — ftpd
  The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. 2021-01-26 not yet calculated CVE-2013-2512
MISC geeni — gnc-cw013
  An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Telnet service that allows a remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. 2021-01-26 not yet calculated CVE-2020-28998
MISC
MISC geeni — gnc-cw013
  An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library (libhipcam.so) used to provide the streaming camera service. 2021-01-26 not yet calculated CVE-2020-28999
MISC
MISC geeni — gnc-cw013
  An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system. 2021-01-26 not yet calculated CVE-2020-29000
MISC
MISC geeni — mulitple_products
  An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application. 2021-01-26 not yet calculated CVE-2020-29001
MISC
MISC gfwx — gfwx
  An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. 2021-01-26 not yet calculated CVE-2020-36211
MISC glsl-layout — glsl-layout
  An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop. 2021-01-26 not yet calculated CVE-2021-25902
MISC gnu — c_library
  The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. 2021-01-27 not yet calculated CVE-2021-3326
MLIST
MISC
MISC go — go Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). 2021-01-26 not yet calculated CVE-2021-3115
CONFIRM
CONFIRM go — go
  In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. 2021-01-26 not yet calculated CVE-2021-3114
CONFIRM
CONFIRM godaddy — godaddy
  ** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data. 2021-01-27 not yet calculated CVE-2021-26276
MISC google — android
  In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138791358 2021-01-26 not yet calculated CVE-2020-27098
MISC google — android
  In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729426 2021-01-26 not yet calculated CVE-2020-27097
MISC gstreamer — h264
  A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution. 2021-01-26 not yet calculated CVE-2021-3185
MISC hackolade — hackolade
  An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application. 2021-01-26 not yet calculated CVE-2020-25737
MISC hashconsing — hashconsing
  An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur. 2021-01-26 not yet calculated CVE-2020-36215
MISC hedgedoc — hedgedoc
  HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.2. ### Workarounds Disallow loading JavaScript from 3rd party sites using the `Content-Security-Policy` header. Note that this will break some embedded content. ### References This issue was discovered by @TobiasHoll and reported to hackmdio/codimd: https://github.com/hackmdio/codimd/issues/1648 ### For more information If you have any questions or comments about this advisory: * Open an topic on our community forum * Join our matrix room 2021-01-22 not yet calculated CVE-2021-21259
MISC
MISC
CONFIRM hewlett_packard — multiple_products
  The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function. 2021-01-29 not yet calculated CVE-2021-25123
MISC hitachi — vantara_pentaho The New Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Analysis Report Description’ field in ‘About this Report’ section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA. 2021-01-29 not yet calculated CVE-2020-24669
MISC
MISC hitachi — vantara_pentaho The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘type’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. 2021-01-29 not yet calculated CVE-2020-24670
MISC
MISC hitachi — vantara_pentaho
  The Dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA 2021-01-29 not yet calculated CVE-2020-24665
MISC
MISC hitachi — vantara_pentaho
  The Analysis Report in Hitachi Vantara Pentaho through 7.x – 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘Display Name’ parameter. Remediated in >= 9.1.0.1 2021-01-29 not yet calculated CVE-2020-24666
MISC
MISC hitachi — vantara_pentaho
  The dashboard Editor in Hitachi Vantara Pentaho through 7.x – 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the ‘pho:title’ attribute of ‘dashboardXml’ parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA. 2021-01-29 not yet calculated CVE-2020-24664
MISC
MISC home_assistant — home_assistant
  ** DISPUTED ** Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor’s perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation. 2021-01-26 not yet calculated CVE-2021-3152
CONFIRM
MISC htcondor — condor_credd
  condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root. 2021-01-27 not yet calculated CVE-2021-25311
MISC htcondor — htcondor HTCondor before 8.9.11 allows a user to submit a job as another user on the system, because of a flaw in the IDTOKENS authentication method. 2021-01-27 not yet calculated CVE-2021-25312
MISC ibm — infosphere_information_server
  ** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-01-26 not yet calculated CVE-2020-27583
MISC ibm — mq
  IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509. 2021-01-28 not yet calculated CVE-2020-4682
XF
CONFIRM ibm — qradar_siem IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912. 2021-01-28 not yet calculated CVE-2020-4888
XF
CONFIRM ibm — qradar_siem
  IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224. 2021-01-27 not yet calculated CVE-2020-4787
XF
CONFIRM ibm — qradar_siem
  IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302. 2021-01-27 not yet calculated CVE-2020-4789
XF
CONFIRM ibm — qradar_siem
  IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221. 2021-01-27 not yet calculated CVE-2020-4786
XF
CONFIRM ide_atapi_cmd_reply_end — ide_atapi_cmd_reply_end
  ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. 2021-01-26 not yet calculated CVE-2020-29443
MISC
MISC im — im
  An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur. 2021-01-26 not yet calculated CVE-2020-36204
MISC iniparserjs — iniparserjs
  This affects all versions of package iniparserjs. This vulnerability relates when ini_parser.js is concentrating arrays. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. 2021-01-29 not yet calculated CVE-2021-23328
MISC
MISC istio_pilot — istio_pilot
  A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application). 2021-01-29 not yet calculated CVE-2019-25014
MISC
MISC jenkins — jenkins
  Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. 2021-01-26 not yet calculated CVE-2021-21615
MLIST
CONFIRM jp2_ decode — jp2_decode
  jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. 2021-01-27 not yet calculated CVE-2021-3272
MISC jxbrowser — ti_code_composer_studio_ide
  jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS. 2021-01-26 not yet calculated CVE-2021-3285
MISC klog — klog_server
  KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter. 2021-01-26 not yet calculated CVE-2021-3317
MISC late-static — late-static
  An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur. 2021-01-26 not yet calculated CVE-2020-36209
MISC lazy-init — lazy-init
  An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race. 2021-01-26 not yet calculated CVE-2021-25901
MISC libgcrypt — libgcrypt
  _gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 has a heap-based buffer overflow when the digest final function sets a large count value. 2021-01-29 not yet calculated CVE-2021-3345
MISC
MISC
MISC
MISC
MISC linux — linux_kernel
  A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. 2021-01-26 not yet calculated CVE-2020-35513
MISC
MISC linux — linux_kernel
  An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. 2021-01-29 not yet calculated CVE-2021-3347
MLIST
MLIST
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC local_service — search_engine_management
  Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page. 2021-01-26 not yet calculated CVE-2021-3278
MISC
MISC logstorage — logstorage
  Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file. 2021-01-28 not yet calculated CVE-2020-5626
MISC
MISC m&m_software — fdtcontainer_component
  M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. 2021-01-22 not yet calculated CVE-2020-12525
CONFIRM
MISC madcodehook — madcodehook
  A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions. 2021-01-30 not yet calculated CVE-2020-14418
MISC
MISC marc_crate — marc_crate
  An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness. 2021-01-29 not yet calculated CVE-2021-26308
MISC matrikon — opc_ua_tunneller
  The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233). 2021-01-26 not yet calculated CVE-2020-27297
MISC matrikon — opc_ua_tunneller
  The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233). 2021-01-26 not yet calculated CVE-2020-27299
MISC matrikon — opc_ua_tunneller
  The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). 2021-01-26 not yet calculated CVE-2020-27295
MISC matrikon — opc_ua_tunneller
  Some parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). 2021-01-26 not yet calculated CVE-2020-27274
MISC mautic — mautic
  A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads. 2021-01-28 not yet calculated CVE-2020-35124
MISC
MISC
MISC
MISC may_queue — may_queue
  An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur. 2021-01-26 not yet calculated CVE-2020-36217
MISC mediawiki — mediawiki
  The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack. 2021-01-29 not yet calculated CVE-2020-29004
MISC
CONFIRM
MISC mediawiki — mediawiki
  The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure. 2021-01-29 not yet calculated CVE-2020-29005
MISC
MISC melfa — fr_series_controllers
