Vulnerability Summary for the Week of February 1, 2021


huawei — multiple_products There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods. 2021-02-06 not yet calculated CVE-2021-22300
CONFIRM allen-bradley — flex_io_1794-aent/b
  An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. 2021-02-04 not yet calculated CVE-2020-6088
MISC angular — angular
  angular-expressions is “angular’s nicest part extracted as a standalone module for the browser and node”. In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call “expressions.compile(userControlledInput)” where “userControlledInput” is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a “.constructor.constructor” technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput. 2021-02-01 not yet calculated CVE-2021-21277
MISC
MISC
CONFIRM
MISC asuswrt — asus_rt-ax3000_firmware
  Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions allows an attacker to disrupt the use of device setup services via continuous login error. 2021-02-05 not yet calculated CVE-2021-3229
MISC
MISC
MISC bitcoin — core
  Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states “I believe that this vulnerability cannot actually be exploited.” 2021-02-04 not yet calculated CVE-2021-3401
MISC
MISC blaze — blaze
  Http4s (http4s-blaze-server) is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its selector pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. http4s provides a general “MaxActiveRequests” middleware mechanism for limiting open connections, but it is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. In 0.21.17, 0.22.0-M2, and 1.0.0-M14, a new “maxConnections” property, with a default value of 1024, has been added to the `BlazeServerBuilder`. Setting the value to a negative number restores unbounded behavior, but is strongly disrecommended. The NIO2 backend does not respect `maxConnections`. Its use is now deprecated in http4s-0.21, and the option is removed altogether starting in http4s-0.22. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xhv5-w9c5-2r2w. 2021-02-02 not yet calculated CVE-2021-21294
MISC
MISC
CONFIRM blaze — blaze
  blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a dedicated thread pool. This has the net effect of amplifying degradation in services that are unable to handle their current request load, since incoming connections are still accepted and added to an unbounded queue. Each connection allocates a socket handle, which drains a scarce OS resource. This can also confound higher level circuit breakers which work based on detecting failed connections. The vast majority of affected users are using it as part of http4s-blaze-server <= 0.21.16. http4s provides a mechanism for limiting open connections, but is enforced inside the Blaze accept loop, after the connection is accepted and the socket opened. Thus, the limit only prevents the number of connections which can be simultaneously processed, not the number of connections which can be held open. The issue is fixed in version 0.14.15 for “NIO1SocketServerGroup”. A “maxConnections” parameter is added, with a default value of 512. Concurrent connections beyond this limit are rejected. To run unbounded, which is not recommended, set a negative number. The “NIO2SocketServerGroup” has no such setting and is now deprecated. There are several possible workarounds described in the refrenced GitHub Advisory GHSA-xmw9-q7x9-j5qc. 2021-02-02 not yet calculated CVE-2021-21293
MISC
CONFIRM
MISC cisco — 8000_series_routers
  A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root. 2021-02-04 not yet calculated CVE-2021-1370
CISCO cisco — ios_xr_software
  A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests. 2021-02-04 not yet calculated CVE-2021-1243
CISCO cisco — ios_xr_software
  A vulnerability in the IPv6 protocol handling of the management interfaces of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause an IPv6 flood on the management interface network of an affected device. The vulnerability exists because the software incorrectly forwards IPv6 packets that have an IPv6 node-local multicast group address destination and are received on the management interfaces. An attacker could exploit this vulnerability by connecting to the same network as the management interfaces and injecting IPv6 packets that have an IPv6 node-local multicast group address destination. A successful exploit could allow the attacker to cause an IPv6 flood on the corresponding network. Depending on the number of Cisco IOS XR Software nodes on that network segment, exploitation could cause excessive network traffic, resulting in network degradation or a denial of service (DoS) condition. 2021-02-04 not yet calculated CVE-2021-1268
CISCO cisco — ios_xr_software
  Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-02-04 not yet calculated CVE-2021-1288
CISCO cisco — ios_xr_software
  Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-02-04 not yet calculated CVE-2021-1313
CISCO cisco — ios_xr_software
