This article is contributed. See the original author and article here.

74cms — 74cms
  In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. 2021-02-17 not yet calculated CVE-2020-35339
MISC
MISC activepresenter — activepresenter
  ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial of service (DoS) or arbitrary code execution. 2021-02-15 not yet calculated CVE-2021-3375
MISC agora — video_sdk
  Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic. 2021-02-17 not yet calculated CVE-2020-25605
MISC
MISC alfresco_enterprise — content_management
  An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. 2021-02-19 not yet calculated CVE-2020-12873
MISC
MISC amaze — file_manager
  Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. 2021-02-19 not yet calculated CVE-2020-36246
MISC
MISC apache — airflow
  The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0. 2021-02-17 not yet calculated CVE-2021-26697
MLIST
MLIST
MISC
MLIST
MLIST apache — airflow
  Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. 2021-02-17 not yet calculated CVE-2021-26559
MLIST
MISC
MLIST apache — myfaces
  In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application. 2021-02-19 not yet calculated CVE-2021-26296
FULLDISC
MISC askey — multiple_devices
  Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. 2021-02-19 not yet calculated CVE-2021-27403
MISC askey — multiple_devices
  Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. 2021-02-19 not yet calculated CVE-2021-27404
MISC async-git — async-git
  The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset(‘atouch HACKEDb’) 2021-02-18 not yet calculated CVE-2020-28490
MISC
MISC
MISC atlassian — bitbucket_server_and_data_center
  The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. 2021-02-18 not yet calculated CVE-2020-36233
MISC
CERT-VN baby_care_system — baby_care_system
  Baby Care System v1.0 is vulnerable to SQL injection via the ‘id’ parameter on the contentsectionpage.php page. 2021-02-17 not yet calculated CVE-2021-25779
MISC baby_care_system — baby_care_system
  An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. 2021-02-17 not yet calculated CVE-2021-25780
MISC batflat — batlfat
  ** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user’s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2021-02-15 not yet calculated CVE-2020-35734
MISC
MISC
MISC
MISC bind — multiple_products
  BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND’s default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch 2021-02-17 not yet calculated CVE-2020-8625
MLIST
MLIST
CONFIRM
MLIST
DEBIAN bloodhound — bloodhound
  components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter. 2021-02-19 not yet calculated CVE-2021-3210
MISC
MISC
MISC bolt — bolt
  Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. 2021-02-17 not yet calculated CVE-2021-27367
MISC
MISC canary_mail — canary_mail
  core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. 2021-02-17 not yet calculated CVE-2021-26911
MLIST
MISC
MISC
MISC
CONFIRM
MISC casap — automated_enrollment_system
  The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page. 2021-02-15 not yet calculated CVE-2021-26201
MISC centreon — 19.10-e17
  Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. 2021-02-15 not yet calculated CVE-2020-22425
MISC
MISC chamilo — chamilo
  Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. 2021-02-19 not yet calculated CVE-2021-26746
CONFIRM
MISC
MISC checkmk — checkmk
  Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory. 2021-02-19 not yet calculated CVE-2020-24908
MISC cisco — anyconnect_secure_mobilty_client
  A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. 2021-02-17 not yet calculated CVE-2021-1366
CISCO cisco — csdj
  Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors. 2021-02-17 not yet calculated CVE-2021-20653
MISC
MISC cisco — identity_services_engine Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-02-17 not yet calculated CVE-2021-1416
CISCO cisco — identity_services_engine
  Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory. 2021-02-17 not yet calculated CVE-2021-1412
CISCO cisco — staros A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker to cause an affected device to stop processing traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to a logic error that may occur under specific traffic conditions. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to prevent the targeted service from receiving any traffic, which would lead to a DoS condition on the affected device. 2021-02-17 not yet calculated CVE-2021-1378
CISCO cisco — webex_meetings
  A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2021-02-17 not yet calculated CVE-2021-1351
CISCO cisco — webex_meetings_desktop_app_and_webex_productivity_tools
  A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system. 2021-02-17 not yet calculated CVE-2021-1372
CISCO com.typesafe.akka:akka-http-core — com.typesafe.akka:akka-http-core
  This affects all versions of package com.typesafe.akka:akka-http-core. It allows multiple Transfer-Encoding headers. 2021-02-17 not yet calculated CVE-2021-23339
MISC
MISC d-bus — d-bus
  A use-after-free flaw was found in D-Bus 1.12.20 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors 2021-02-15 not yet calculated CVE-2020-35512
MISC das — u-boot
  The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. 2021-02-17 not yet calculated CVE-2021-27138