  Resource management errors vulnerability in a robot controller of MELFA FR Series(controller “CR800-*V*D” of RV-*FR***-D-* all versions, controller “CR800-*HD” of RH-*FRH***-D-* all versions, controller “CR800-*HRD” of RH-*FRHR***-D-* all versions, controller “CR800-*V*R with R16RTCPU” of RV-*FR***-R-* all versions, controller “CR800-*HR with R16RTCPU” of RH-*FRH***-R-* all versions, controller “CR800-*HRR with R16RTCPU” of RH-*FRHR***-R-* all versions, controller “CR800-*V*Q with Q172DSRCPU” of RV-*FR***-Q-* all versions, controller “CR800-*HQ with Q172DSRCPU” of RH-*FRH***-Q-* all versions, controller “CR800-*HRQ with Q172DSRCPU” of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller “CR800-CVD” of RV-8CRL-D-* all versions, controller “CR800-CHD” of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller “CR800-05VD” of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs. 2021-01-29 not yet calculated CVE-2021-20586
MISC micrium — uchttp
  A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. 2021-01-26 not yet calculated CVE-2020-13582
MISC microsoft — windows
  Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected. 2021-01-26 not yet calculated CVE-2021-22159
MISC
MISC mitel — businesscti_enterprise_client_for_windows
  The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data. 2021-01-29 not yet calculated CVE-2021-3176
MISC
CONFIRM mitel — micollab
  A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. 2021-01-29 not yet calculated CVE-2020-35547
MISC
CONFIRM monitorix — monitorix
  Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced without considering that some exiting installations became unsafe, upon an update to 3.13.0, unless the new feature was immediately configured. 2021-01-27 not yet calculated CVE-2021-3325
MISC
MISC
MISC
CONFIRM moodle — moodle It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. 2021-01-28 not yet calculated CVE-2021-20184
MISC moodle — moodle It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. 2021-01-28 not yet calculated CVE-2021-20187
MISC moodle — moodle
  It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. 2021-01-28 not yet calculated CVE-2021-20183
MISC moodle — moodle
  It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages. 2021-01-28 not yet calculated CVE-2021-20185
MISC moodle — moodle
  It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS. 2021-01-28 not yet calculated CVE-2021-20186
MISC multiqueue2 — multiqueue2
  An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur. 2021-01-26 not yet calculated CVE-2020-36214
MISC mybb — mybb
  The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit. 2021-01-28 not yet calculated CVE-2021-3337
MISC
MISC nagios — docker_config_wizard
  Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user. 2021-01-26 not yet calculated CVE-2021-3193
MISC newbee-mall — newbee-mall
  newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID. 2021-01-26 not yet calculated CVE-2020-23449
MISC newbee-mall — newbee-mall
  newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system’s background /admin is in code AdminLoginInterceptor, which can be bypassed. 2021-01-26 not yet calculated CVE-2020-23448
MISC nextcloud — nextcloud_server
  A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. 2021-01-26 not yet calculated CVE-2020-8293
MISC
MISC nextcloud — nextcloud_server
  A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. 2021-01-26 not yet calculated CVE-2020-8295
MISC
MISC nibbleblog — nibbleblog
  dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. 2021-01-27 not yet calculated CVE-2020-23356
MISC nim — nim
  In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. 2021-01-30 not yet calculated CVE-2020-15690
MISC
CONFIRM node-red-contrib-huemagic — node-red-contrib-huemagic
  node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file. 2021-01-26 not yet calculated CVE-2021-25864
MISC nutch — dmozparser
  An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18. 2021-01-25 not yet calculated CVE-2021-23901
CONFIRM
CONFIRM
MLIST
MLIST nvidia — multiple_products
  NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure. 2021-01-26 not yet calculated CVE-2021-1071
CONFIRM nvidia — multiple_products
  NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an unprivileged user being able to modify system device tree files, leading to denial of service. 2021-01-26 not yet calculated CVE-2021-1070
CONFIRM octopusdsc — octopusdsc
  OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002. 2021-01-22 not yet calculated CVE-2021-21270
MISC
MISC
MISC
CONFIRM oncommand — unified_manager_core_package
  OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink). 2021-01-28 not yet calculated CVE-2020-8585
MISC
CONFIRM online_news_portal — online_news_portal
  Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML via the “Title” parameter. 2021-01-26 not yet calculated CVE-2020-29241
MISC onlyoffice — document_server
  Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter. 2021-01-26 not yet calculated CVE-2021-3199