  A vulnerability in the IPv6 traffic processing of Cisco IOS XR Software and Cisco NX-OS Software for certain Cisco devices could allow an unauthenticated, remote attacker to bypass an IPv6 access control list (ACL) that is configured for an interface of an affected device. The vulnerability is due to improper processing of IPv6 traffic that is sent through an affected device. An attacker could exploit this vulnerability by sending crafted IPv6 packets that traverse the affected device. A successful exploit could allow the attacker to access resources that would typically be protected by the interface ACL. 2021-02-04 not yet calculated CVE-2021-1389
CISCO cisco — ios_xr_software
  A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. 2021-02-04 not yet calculated CVE-2021-1128
CISCO cisco — managed_services_accelerator
  A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2021-02-04 not yet calculated CVE-2021-1266
CISCO cisco — multiple_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. 2021-02-04 not yet calculated CVE-2021-1297
CISCO cisco — multiple_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-02-04 not yet calculated CVE-2021-1295
CISCO cisco — multiple_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-02-04 not yet calculated CVE-2021-1291
CISCO cisco — multiple_small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-02-04 not yet calculated CVE-2021-1290
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 2021-02-04 not yet calculated CVE-2021-1315
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 2021-02-04 not yet calculated CVE-2021-1314
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 2021-02-04 not yet calculated CVE-2021-1316
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. 2021-02-04 not yet calculated CVE-2021-1296
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-02-04 not yet calculated CVE-2021-1294
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-02-04 not yet calculated CVE-2021-1292
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-02-04 not yet calculated CVE-2021-1289
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 2021-02-04 not yet calculated CVE-2021-1317
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on an affected device. 2021-02-04 not yet calculated CVE-2021-1318
CISCO cisco — multiple_small_business_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. 2021-02-04 not yet calculated CVE-2021-1293
CISCO cisco — network_convergence_system_540_series_routers
  Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-02-04 not yet calculated CVE-2021-1244
CISCO cisco — network_convergence_system_540_series_routers
  Multiple vulnerabilities in Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers could allow an authenticated, local attacker to execute unsigned code during the boot process on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2021-02-04 not yet calculated CVE-2021-1136
CISCO cisco — unified_computing_system
  A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data. 2021-02-04 not yet calculated CVE-2021-1354
CISCO cisco — webex_meetings_and_webex_meetings_server_software
  A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link. 2021-02-04 not yet calculated CVE-2021-1221
CISCO clustered_data — ontap Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs). 2021-02-03 not yet calculated CVE-2020-8588
CONFIRM clustered_data — ontap
  Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the names of other Storage Virtual Machines (SVMs) and filenames on those SVMs. 2021-02-03 not yet calculated CVE-2020-8589
CONFIRM com.squareup:connet — com.squareup:connet
  This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r–r– on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version. 2021-02-03 not yet calculated CVE-2021-23331
CONFIRM
CONFIRM docker — docker In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the –userns-remap option in which access to remapped root allows privilege escalation to real root. When using “–userns-remap”, if the root user in the remapped namespace has access to the host filesystem they can modify files under “/var/lib/docker/<remapping>” that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. 2021-02-02 not yet calculated CVE-2021-21284
MISC
MISC
MISC
MISC
CONFIRM docker — docker In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. 2021-02-02 not yet calculated CVE-2021-21285
MISC
MISC
MISC
MISC
CONFIRM eclipse — californium
  In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS. 2021-02-03 not yet calculated CVE-2020-27222
CONFIRM electric_coin_company — zcashd
  Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. 2021-02-05 not yet calculated CVE-2020-8806
MISC electric_coin_company — zcashd
  In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim’s address and an IP address, aka a timing side channel. 2021-02-05 not yet calculated CVE-2020-8807
MISC elliptic — elliptic
  The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed. 2021-02-02 not yet calculated CVE-2020-28498
MISC
CONFIRM
CONFIRM
MISC epikur — epikur
  An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password’s MD5 hash stored in the database. It is also compared to a second MD5 hash, which is the same for every user (aka a “Backdoor Password” of 3p1kursupport). If the submitted password matches either one, access is granted. 2021-02-05 not yet calculated CVE-2020-10539
MISC epikur — epikur