MISC
MISC
MISC das — u-boot
  The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. 2021-02-17 not yet calculated CVE-2021-27097
MISC
MISC
MISC debian — avahi_package
  avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. 2021-02-17 not yet calculated CVE-2021-26720
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC dekart — private_disk
  In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing. 2021-02-16 not yet calculated CVE-2021-27203
MISC
MISC dell — emc_avamar_server
  Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attacker could potentially exploit this vulnerability, to gain unauthorized read or modification access to other users’ backup data. 2021-02-15 not yet calculated CVE-2021-21511
CONFIRM dell — emc_powerprotect_cyber_recovery
  Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. 2021-02-19 not yet calculated CVE-2021-21512
MISC digi — connectport_x2e
  Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. 2021-02-18 not yet calculated CVE-2020-12878
MISC
MISC
MISC digium — asterisk
  An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure. 2021-02-18 not yet calculated CVE-2021-26906
MISC
FULLDISC
MISC
CONFIRM
CONFIRM dji — mavic_2_remote_controller
  A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. 2021-02-18 not yet calculated CVE-2020-29664
MISC
MISC
MISC
MISC docsify — docsify
  This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters 2021-02-19 not yet calculated CVE-2021-23342
FULLDISC
MISC
MISC
MISC doctor_appointment_system — doctor_apointment_system
  SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allows an authenticated patient user to dump the database credentials via a SQL injection attack. 2021-02-18 not yet calculated CVE-2021-27124
MISC
MISC
MISC e-learning_system — e-learning_system
  E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell. 2021-02-15 not yet calculated CVE-2021-3239
MISC
MISC
MISC endalia — selection_portal
  In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number). 2021-02-18 not yet calculated CVE-2020-35577
MISC
MISC endian — firewall_community
  Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. 2021-02-15 not yet calculated CVE-2021-27201
MISC
MISC
MISC fedora_project — fedora_33
  The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. 2021-02-15 not yet calculated CVE-2021-23336
MLIST
MISC
MLIST
FEDORA
FEDORA
MISC
MISC filezen — filezen
  FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. 2021-02-17 not yet calculated CVE-2021-20655
MISC
MISC finalwire — aida64_engineer
  Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. 2021-02-19 not yet calculated CVE-2020-19513
EXPLOIT-DB friendica — friendica
  Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names. 2021-02-18 not yet calculated CVE-2021-27329
MISC fuji — electric_v-server_lite
  The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. 2021-02-19 not yet calculated CVE-2020-25171
MISC ge-digital — hmi/scada_ifix
  HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. 2021-02-18 not yet calculated CVE-2019-18255
MISC ge-digital — hmi/scada_ifix
  HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. 2021-02-18 not yet calculated CVE-2019-18243
MISC gerrit — gerrit_servers
  Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above. 2021-02-17 not yet calculated CVE-2021-22553
CONFIRM gnome — glib
  An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. 2021-02-15 not yet calculated CVE-2021-27218
MISC
MISC gnome — glib
  An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. 2021-02-15 not yet calculated CVE-2021-27219
MISC google — android
  The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. 2021-02-19 not yet calculated CVE-2021-27351
MISC gramaddict — gramaddict
  GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network. 2021-02-17 not yet calculated CVE-2020-36245
MISC hestia — control_panel
  Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer’s domain name, leading to spoofing of services or email messages. 2021-02-16 not yet calculated CVE-2021-27231
MISC
MISC hilscher — ethernet/ip_core_v2
  A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery. 2021-02-16 not yet calculated CVE-2021-20987
CONFIRM
CONFIRM hilscher — profinet_io_device_v3
  A Denial of Service vulnerability was found in Hilscher PROFINET IO Device V3 in versions prior to V3.14.0.7. This may lead to unexpected loss of cyclic communication or interruption of acyclic communication. 2021-02-16 not yet calculated CVE-2021-20986
CONFIRM
CONFIRM ibm — jazz_reporting_service
  IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751. 2021-02-18 not yet calculated CVE-2020-4933
XF
CONFIRM ibm — maximo_for_civil_infrastructure
  IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621. 2021-02-18 not yet calculated CVE-2021-20445
XF
CONFIRM ibm — maximo_for_civil_infrastructure
  IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620. 2021-02-18 not yet calculated CVE-2021-20444
XF
CONFIRM ibm — maximo_for_civil_infrastructure
  IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from a source that is outside of the intended control sphere. IBM X-Force ID: 196619. 2021-02-18 not yet calculated CVE-2021-20443
XF
CONFIRM ibm — websphere_application_server
  IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883. 2021-02-18 not yet calculated CVE-2021-20354
XF
CONFIRM intel — 10th_generation_core_processors
  Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. 2021-02-17 not yet calculated CVE-2020-24491
MISC intel — 700-series_ethernet_controllers
  Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24495
MISC intel — 700-series_ethernet_controllers
  Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24493
MISC intel — 700-series_ethernet_controllers
  Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24505
MISC intel — 722_ethernet_controllers
  Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24496
MISC intel — 722_ethernet_controllers
  Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24494
MISC intel — 722_ethernet_controllors
  Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24492
MISC intel — 7360_cell_modem
  Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access. 2021-02-17 not yet calculated CVE-2020-24482
MISC intel — collaboration_suite
  Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access. 2021-02-17 not yet calculated CVE-2020-12339
MISC intel — e810_ethernet_adaptor_driver
  Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24502
MISC intel — e810_ethernet_adaptor_drivers
  Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24504
MISC intel — e810_ethernet_adaptor_drivers
  Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access. 2021-02-17 not yet calculated CVE-2020-24503
MISC intel — e810_ethernet_controllers
  Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24497
MISC intel — e810_ethernet_controllers
  Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24498
MISC intel — e810_ethernet_controllers
  Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24500
MISC intel — e810_ethernet_controllers
  Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access. 2021-02-17 not yet calculated CVE-2020-24501
MISC intel — epid_sdk
  Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-24453
MISC intel — ethernet_i210_controller
  Improper access control in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may potentially allow a privileged user to enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-0523
MISC intel — ethernet_i210_controller
  Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-0525
MISC intel — ethernet_i210_controller
  Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-0524
MISC intel — ethernet_i210_controller
  Improper initialization in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-0522
MISC intel — graphics_driver
  Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-8678
MISC intel — graphics_drivers Insufficient control flow management in the kernel mode driver for some Intel(R) Graphics Drivers before version 15.36.39.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-0544
MISC intel — graphics_drivers Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12386
MISC intel — graphics_drivers Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12370
MISC intel — graphics_drivers Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow a privileged user to potentially enable an escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12367
MISC intel — graphics_drivers Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12365
MISC intel — graphics_drivers Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12366
MISC intel — graphics_drivers Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12373
MISC intel — graphics_drivers
  Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12364
MISC intel — graphics_drivers
  Integer overflow in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable an escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12368
MISC intel — graphics_drivers
  Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12369
MISC intel — graphics_drivers
  Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-24450
MISC intel — graphics_drivers
  Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12371
MISC intel — graphics_drivers
  Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12372
MISC intel — graphics_drivers
  Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12362
MISC intel — graphics_drivers
  Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12361
MISC intel — graphics_drivers
  Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12384
MISC intel — graphics_drivers
  Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12385
MISC intel — graphics_drivers
  Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24448
MISC intel — graphics_drivers
  Insufficient control flow management in some Intel(R) Graphics Drivers before version 15.45.32.5145 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-0521
MISC intel — graphics_drivers
  Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-12363
MISC intel — grpahics_driver
  Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-24462
MISC intel — hd_graphics_control_panel
  Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-0518
MISC intel — multiple_products Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12380
MISC intel — multiple_products Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. 2021-02-17 not yet calculated CVE-2020-12376
MISC intel — multiple_products Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12377
MISC intel — multiple_products
  Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. 2021-02-19 not yet calculated CVE-2020-12374
MISC intel — multiple_products
  Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-12375
MISC intel — optane_dc_persistent_memory
  Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-24451
MISC intel — proset/wireless_wifi_and_killer_drivers
  Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0 may allow a privileged user to potentially enable information disclosure and denial of service<b>&nbsp;</b>via adjacent access. 2021-02-17 not yet calculated CVE-2020-24458
MISC intel — quartus_prime_pro
  Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-24481
MISC intel — realsense_dcm Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-8765
MISC intel — sgx_platform_software
  Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24452
MISC intel — soc_driver
  Insecure inherited permissions for the Intel(R) SOC driver package for STK1A32SC before version 604 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2021-0109
MISC intel — ssd_toolbox
  Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-8701
MISC intel — trace_analyzer_and_collector
  Uncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access. 2021-02-17 not yet calculated CVE-2020-24485
MISC intel — xtu
  Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access. 2021-02-17 not yet calculated CVE-2020-24480
MISC irfanview — irfanview The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow starting at WPG!ReadWPG_W+0x0000000000000133, which might allow remote attackers to execute arbitrary code. 2021-02-17 not yet calculated CVE-2021-27362
MISC
MISC irfanview — irfanview
  The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at WPG+0x0000000000012ec6, which might allow remote attackers to execute arbitrary code. 2021-02-17 not yet calculated CVE-2021-27224
MISC
MISC
MISC jackson-dataformat-cbor — jackson-dataformat-cbor
  This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. 2021-02-18 not yet calculated CVE-2020-28491
CONFIRM
CONFIRM
CONFIRM jinjava — jinjava
  Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure. 2021-02-19 not yet calculated CVE-2020-12668
MISC
MISC
MISC
MISC
MISC jsdom — jsdom
  JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled. 2021-02-16 not yet calculated CVE-2021-20066
MISC kollectapps — kollectapps
  KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. 2021-02-18 not yet calculated CVE-2021-27335
MISC less-openui5 — less-openui5
  less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0. 2021-02-16 not yet calculated CVE-2021-21316
MISC
MISC
MISC
CONFIRM
MISC library_system — library_system
  The user area for Library System 1.0 is vulnerable to SQL injection where a user can bypass the authentication and login as the admin user. 2021-02-15 not yet calculated CVE-2021-26200
MISC linux — linux_kernel An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory. 2021-02-17 not yet calculated CVE-2021-26933
MISC linux — linux_kernel An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn’t stated accordingly in its support status entry. 2021-02-17 not yet calculated CVE-2021-26934
MISC linux — linux_kernel
  A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information. 2021-02-19 not yet calculated CVE-2020-35499
MISC linux — linux_kernel
  An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn’t mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. 2021-02-17 not yet calculated CVE-2021-26930
MISC linux — linux_kernel
  An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn’t correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. 2021-02-17 not yet calculated CVE-2021-26931
MISC linux — linux_kernel
  An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. 2021-02-17 not yet calculated CVE-2021-26932
MISC livy — livy
  Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users’ sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating. 2021-02-20 not yet calculated CVE-2021-26544
MLIST
CONFIRM
CONFIRM lodash — lodash
  All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template. 2021-02-15 not yet calculated CVE-2021-23337
MISC
MISC
MISC
MISC
MISC
MISC
MISC lodash — lodash
  All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require(‘lodash’); function build_blank (n) { var ret = “1” for (var i = 0; i < n; i++) { ret += ” ” } return ret + “1”; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() – time0; console.log(“time_cost0: ” + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() – time1; console.log(“time_cost1: ” + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() – time2; console.log(“time_cost2: ” + time_cost2) 2021-02-15 not yet calculated CVE-2020-28500
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM mailtrain — mailtrain
  Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. 2021-02-19 not yet calculated CVE-2020-24617
MISC
MISC mcafee — web_gateway
  Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page. 2021-02-17 not yet calculated CVE-2021-23885
CONFIRM metasys — reporting_engine_web_services
  Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. 2021-02-19 not yet calculated CVE-2020-9050
CONFIRM
CERT microweber — microweber
  A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously constructed ZIP file with file paths including relative paths (i.e., ../../), move this file into the backup directory, and execute a restore on this file. 2021-02-15 not yet calculated CVE-2020-28337
MISC
MISC
MISC mitsubishi — electric_fa_engineering_software