MISC
CONFIRM open5gs — open5gs
  Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. 2021-01-26 not yet calculated CVE-2021-25863
MISC openemr — openemr
  A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability. 2021-01-28 not yet calculated CVE-2020-13569
MISC openjpeg2 — openjpeg2
  A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. 2021-01-26 not yet calculated CVE-2020-27814
MISC
MISC
GENTOO openmaint — openmaint
  openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server. 2021-01-26 not yet calculated CVE-2020-24549
MISC
MISC opensolution — quick
  OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab. 2021-01-28 not yet calculated CVE-2020-35754
MISC
MISC
CONFIRM
MISC oras — oras
  ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a “zip-slip” vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider. 2021-01-25 not yet calculated CVE-2021-21272
MISC
MISC
CONFIRM
MISC oscommerce — oscommerce
  oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php 2021-01-27 not yet calculated CVE-2020-23360
MISC persis — human_resouce_management_portal
  The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the “Recommend job posting” function is enabled, allows XSS via the SENDER parameter. 2021-01-26 not yet calculated CVE-2020-35753
MISC philips — interventional_workspot
  Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. 2021-01-26 not yet calculated CVE-2020-27298
MISC phplist — phplist
  phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. 2021-01-26 not yet calculated CVE-2021-3188
MISC phplist — phplist
  phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. 2021-01-27 not yet calculated CVE-2020-23361
MISC projectsend — projectsend
  reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter). 2021-01-26 not yet calculated CVE-2020-28874
MISC
CONFIRM
MISC
CONFIRM
MISC pyrescom — termod4_time_management_devices
  Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL. 2021-01-26 not yet calculated CVE-2020-23161
MISC
MISC pyrescom — termod4_time_management_devices
  Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials. 2021-01-26 not yet calculated CVE-2020-23162
MISC
MISC qdocs — smart_hospital_management_system
  A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field. 2021-01-26 not yet calculated CVE-2020-36011
MISC
MISC qemu — qemu
  A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. 2021-01-28 not yet calculated CVE-2020-35517
MISC
MISC
MISC
MISC qemu — sdhci_devices
  A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. 2021-01-30 not yet calculated CVE-2020-17380
CONFIRM
CONFIRM raw-cpuid_crate — raw-cpuid_crate
  An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods. 2021-01-29 not yet calculated CVE-2021-26306
MISC raw-cpuid_crate — raw-cpuid_crate
  An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash. 2021-01-29 not yet calculated CVE-2021-26307
MISC redhat — keycloak
  A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. 2021-01-28 not yet calculated CVE-2020-1725
MISC
MISC redhat — keycloak
  The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable. 2021-01-28 not yet calculated CVE-2020-1723
MISC reffers — reffers
  An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption. 2021-01-26 not yet calculated CVE-2020-36203
MISC revive — adserver
  Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulnerability. 2021-01-26 not yet calculated CVE-2021-22871
MISC
FULLDISC
MISC
MISC
MISC
MISC revive — adserver
  Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not automatically URL encode parameters were still vulnerable. 2021-01-26 not yet calculated CVE-2021-22872
MISC
FULLDISC
MISC
MISC
MISC
MISC revive — adserver
  Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability. 2021-01-26 not yet calculated CVE-2021-22873
MISC
FULLDISC
MISC
MISC
MISC riolink — p2p_products
  The affected Reolink P2P products do not sufficiently protect data transferred between the local device and Reolink servers. This can allow an attacker to access sensitive information, such as camera feeds. 2021-01-26 not yet calculated CVE-2020-25169
MISC riolink — p2p_products
  An attacker with local network access can obtain a fixed cryptography key which may allow for further compromise of Reolink P2P cameras outside of local network access 2021-01-26 not yet calculated CVE-2020-25173
MISC rocket.chat — rocket.chat
  The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. 2021-01-26 not yet calculated CVE-2020-8288
MISC
MISC
MISC rostelecom — cs-c2shw Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later. 2021-01-26 not yet calculated CVE-2020-27541
MISC rostelecom — cs-c2shw
  Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code (including network settings). The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command (without any escaping). So bash injection is possible. Camera doesn’t parse QR codes if it’s already successfully configured. Camera is always rebooted after successful configuration via QR code. 2021-01-26 not yet calculated CVE-2020-27542
MISC rostelecom — cs-c2shw
  Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card. 2021-01-26 not yet calculated CVE-2020-27540
MISC rostelecom — cs-c2shw
  Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it. 2021-01-26 not yet calculated CVE-2020-27539
MISC rsshub — rsshub RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use `eval` or `Function constructor`, which may be injected by the target site with unsafe code, causing server-side security issues The fix in version 7f1c430 is to temporarily remove the problematic route and added a `no-new-func` rule to eslint. 2021-01-26 not yet calculated CVE-2021-21278
MISC
CONFIRM
MISC rusb — rusb
  An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. 2021-01-26 not yet calculated CVE-2020-36206
MISC sagemcom — f@st_3686_v2_3.495_devices
  Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI. 2021-01-26 not yet calculated CVE-2021-3304
MISC sangoma — asterisk
  An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. 2021-01-29 not yet calculated CVE-2020-35652
CONFIRM
CONFIRM
MISC
MISC smallvec — smallvec
  An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many. 2021-01-26 not yet calculated CVE-2021-25900
MISC smartagent — smartagent
  SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI. 2021-01-26 not yet calculated CVE-2021-3165
MISC
MISC
MISC spring_cloud — data_flow
  In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. 2021-01-27 not yet calculated CVE-2020-5427
CONFIRM spring_cloud — task
  In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. 2021-01-27 not yet calculated CVE-2020-5428
CONFIRM student_result_management_system — student_result_management_system
  Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. 2021-01-26 not yet calculated CVE-2020-35270
MISC
MISC sudo — sudo
  Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. 2021-01-26 not yet calculated CVE-2021-3156
MISC
MLIST
MLIST
MLIST
FEDORA
FEDORA
GENTOO
CONFIRM
CONFIRM
CISCO
DEBIAN
MISC
CONFIRM tenda — ac5_ac1200
  A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. 2021-01-26 not yet calculated CVE-2021-3186
MISC
MISC tendermint — tendermint_core
  Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine – written in any programming language – and securely replicates it on many machines. Tendermint Core v0.34.0 introduced a new way of handling evidence of misbehavior. As part of this, we added a new Timestamp field to Evidence structs. This timestamp would be calculated using the same algorithm that is used when a block is created and proposed. (This algorithm relies on the timestamp of the last commit from this specific block.) In Tendermint Core v0.34.0-v0.34.2, the consensus reactor is responsible for forming DuplicateVoteEvidence whenever double signs are observed. However, the current block is still “in flight” when it is being formed by the consensus reactor. It hasn’t been finalized through network consensus yet. This means that different nodes in the network may observe different “last commits” when assigning a timestamp to DuplicateVoteEvidence. In turn, different nodes could form DuplicateVoteEvidence objects at the same height but with different timestamps. One DuplicateVoteEvidence object (with one timestamp) will then eventually get finalized in the block, but this means that any DuplicateVoteEvidence with a different timestamp is considered invalid. Any node that formed invalid DuplicateVoteEvidence will continue to propose invalid evidence; its peers may see this, and choose to disconnect from this node. This bug means that double signs are DoS vectors in Tendermint Core v0.34.0-v0.34.2. Tendermint Core v0.34.3 is a security release which fixes this bug. As of v0.34.3, DuplicateVoteEvidence is no longer formed by the consensus reactor; rather, the consensus reactor passes the Votes themselves into the EvidencePool, which is now responsible for forming DuplicateVoteEvidence. The EvidencePool has timestamp info that should be consistent across the network, which means that DuplicateVoteEvidence formed in this reactor should have consistent timestamps. This release changes the API between the consensus and evidence reactors. 2021-01-26 not yet calculated CVE-2021-21271
MISC
MISC
CONFIRM terramaster — terramaster_tos
  TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter. 2021-01-30 not yet calculated CVE-2020-15568
MISC
MISC textpattern — textpattern
  Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. 2021-01-26 not yet calculated CVE-2020-35854
MISC
MISC
MISC tibco — bpm_enterprise_and_bpm_enterprise_distribution