  An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account. 2021-02-05 not yet calculated CVE-2020-10537
MISC epikur — epikur
  An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes. Additionally, since no salt is used, rainbow tables can speed up the attack. 2021-02-05 not yet calculated CVE-2020-10538
MISC epson — iprojection
  In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected. 2021-02-05 not yet calculated CVE-2020-9014
MISC
MISC
MISC epson — iprojection
  In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU. 2021-02-05 not yet calculated CVE-2020-9453
MISC
MISC
MISC freediskspace — freediskspace
  This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js. 2021-02-02 not yet calculated CVE-2020-7775
MISC gitea — gitea
  Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. 2021-02-05 not yet calculated CVE-2021-3382
MISC gnome — evolution
  ** DISPUTED ** GNOME Evolution through 3.38.3 produces a “Valid signature” message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior. 2021-02-01 not yet calculated CVE-2021-3349
MISC
MISC
MISC gnome — multiple_products
  autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file’s parent is a symlink to a directory outside of the intended extraction location. 2021-02-05 not yet calculated CVE-2020-36241
MISC
MISC harbor — harbor
  In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. 2021-02-02 not yet calculated CVE-2020-29662
MISC hcl — digital_experience
  HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. 2021-02-02 not yet calculated CVE-2020-14255
CONFIRM hcl — digital_experience
  HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. 2021-02-02 not yet calculated CVE-2020-14221
CONFIRM hcl — digital_experience
  In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting (XSS). 2021-02-02 not yet calculated CVE-2020-4081
CONFIRM hcl — onetest_ui
  HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources. 2021-02-04 not yet calculated CVE-2020-14245
MISC helm — helm
  Helm is open-source software which is essentially “The Kubernetes Package Manager”. Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted sources was not properly sanitized. When a SemVer in the `version` field of a chart is invalid, in some cases Helm allows the string to be used “as is” without sanitizing. Helm fails to properly sanitized some fields present on Helm repository `index.yaml` files. Helm does not properly sanitized some fields in the `plugin.yaml` file for plugins In some cases, Helm does not properly sanitize the fields in the `Chart.yaml` file. By exploiting these attack vectors, core maintainers were able to send deceptive information to a terminal screen running the `helm` command, as well as obscure or alter information on the screen. In some cases, we could send codes that terminals used to execute higher-order logic, like clearing a terminal screen. Further, during evaluation, the Helm maintainers discovered a few other fields that were not properly sanitized when read out of repository index files. This fix remedies all such cases, and once again enforces SemVer2 policies on version fields. All users of the Helm 3 should upgrade to the fixed version 3.5.2 or later. Those who use Helm as a library should verify that they either sanitize this data on their own, or use the proper Helm API calls to sanitize the data. 2021-02-05 not yet calculated CVE-2021-21303
MISC
MISC
CONFIRM huawei — gauess100
  There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090. 2021-02-06 not yet calculated CVE-2021-22298
CONFIRM huawei — manageone
  There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. 2021-02-06 not yet calculated CVE-2020-9205
CONFIRM huawei — mate_30 There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module. 2021-02-06 not yet calculated CVE-2021-22307
CONFIRM huawei — mate_30
  Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permission, an attacker can exploit the vulnerability to cause buffer overflow. 2021-02-06 not yet calculated CVE-2021-22301
CONFIRM huawei — mate_30
  There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service. 2021-02-06 not yet calculated CVE-2021-22306
CONFIRM huawei — mate_30
  There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service. 2021-02-06 not yet calculated CVE-2021-22305
CONFIRM huawei — multiple_products
  There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due to a design defect, remote unauthorized attackers send a large number of specific messages to affected devices, causing system resource exhaustion and web application DoS. 2021-02-06 not yet calculated CVE-2021-22292
CONFIRM huawei — multiple_products
  Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1). 2021-02-06 not yet calculated CVE-2021-22293
CONFIRM huawei — multiple_products
  There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Affected product versions include: ManageOne versions 6.5.0,6.5.0.SPC100.B210,6.5.1.1.B010,6.5.1.1.B020,6.5.1.1.B030,6.5.1.1.B040,6.5.1.SPC100.B050,6.5.1.SPC101.B010,6.5.1.SPC101.B040,6.5.1.SPC200,6.5.1.SPC200.B010,6.5.1.SPC200.B030,6.5.1.SPC200.B040,6.5.1.SPC200.B050,6.5.1.SPC200.B060,6.5.1.SPC200.B070,6.5.1RC1.B060,6.5.1RC2.B020,6.5.1RC2.B030,6.5.1RC2.B040,6.5.1RC2.B050,6.5.1RC2.B060,6.5.1RC2.B070,6.5.1RC2.B080,6.5.1RC2.B090,6.5.RC2.B050,8.0.0,8.0.0-LCND81,8.0.0.SPC100,8.0.1,8.0.RC2,8.0.RC3,8.0.RC3.B041,8.0.RC3.SPC100; NFV_FusionSphere versions 6.5.1.SPC23,8.0.0.SPC12; SMC2.0 versions V600R019C00,V600R019C10; iMaster MAE-M versions MAE-TOOL(FusionSphereBasicTemplate_Euler_X86)V100R020C10SPC220. 2021-02-06 not yet calculated CVE-2021-22299
