Original release date: April 19, 2021
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| dreamreport — dream_report | A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | 2021-04-09 | 7.2 | CVE-2020-13532 MISC |
| fluidsynth — fluidsynth | FluidSynth 2.1.7 contains a use after free vulnerability in sfloader/fluid_sffile.c that can result in arbitrary code execution or a denial of service (DoS) if a malicious soundfont2 file is loaded into a fluidsynth library. | 2021-04-13 | 7.5 | CVE-2021-28421 MISC MISC |
| google — android | In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-178725766 | 2021-04-13 | 10 | CVE-2021-0430 MISC |
| indionetworks — unibox_u50_firmware | Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafted HTTP request may reconfigure the device. | 2021-04-09 | 9.3 | CVE-2020-21884 MISC MISC MISC |
| indionetworks — unibox_u50_firmware | Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. | 2021-04-09 | 9 | CVE-2020-21883 MISC MISC MISC |
| microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483. | 2021-04-13 | 10 | CVE-2021-28480 MISC |
| microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483. | 2021-04-13 | 10 | CVE-2021-28481 MISC |
| microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483. | 2021-04-13 | 9 | CVE-2021-28482 MISC |
| microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482. | 2021-04-13 | 7.7 | CVE-2021-28483 MISC |
| microsoft — windows_10 | Azure AD Web Sign-in Security Feature Bypass Vulnerability | 2021-04-13 | 7.5 | CVE-2021-27092 MISC |
| microsoft — windows_10 | Windows Hyper-V Denial of Service Vulnerability | 2021-04-13 | 7.8 | CVE-2021-26416 MISC |
| online_book_store_project — online_book_store | SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | 2021-04-09 | 7.5 | CVE-2020-23763 MISC MISC |
| openclinic_ga_project — openclinic_ga | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2021-04-13 | 7.5 | CVE-2020-27236 MISC |
| openclinic_ga_project — openclinic_ga | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2021-04-13 | 7.5 | CVE-2020-27235 MISC |
| openclinic_ga_project — openclinic_ga | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2021-04-13 | 7.5 | CVE-2020-27234 MISC |
| openclinic_ga_project — openclinic_ga | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2021-04-13 | 7.5 | CVE-2020-27233 MISC |
| rust-lang — rust | In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics. | 2021-04-14 | 7.5 | CVE-2021-31162 MISC MISC |
| sonicwall — email_security | A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | 2021-04-09 | 7.5 | CVE-2021-20021 CONFIRM |
| sonicwall — global_management_system | A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | 2021-04-10 | 10 | CVE-2021-20020 CONFIRM |
| trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2021-04-13 | 7.2 | CVE-2021-25250 N/A N/A N/A |
| trendmicro — apex_one | An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2021-04-13 | 7.2 | CVE-2021-25253 N/A N/A N/A |
| trendmicro — apex_one | An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2021-04-13 | 7.2 | CVE-2021-28645 N/A N/A N/A |
| windriver — vxworks | An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client. | 2021-04-13 | 7.5 | CVE-2021-29998 MISC |
| windriver — vxworks | An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server. | 2021-04-13 | 7.5 | CVE-2021-29999 MISC |
| zerof — expert | The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint. | 2021-04-13 | 7.5 | CVE-2021-30176 MISC MISC |
| zerof — web_server | ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. | 2021-04-13 | 7.5 | CVE-2021-30175 MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accessally — accessally | In the AccessAlly WordPress plugin before 3.5.7, the file “resource/frontend/product/product-shortcode.php” responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required. | 2021-04-12 | 5 | CVE-2021-24226 CONFIRM |
| atlassian — data_center | The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. | 2021-04-09 | 5 | CVE-2020-36287 MISC |
| dreamreport — dream_report | A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | 2021-04-09 | 6.8 | CVE-2020-13534 MISC |
| dreamreport — dream_report | A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | 2021-04-09 | 4.4 | CVE-2020-13533 MISC |
| fortinet — fortiadc | A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users’ password in log files. | 2021-04-12 | 4 | CVE-2021-24024 CONFIRM |
| google — android | In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090 | 2021-04-13 | 5.4 | CVE-2021-0433 MISC |
| google — android | In several functions of InputDispatcher.cpp, WindowManagerService.java, and related files, there is a possible tapjacking attack due to an incorrect FLAG_OBSCURED value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10Android ID: A-152064592 | 2021-04-13 | 4.4 | CVE-2021-0438 MISC |
| google — android | In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173552790 | 2021-04-13 | 4.4 | CVE-2021-0432 MISC |
| google — android | In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985 | 2021-04-13 | 4.6 | CVE-2021-0442 MISC |
| google — android | In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174243830 | 2021-04-13 | 4.6 | CVE-2021-0439 MISC |