  Improper handling of length parameter inconsistency vulnerability in Mitsubishi Electric FA Engineering Software(C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP versions 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 versions 1.597X and prior, GX Works3 versions 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions, SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. 2021-02-19 not yet calculated CVE-2021-20588
MISC
MISC mitsubishi — electric_fa_engineering_software
  Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (C Controller module setting and monitoring tool all versions, CPU Module Logging Configuration Tool all versions, CW Configurator all versions, Data Transfer all versions, EZSocket all versions, FR Configurator all versions, FR Configurator SW3 all versions, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GT SoftGOT1000 Version3 all versions, GT SoftGOT2000 Version1 all versions, GX Configurator-DP version 7.14Q and prior, GX Configurator-QP all versions, GX Developer all versions, GX Explorer all versions, GX IEC Developer all versions, GX LogViewer all versions, GX RemoteService-I all versions, GX Works2 version 1.597X and prior, GX Works3 version 1.070Y and prior, M_CommDTM-HART all versions, M_CommDTM-IO-Link all versions, MELFA-Works all versions, MELSEC WinCPU Setting Utility all versions, MELSOFT EM Software Development Kit (EM Configurator) all versions, MELSOFT Navigator all versions, MH11 SettingTool Version2 all versions, MI Configurator all versions, MT Works2 all versions, MX Component all versions, Network Interface Board CC IE Control utility all versions, Network Interface Board CC IE Field Utility all versions, Network Interface Board CC-Link Ver.2 Utility all versions, Network Interface Board MNETH utility all versions, PX Developer all versions, RT ToolBox2 all versions, RT ToolBox3 all versions, Setting/monitoring tools for the C Controller module all versions and SLMP Data Collector all versions) allows a remote unauthenticated attacker to cause a DoS condition of the software products, and possibly to execute a malicious program on the personal computer running the software products although it has not been reproduced, by spoofing MELSEC, GOT or FREQROL and returning crafted reply packets. 2021-02-19 not yet calculated CVE-2021-20587
MISC
MISC modernflow — modernflow
  ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. 2021-02-19 not yet calculated CVE-2021-3339
MISC
MISC mumble — mumble
  Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. 2021-02-16 not yet calculated CVE-2021-27229
MISC
MISC
MISC
MLIST mutare — voice An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue. 2021-02-16 not yet calculated CVE-2021-27233
MISC mutare — voice
  An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, there is a functionality at diagzip.asp that allows anyone to export tables of a database. 2021-02-16 not yet calculated CVE-2021-27235
MISC mutare — voice
  An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp. 2021-02-16 not yet calculated CVE-2021-27234
MISC mutare — voice
  An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution. 2021-02-16 not yet calculated CVE-2021-27236
MISC nagios — xi_5.7.2
  Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. 2021-02-15 not yet calculated CVE-2020-24899
MISC nagiosxi — 5.6.11
  NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into a request. 2021-02-15 not yet calculated CVE-2020-22427
MISC netis — multiple_devices
  Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. 2021-02-18 not yet calculated CVE-2021-26747
MISC
MISC node.js — node.js A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js. 2021-02-19 not yet calculated CVE-2021-27405
MISC
MISC
MISC node.js — node.js The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. 2021-02-19 not yet calculated CVE-2021-3189
MISC
MISC node.js — node.js
  The System Information Library for Node.JS (npm package “systeminformation”) is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() … do only allow strings, reject any arrays. String sanitation works as expected. 2021-02-16 not yet calculated CVE-2021-21315
MISC
CONFIRM
MISC ondemand — ondemand
  Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. 2021-02-19 not yet calculated CVE-2020-36247
MISC opc_ua.net — opc_ua.net
  A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates. 2021-02-16 not yet calculated CVE-2020-29457
MISC
CONFIRM
MISC opencast — opencast
  Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2. 2021-02-18 not yet calculated CVE-2021-21318
MISC
CONFIRM openemr — openemr
  A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. 2021-02-15 not yet calculated CVE-2020-29140
MISC
MISC
MISC
MISC
MISC openemr — openemr
  A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. 2021-02-15 not yet calculated CVE-2020-29143
MISC
MISC
MISC
MISC openemr — openemr
  A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. 2021-02-15 not yet calculated CVE-2020-29139
MISC
MISC
MISC
MISC openldap — openldap
  In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. 2021-02-14 not yet calculated CVE-2021-27212
MISC
MISC
MISC
MLIST opennms — meridian
  OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts <1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions. 2021-02-17 not yet calculated CVE-2021-3396
MISC
CONFIRM openrepeater — openrepeater
  OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. 2021-02-19 not yet calculated CVE-2019-25024
MISC
MISC openssl — opensll The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). 2021-02-16 not yet calculated CVE-2021-23841
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM openssl — opensll
  Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). 2021-02-16 not yet calculated CVE-2021-23840
CONFIRM
CONFIRM
CONFIRM
DEBIAN
CONFIRM openssl — openssl
  OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). 2021-02-16 not yet calculated CVE-2021-23839
CONFIRM
CONFIRM
CONFIRM owncloud — owncloud In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. 2021-02-19 not yet calculated CVE-2020-36250
MISC owncloud — owncloud ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. 2021-02-19 not yet calculated CVE-2020-36252
MISC owncloud — owncloud
  ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else’s access to that share. 2021-02-19 not yet calculated CVE-2020-36251
MISC owncloud — owncloud
  The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. 2021-02-19 not yet calculated CVE-2020-36249
MISC owncloud — owncloud
  The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. 2021-02-19 not yet calculated CVE-2020-36248
MISC owncloud — owncloud
  An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview. 2021-02-19 not yet calculated CVE-2020-10254
MISC
CONFIRM
MISC owncloud — owncloud
  An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack. 2021-02-19 not yet calculated CVE-2020-10252
MISC
CONFIRM
MISC pelco — digital_sentry_server
  The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered. 2021-02-16 not yet calculated CVE-2021-27232
MISC
MISC phpgurukul — car_rental_project
  PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. 2021-02-17 not yet calculated CVE-2021-26809
MISC
MISC pi-hole — pi-hole Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie. 2021-02-18 not yet calculated CVE-2020-35592
MISC
MISC pi-hole — pi-hole
  Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user’s account through the active session. 2021-02-18 not yet calculated CVE-2020-35591
MISC
MISC pimcore — pimcore
  This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability. 2021-02-18 not yet calculated CVE-2021-23340
MISC
MISC
MISC pnglmg — pnglmg
  An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file. 2021-02-20 not yet calculated CVE-2020-28248
MISC
MISC
MISC
MISC powerlogic — multiple_products
  A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface. 2021-02-19 not yet calculated CVE-2021-22701
MISC powerlogic — multiple_products
  A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device. 2021-02-19 not yet calculated CVE-2021-22703
MISC powerlogic — multiple_products
  A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device. 2021-02-19 not yet calculated CVE-2021-22702
MISC pressbooks — pressbooks
  PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info’s Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS. 2021-02-18 not yet calculated CVE-2021-3271
MISC
MISC
MISC prism-asciidoc — prism-asciidoc
  The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. 2021-02-18 not yet calculated CVE-2021-23341
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM property_management_system — property_management_system
  Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. 2021-02-17 not yet calculated CVE-2021-22858
CONFIRM
MISC prototye_pollution — prototype_pollution
  All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . 2021-02-18 not yet calculated CVE-2020-28499
CONFIRM
CONFIRM
CONFIRM qlib — qlib
  This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function. 2021-02-15 not yet calculated CVE-2021-23338
MISC
MISC qnap — nas_devices
  A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) 2021-02-17 not yet calculated CVE-2020-2501
MISC qnap — photo_station
  This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later 2021-02-17 not yet calculated CVE-2020-2502
MISC racom — midge_firmware Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. 2021-02-16 not yet calculated CVE-2021-20074
MISC racom — midge_firmware
  Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. 2021-02-16 not yet calculated CVE-2021-20067
MISC racom — midge_firmware
  Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. 2021-02-16 not yet calculated CVE-2021-20073
MISC racom — midge_firmware
  Racom’s MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. 2021-02-16 not yet calculated CVE-2021-20072
MISC reportlab — reportlab
  All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab’s documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src=”http://127.0.0.1:5000″ valign=”top”/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF 2021-02-18 not yet calculated CVE-2020-28463
CONFIRM
CONFIRM rust — rust An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free. 2021-02-18 not yet calculated CVE-2021-27377
MISC rust — rust
  An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. 2021-02-18 not yet calculated CVE-2021-27376
MISC rust — rust
  An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. 2021-02-18 not yet calculated CVE-2021-27378
MISC sangoma — asterisk An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash. 2021-02-18 not yet calculated CVE-2021-26717
MISC
FULLDISC
MISC
CONFIRM
CONFIRM sangoma — asterisk
  A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. 2021-02-19 not yet calculated CVE-2021-26713