CONFIRM huawei — sound_x_product
  There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package’s integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00). 2021-02-06 not yet calculated CVE-2020-9118
CONFIRM huawei — taurus-al00a_smartphones There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service. 2021-02-06 not yet calculated CVE-2021-22304
CONFIRM huawei — taurus-al00a_smartphones
  There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service. 2021-02-06 not yet calculated CVE-2021-22302
MISC huawei — taurus-al00a_smartphones
  There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service. 2021-02-06 not yet calculated CVE-2021-22303
CONFIRM ibm — powerha
  IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969. 2021-02-05 not yet calculated CVE-2020-4832
XF
CONFIRM imagemagik — magikcore/gem
  A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-56. 2021-02-06 not yet calculated CVE-2021-20176
MISC intel — bluez
  Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ. 2021-02-02 not yet calculated CVE-2020-24490
CONFIRM intel — celeron_processor_4000_series
  Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 Series Processors may allow an unauthenticated user to potentially enable elevation of privilege or denial of service via local access. 2021-02-02 not yet calculated CVE-2020-8672
CONFIRM iobit — advanced_systemcare
  The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected. 2021-02-05 not yet calculated CVE-2020-10234
MISC
MISC
MISC jenzabar — jenzabar
  Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. 2021-02-06 not yet calculated CVE-2021-26723
MISC
MISC jetbrains — code_with_me
  In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. 2021-02-03 not yet calculated CVE-2021-25755
MISC
MISC jetbrains — hub
  In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other user. 2021-02-03 not yet calculated CVE-2021-25759
MISC
MISC jetbrains — ktor
  In JetBrains Ktor before 1.5.0, a birthday attack on SessionStorage key was possible. 2021-02-03 not yet calculated CVE-2021-25761
MISC
MISC jetbrains — ktor
  In JetBrains Ktor before 1.4.3, HTTP Request Smuggling was possible. 2021-02-03 not yet calculated CVE-2021-25762
MISC
MISC jetbrains — youtrack
  In JetBrains YouTrack before 2020.4.4701, improper resource access checks were made. 2021-02-03 not yet calculated CVE-2021-25766
MISC
MISC lg — multiple_mobile_devices
  An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021). 2021-02-04 not yet calculated CVE-2021-26687
MISC lg — wing_mobile_devices
  An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021). 2021-02-04 not yet calculated CVE-2021-26688
MISC linkedin — oncall
  LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the “No results found for” message in the search bar. 2021-02-05 not yet calculated CVE-2021-26722
MISC linux — linux_kernel
  A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. 2021-02-05 not yet calculated CVE-2021-26708
MLIST
MISC
MISC
MISC loklak — loklak
  loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, a path traversal vulnerability exists. Insufficient input validation in the APIs exposed by the loklak server allowed a directory traversal vulnerability. Any admin configuration and files readable by the app available on the hosted file system can be retrieved by the attacker. Furthermore, user-controlled content could be written to any admin config and files readable by the application. This has been patched in commit 50dd692. Users will need to upgrade their hosted instances of loklak to not be vulnerable to this exploit. 2021-02-02 not yet calculated CVE-2020-15097
MISC
CONFIRM max_secure — max_spyware_detector
  In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.) 2021-02-05 not yet calculated CVE-2020-12122
MISC
MISC
MISC mechanize — mechanize
  Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes’ methods which implicitly use Ruby’s Kernel.open method. Exploitation is possible only if untrusted input is used as a local filename and passed to any of these calls: Mechanize::CookieJar#load, Mechanize::CookieJar#save_as, Mechanize#download, Mechanize::Download#save, Mechanize::File#save, and Mechanize::FileResponse#read_body. This is fixed in version 2.7.7. 2021-02-02 not yet calculated CVE-2021-21289
MISC
MISC
CONFIRM
MISC micro_focus — application_performance_management
  Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. 2021-02-06 not yet calculated CVE-2021-22499
CONFIRM micro_focus — application_performance_management
  Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker’s choosing. 2021-02-06 not yet calculated CVE-2021-22500
CONFIRM nessus — ami
  Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. 2021-02-06 not yet calculated CVE-2020-5812
MISC netgear — r7450_routers
  This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559. 2021-02-04 not yet calculated CVE-2020-27873