| google — android | In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330 | 2021-04-13 | 4.6 | CVE-2021-0437 MISC |
| google — android | In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139 | 2021-04-13 | 4.6 | CVE-2021-0429 MISC |
| google — android | In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174485572 | 2021-04-13 | 4.6 | CVE-2021-0426 MISC |
| google — android | In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451 | 2021-04-13 | 5 | CVE-2021-0435 MISC |
| google — android | In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901 | 2021-04-13 | 5 | CVE-2021-0431 MISC |
| google — android | In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174488848 | 2021-04-13 | 4.6 | CVE-2021-0427 MISC |
| google — chrome | Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | 6.8 | CVE-2021-21195 MISC MISC |
| google — chrome | Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | 6.8 | CVE-2021-21194 MISC MISC |
| google — chrome | Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | 6.8 | CVE-2021-21196 MISC MISC |
| google — chrome | Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | 6.8 | CVE-2021-21197 MISC MISC |
| google — chrome | Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 2021-04-09 | 6.8 | CVE-2021-21199 MISC MISC |
| google — chrome | Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2021-04-09 | 4.3 | CVE-2021-21198 MISC MISC |
| ibm — collaborative_lifecycle_management | IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422. | 2021-04-12 | 5 | CVE-2020-4965 XF CONFIRM |
| ibm — collaborative_lifecycle_management | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198441. | 2021-04-12 | 4.3 | CVE-2021-20519 XF CONFIRM |
| ibm — collaborative_lifecycle_management | IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419. | 2021-04-12 | 4 | CVE-2020-4964 XF CONFIRM |
| ibm — collaborative_lifecycle_management | IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191396. | 2021-04-12 | 4.3 | CVE-2020-4920 XF CONFIRM |
| intelliants — subrion | Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= 4.2.1 allows remote attackers to execute arbitrary web script via the “payment gateway” column on transactions tab. | 2021-04-09 | 4.3 | CVE-2020-23761 MISC MISC |
| libsixel_project — libsixel | Buffer Overflow in the “sixel_encoder_encode_bytes” function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). | 2021-04-14 | 5 | CVE-2020-36120 MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a “hidden” user exists. | 2021-04-09 | 4 | CVE-2021-30156 MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to “protect” a page, a user is currently able to protect to a higher level than they currently have permissions for. | 2021-04-09 | 4 | CVE-2021-30152 MISC DEBIAN |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. ContentModelChange does not check if a user has correct permissions to create and set the content model of a nonexistent page. | 2021-04-09 | 4 | CVE-2021-30155 MISC DEBIAN |
| microsoft — team_foundation_server | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | 2021-04-13 | 4 | CVE-2021-27067 MISC |
| microsoft — visual_studio | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322. | 2021-04-13 | 4.6 | CVE-2021-28321 MISC |
| microsoft — visual_studio | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322. | 2021-04-13 | 4.6 | CVE-2021-28313 MISC |
| microsoft — visual_studio | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321. | 2021-04-13 | 4.6 | CVE-2021-28322 MISC |
| microsoft — visual_studio_2017 | Visual Studio Installer Elevation of Privilege Vulnerability | 2021-04-13 | 4.6 | CVE-2021-27064 MISC |
| microsoft — visual_studio_code | Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475. | 2021-04-13 | 6.8 | CVE-2021-28477 MISC |
| microsoft — visual_studio_code | Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28477. | 2021-04-13 | 6.8 | CVE-2021-28475 MISC |
| microsoft — visual_studio_code | Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28475, CVE-2021-28477. | 2021-04-13 | 6.8 | CVE-2021-28473 MISC |
| microsoft — windows_10 | Windows Application Compatibility Cache Denial of Service Vulnerability | 2021-04-13 | 4.3 | CVE-2021-28311 MISC |
| microsoft — windows_10 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | 2021-04-13 | 4.6 | CVE-2021-28320 MISC |
| microsoft — windows_10 | Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-27095. | 2021-04-13 | 4.6 | CVE-2021-28315 MISC |
| microsoft — windows_10 | Windows Hyper-V Elevation of Privilege Vulnerability | 2021-04-13 | 4.6 | CVE-2021-28314 MISC |
| microsoft — windows_10 | Windows NTFS Denial of Service Vulnerability | 2021-04-13 | 4.3 | CVE-2021-28312 MISC |
| microsoft — windows_10 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-27072. | 2021-04-13 | 4.6 | CVE-2021-28310 MISC |
| microsoft — windows_10 | NTFS Elevation of Privilege Vulnerability | 2021-04-13 | 4.6 | CVE-2021-27096 MISC |
| microsoft — windows_10 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 2021-04-13 | 4.6 | CVE-2021-27090 MISC |
| microsoft — windows_10 | Windows AppX Deployment Server Denial of Service Vulnerability | 2021-04-13 | 4.3 | CVE-2021-28326 MISC |