MISC
MISC
MISC sangoma — asterisk
  A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. 2021-02-18 not yet calculated CVE-2020-35776
MISC
FULLDISC
CONFIRM
MISC
CONFIRM sangoma — asterisk
  Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets. 2021-02-18 not yet calculated CVE-2021-26712
MISC
FULLDISC
MISC
CONFIRM
CONFIRM secomea — gatemanager An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c 2021-02-15 not yet calculated CVE-2020-29031
MISC secomea — gatemanager
  A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authenticated attacker with administrative permissions to read and write arbitrary files in the Linux file system. This issue affects: GateManager all versions prior to 9.2c. 2021-02-15 not yet calculated CVE-2020-29026
MISC secomea — gatemanager
  Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. 2021-02-16 not yet calculated CVE-2020-29024
MISC secomea — gatemanager
  Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim’s computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3. 2021-02-16 not yet calculated CVE-2020-29023
MISC
CONFIRM secomea — gatemanager
  Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3 2021-02-16 not yet calculated CVE-2020-29022
MISC smartstorenet — smartstorenet
  An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). 2021-02-19 not yet calculated CVE-2020-27997
MISC
MISC soar — cloud_system The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands. 2021-02-17 not yet calculated CVE-2021-22855
CONFIRM
MISC soar — cloud_system
  The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work. 2021-02-17 not yet calculated CVE-2021-22853
CONFIRM
MISC soar — cloud_system
  The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege. 2021-02-17 not yet calculated CVE-2021-22854
CONFIRM
MISC steghide — steghide
  steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. 2021-02-15 not yet calculated CVE-2021-27211
MISC
MISC
MISC sytech — xl_reporter
  An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. 2021-02-19 not yet calculated CVE-2020-13549
MISC teachers_record_management_system — teachers_record_management_system
  Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in ‘searchteacher’ POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks. 2021-02-15 not yet calculated CVE-2021-26822
MISC
MISC telsa — solarcity_solar_monitoring_gateway
  Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a “Use of Hard-coded Credentials” issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. 2021-02-18 not yet calculated CVE-2020-9306
CONFIRM
MISC
MISC
MISC testes_de_codigo — testes_de_codigo
  Mobile application “Testes de Codigo” 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters “isAdmin” and “isPremium” located on device storage. 2021-02-16 not yet calculated CVE-2021-25648
MISC three — three
  This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require(‘three’) function build_blank (n) { var ret = “rgb(” for (var i = 0; i < n; i++) { ret += ” ” } return ret + “”; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() – time; console.log(time_cost+” ms”) 2021-02-18 not yet calculated CVE-2020-28496
MISC
MISC
MISC
MISC traefik — traefik
  Traefik before 2.4.5 allows the loading of IFRAME elements from other domains. 2021-02-18 not yet calculated CVE-2021-27375
MISC
CONFIRM uap-core — uap-core
  uap-core in an open-source npm package which contains the core of BrowserScope’s original user agent string parser. In uap-core before version 0.11.0, some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This is fixed in version 0.11.0. Downstream packages such as uap-python, uap-ruby etc which depend upon uap-core follow different version schemes. 2021-02-16 not yet calculated CVE-2021-21317
MISC
CONFIRM
MISC uprism — uprism
  A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. 2021-02-17 not yet calculated CVE-2020-7849
MISC vertigis — weboffice
  VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers to achieve “Zugriff auf Inhalte der WebOffice Applikation.” 2021-02-17 not yet calculated CVE-2021-27374
MISC
MISC visualware — myconnection_server
  In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. 2021-02-19 not yet calculated CVE-2021-27509
MISC voloko– twitter-stream
  In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused). 2021-02-19 not yet calculated CVE-2020-24392
MISC
MISC voloko– twitter-stream
  TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack. 2021-02-19 not yet calculated CVE-2020-24393
MISC
MISC webware — webdesktop
  SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server. 2021-02-19 not yet calculated CVE-2021-3204
MISC wireshark — wireshark
  Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17 not yet calculated CVE-2021-22174
CONFIRM
MISC
MISC wireshark — wireshark
  Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file 2021-02-17 not yet calculated CVE-2021-22173
CONFIRM
MISC
MISC xen — xen
  An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565. 2021-02-18 not yet calculated CVE-2021-27379
MISC yeastar — neogate_devices Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key. 2021-02-19 not yet calculated CVE-2021-27328
MISC
MISC zoho — manageengine_adselfservice_plus
  A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. 2021-02-19 not yet calculated CVE-2021-27214
MISC
MISC

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.