N/A
N/A netgear — r7450_routers
  This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. 2021-02-04 not yet calculated CVE-2020-27872
N/A
N/A new_media — smarty
  An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product. 2021-02-05 not yet calculated CVE-2020-10375
MISC
MISC npm — npm
  This affects all versions of package decal. The vulnerability is in the extend function. 2021-02-04 not yet calculated CVE-2020-28450
MISC
MISC
MISC npm — npm
  This affects all versions of package decal. The vulnerability is in the set function. 2021-02-04 not yet calculated CVE-2020-28449
MISC
MISC
MISC nvidia — geforce_experience
  NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service. 2021-02-05 not yet calculated CVE-2021-1072
CONFIRM oauth2_proxy — oauth2_proxy
  OAuth2 Proxy is an open-source reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. In OAuth2 Proxy before version 7.0.0, for users that use the whitelist domain feature, a domain that ended in a similar way to the intended domain could have been allowed as a redirect. For example, if a whitelist domain was configured for “.example.com”, the intention is that subdomains of example.com are allowed. Instead, “example.com” and “badexample.com” could also match. This is fixed in version 7.0.0 onwards. As a workaround, one can disable the whitelist domain feature and run separate OAuth2 Proxy instances for each subdomain. 2021-02-02 not yet calculated CVE-2021-21291
MISC
MISC
CONFIRM
MISC october — october
  An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker. 2021-02-05 not yet calculated CVE-2021-3311
CONFIRM
MISC opmantek — open-audit
  Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link. 2021-02-05 not yet calculated CVE-2021-3333
MISC oppo — android_phone_with_mtk_chipset
  OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no. 2021-02-06 not yet calculated CVE-2020-11836
MISC pdf2json — pdf2json
  Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file. 2021-02-05 not yet calculated CVE-2020-18750
CONFIRM
MISC podman — podman
  Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards. 2021-02-02 not yet calculated CVE-2021-20199
MISC
MISC
MISC
MISC polr — polr
  Polr is an open source URL shortener. in Polr before version 2.3.0, a vulnerability in the setup process allows attackers to gain admin access to site instances, even if they do not possess an existing account. This vulnerability exists regardless of users’ settings. If an attacker crafts a request with specific cookie headers to the /setup/finish endpoint, they may be able to obtain admin privileges on the instance. This is caused by a loose comparison (==) in SetupController that is susceptible to attack. The project has been patched to ensure that a strict comparison (===) is used to verify the setup key, and that /setup/finish verifies that no users table exists before performing any migrations or provisioning any new accounts. This is fixed in version 2.3.0. Users can patch this vulnerability without upgrading by adding abort(404) to the very first line of finishSetup in SetupController.php. 2021-02-01 not yet calculated CVE-2021-21276
MISC
MISC
CONFIRM pretashop — opart_devis
  An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user’s invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields. 2021-02-04 not yet calculated CVE-2020-16194
MISC psyprax — psyprax
  An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well. 2021-02-05 not yet calculated CVE-2020-10552
MISC psyprax — psyprax
  An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file. 2021-02-05 not yet calculated CVE-2020-10553
MISC psyprax — psyprax
  An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM. 2021-02-05 not yet calculated CVE-2020-10554
MISC question2answer — q2a
  Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution. 2021-02-05 not yet calculated CVE-2021-3258
MISC
MISC
MISC realtek — rtl8195a_wi-fi_module The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network’s PSK. 2021-02-03 not yet calculated CVE-2020-25857
CONFIRM realtek — rtl8195a_wi-fi_module
  The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this. 2021-02-03 not yet calculated CVE-2020-25855
CONFIRM realtek — rtl8195a_wi-fi_module
  The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network’s PSK. 2021-02-03 not yet calculated CVE-2020-25853
CONFIRM realtek — rtl8195a_wi-fi_module
  The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this. 2021-02-03 not yet calculated CVE-2020-25856
CONFIRM realtek — rtl8195a_wi-fi_module
  The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network’s PSK in order to exploit this. 2021-02-03 not yet calculated CVE-2020-25854
CONFIRM red_hat — red_hat
  A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. 2021-02-06 not yet calculated CVE-2020-14312
MISC redwood — report2web
  A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. 2021-02-05 not yet calculated CVE-2021-26710
MISC redwood — report2web
  A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter. 2021-02-05 not yet calculated CVE-2021-26711
MISC softmaker — office_planmaker
  An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. 2021-02-04 not yet calculated CVE-2020-13579