  The Application Development Clients component of TIBCO Software Inc.’s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below. 2021-01-26 not yet calculated CVE-2021-23272
CONFIRM tinycheck — tinycheck TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs. 2021-01-26 not yet calculated CVE-2020-36200
MISC tinycheck — tinycheck
  TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. 2021-01-26 not yet calculated CVE-2020-36199
MISC tm_mobile_solutions — testes_de_codigo
  Mobile application “Testes de Codigo” v11.3 and prior allows stored XSS by injecting a payload in the “feedback” message field causing it to be stored in the remote database and leading to its execution on client devices when loading the “feedback list”, either by accessing the website directly or using the mobile application. 2021-01-28 not yet calculated CVE-2021-25647
MISC tp-link — tl-wr841N_v13
  A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. 2021-01-26 not yet calculated CVE-2020-35576
MISC
MISC trendmicro — serverprotect
  A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-01-27 not yet calculated CVE-2021-25225
N/A
N/A trendmicro — serverprotect
  A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-01-27 not yet calculated CVE-2021-25224
N/A
N/A trendmicro — serverprotect
  A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2021-01-27 not yet calculated CVE-2021-25226
N/A
N/A trendmirco — housecall_for_home_networks
  A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. An attacker must already have user privileges on the machine to exploit this vulnerability. 2021-01-27 not yet calculated CVE-2021-25247
N/A va-ts — va-ts
  An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur. 2021-01-26 not yet calculated CVE-2020-36220
MISC vis-timeline — vis-timeline
  This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application. 2021-01-22 not yet calculated CVE-2020-28487
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM webid — webid
  WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. 2021-01-27 not yet calculated CVE-2020-23359
MISC wekan — wekan
  packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, 2021-01-26 not yet calculated CVE-2021-3309
MISC
MISC
MISC wing_ftp — wing_ftp
  An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user’s browser. 2021-01-26 not yet calculated CVE-2020-27735
MISC
MISC winmail — winmail
  A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header ‘HOST’ value to cause the server to send the request. 2021-01-26 not yet calculated CVE-2020-23776
MISC winmail — winmail
  A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. 2021-01-26 not yet calculated CVE-2020-23774
MISC winscp — winscp
  WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.) 2021-01-27 not yet calculated CVE-2021-3331
MISC
MISC
MISC
MISC wolfssl — tls13.c
  DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). 2021-01-29 not yet calculated CVE-2021-3336
MISC xcb — xcb
  An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur. 2021-01-26 not yet calculated CVE-2020-36205
MISC xen — xen
  An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host. 2021-01-26 not yet calculated CVE-2021-3308
MLIST
MISC
FEDORA xerox — workcentre_products
  An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices. 2021-01-26 not yet calculated CVE-2020-36201
MISC yale — wipc-303w_cameras
  ** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. NOTE: This may be a duplicate of CVE-2020-10176 . 2021-01-26 not yet calculated CVE-2020-23826
MISC z-blogphp — valyria
  Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values. 2021-01-27 not yet calculated CVE-2020-23352
MISC zen — cart
  Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. 2021-01-26 not yet calculated CVE-2021-3291
MISC ziv_automation — 4cct-ea6-334126bf
  Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user. 2021-01-29 not yet calculated CVE-2021-25910
CONFIRM ziv_automation — 4cct-ea6-334126bf
  ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919. 2021-01-29 not yet calculated CVE-2021-25909
CONFIRM zte — multiple_products
  Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12. 2021-01-26 not yet calculated CVE-2021-21723
MISC zyxel — nbg2105
  On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. 2021-01-26 not yet calculated CVE-2021-3297
MISC
MISC
MISC

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

The Next Cyberattack Is Already Under Way

Mon Feb 1 , 2021
In the nightmare, sirens caterwaul as ambulances career down ice-slicked, car-crashed streets whose traffic lights flash all three colors at once (they’ve been hacked by North Korea) during a climate-catastrophic blizzard, bringing pandemic patients to hospitals without water or electricity—pitch-black, all vaccinations and medications spoiled (the power grid has been […]