MISC softmaker — office_planmaker
  A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2021-02-04 not yet calculated CVE-2020-13586
MISC softmaker — office_planmaker
  A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). 2021-02-04 not yet calculated CVE-2020-27249
MISC softmaker — office_planmaker
  A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). 2021-02-04 not yet calculated CVE-2020-27248
MISC softmaker — office_planmaker
  A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). 2021-02-04 not yet calculated CVE-2020-27247
MISC softmaker — office_planmaker
  An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. 2021-02-04 not yet calculated CVE-2020-13580
MISC solarwinds — orion_platform SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database. 2021-02-03 not yet calculated CVE-2021-25275
MISC solarwinds — orion_platform
  The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn’t set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem. 2021-02-03 not yet calculated CVE-2021-25274
MISC solarwinds — serv-u In SolarWinds Serv-U before 15.2.2 Hotfix 1, there is a directory containing user profile files (that include users’ password hashes) that is world readable and writable. An unprivileged Windows user (having access to the server’s filesystem) can add an FTP user by copying a valid profile file to this directory. For example, if this profile sets up a user with a C:\ home directory, then the attacker obtains access to read or replace arbitrary files with LocalSystem privileges. 2021-02-03 not yet calculated CVE-2021-25276
MISC sonicwall — sslvpn_sma100
  A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x. 2021-02-04 not yet calculated CVE-2021-20016
CONFIRM squaredup — squaredup
  CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard. 2021-02-03 not yet calculated CVE-2020-9388
CONFIRM tibco — ebx_web_server
  The TIBCO EBX Web Server component of TIBCO Software Inc.’s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO EBX: versions 5.9.12 and below. 2021-02-02 not yet calculated CVE-2021-23271
CONFIRM
CONFIRM traccar — traccar
  Traccar is an open source GPS tracking system. In Traccar before version 4.12 there is an unquoted Windows binary path vulnerability. Only Windows versions are impacted. Attacker needs write access to the filesystem on the host machine. If Java path includes a space, then attacker can lift their privilege to the same as Traccar service (system). This is fixed in version 4.12. 2021-02-02 not yet calculated CVE-2021-21292
MISC
CONFIRM
MISC trend_micro — antivirus_for_mac_2021
  Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability – i.e. the attacker must already have access to the target system (either legitimately or via another exploit). 2021-02-04 not yet calculated CVE-2021-25227
N/A
N/A trend_micro — apex_one
  An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. 2021-02-04 not yet calculated CVE-2021-25229
N/A
N/A
N/A trend_micro — apex_one
  An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history. 2021-02-04 not yet calculated CVE-2021-25228
N/A
N/A
N/A
N/A trend_micro — worry-free_business_security
  An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. 2021-02-04 not yet calculated CVE-2021-25245
N/A
N/A trend_micro — worry-free_business_security
  An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton. 2021-02-04 not yet calculated CVE-2021-25244
N/A
N/A typora — typora
  An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. 2021-02-05 not yet calculated CVE-2020-18737
MISC video_insight — vms
  Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request. 2021-02-05 not yet calculated CVE-2021-20623
MISC
MISC whatsapp — whatsapp
  A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image. 2021-02-02 not yet calculated CVE-2020-1910
CONFIRM wordpress — wordpress
  Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2021-02-05 not yet calculated CVE-2021-20652
MISC
MISC zoho — manageengine_applications_manager
  doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. 2021-02-05 not yet calculated CVE-2020-35765
MISC
CONFIRM zohocorp — manageengine_remote_access_plus
  Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin – User Administration userMgmt.do?actionToCall=ShowUser screen. 2021-02-03 not yet calculated CVE-2019-16268
MISC
CONFIRM zulipchat — zulip_desktop
  Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler. 2021-02-05 not yet calculated CVE-2020-10858
CONFIRM zulipchat — zulip_desktop
  Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. 2021-02-05 not yet calculated CVE-2020-10857
CONFIRM zzzcms — zzzcms
  SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. 2021-02-05 not yet calculated CVE-2020-18717
MISC

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Tens of Thousands of Patient, Employee Files From 11 US Hospitals Leaked Online

Mon Feb 8 , 2021
Patients and employees from 11 hospitals in the US have had their personal information exposed after hackers reportedly published tens of thousands of records online. The files come from Leon Medical Centers, which runs eight facilities in Florida, and Nocona General Hospital, which has three in Texas. The compromised information […]