| microsoft — windows_10 | Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28328. | 2021-04-13 | 4 | CVE-2021-28323 MISC |
| microsoft — windows_10 | Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28324. | 2021-04-13 | 4 | CVE-2021-28325 MISC |
| microsoft — windows_10 | Windows Event Tracing Elevation of Privilege Vulnerability | 2021-04-13 | 4.6 | CVE-2021-27088 MISC |
| microsoft — windows_10 | Windows Services and Controller App Elevation of Privilege Vulnerability | 2021-04-13 | 4.6 | CVE-2021-27086 MISC MISC |
| microsoft — windows_10 | Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28310. | 2021-04-13 | 4.6 | CVE-2021-27072 MISC |
| microsoft — windows_10 | Microsoft Internet Messaging API Remote Code Execution Vulnerability | 2021-04-13 | 6.8 | CVE-2021-27089 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358. | 2021-04-13 | 6.5 | CVE-2021-28434 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28434. | 2021-04-13 | 6.5 | CVE-2021-28358 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | 6.5 | CVE-2021-28357 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | 6.5 | CVE-2021-28356 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | 6.5 | CVE-2021-28355 MISC |
| microsoft — windows_10 | Windows Media Video Decoder Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28315. | 2021-04-13 | 6.8 | CVE-2021-27095 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | 6.5 | CVE-2021-28354 MISC |
| microsoft — windows_10 | Windows Media Photo Codec Information Disclosure Vulnerability | 2021-04-13 | 6.3 | CVE-2021-27079 MISC |
| microsoft — windows_10 | Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28439. | 2021-04-13 | 5 | CVE-2021-28319 MISC |
| microsoft — windows_10 | Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28325. | 2021-04-13 | 5 | CVE-2021-28324 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | 6.5 | CVE-2021-28353 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | 6.5 | CVE-2021-28352 MISC |
| microsoft — windows_10 | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | 6.5 | CVE-2021-28346 MISC |
| microsoft — windows_10 | Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28440. | 2021-04-13 | 4.6 | CVE-2021-26415 MISC MISC |
| microsoft — windows_7 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | 2021-04-13 | 4.6 | CVE-2021-27091 MISC |
| open-emr — openemr | SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. | 2021-04-13 | 6.5 | CVE-2020-13568 MISC |
| open-emr — openemr | SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. | 2021-04-13 | 6.5 | CVE-2020-13566 MISC |
| patreon — patreon_wordpress | The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies. | 2021-04-12 | 5 | CVE-2021-24227 MISC CONFIRM |
| patreon — patreon_wordpress | The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite the “wp_capabilities” meta, which contains the affected user account’s roles and privileges. Doing this would essentially lock them out of the site, blocking them from accessing paid content. | 2021-04-12 | 5.8 | CVE-2021-24230 MISC CONFIRM |
| patreon — patreon_wordpress | The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of the error logging logic behind the scene allowed user-controlled input to be reflected on the login page, unsanitized. | 2021-04-12 | 6.8 | CVE-2021-24228 MISC CONFIRM |
| patreon — patreon_wordpress | The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link. | 2021-04-12 | 4.3 | CVE-2021-24231 MISC CONFIRM |
| patreon — patreon_wordpress | The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is accessible for user accounts with the ‘manage_options’ privilege (i.e.., only administrators). Unfortunately, one of the parameters used in this AJAX endpoint is not sanitized before being printed back to the user, so the risk it represents is the same as the previous XSS vulnerability. | 2021-04-12 | 6.8 | CVE-2021-24229 MISC CONFIRM |
| perforce — helix_alm | XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. | 2021-04-13 | 6.4 | CVE-2021-29997 MISC |
| rukovoditel — project_management | An exploitable SQL injection vulnerability exists in the “forms_fields_rules/rules” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 2021-04-09 | 6.8 | CVE-2020-13587 MISC |
| rukovoditel — project_management | An exploitable SQL injection vulnerability exists in the “access_rules/rules_form” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 2021-04-09 | 6.8 | CVE-2020-13591 MISC |
| rukovoditel — project_management | An exploitable SQL injection vulnerability exists in “global_lists/choices” page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 2021-04-09 | 6.8 | CVE-2020-13592 MISC |
| skyworthdigital — rn510_firmware | Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). | 2021-04-09 | 4.3 | CVE-2021-25327 MISC |
| skyworthdigital — rn510_firmware | Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device. | 2021-04-09 | 6.5 | CVE-2021-25328 MISC |
| sonicwall — email_security | SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. | 2021-04-09 | 6.5 | CVE-2021-20022 CONFIRM |
| tms-outsource — wpdatatables | The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table. | 2021-04-12 | 5.5 | CVE-2021-24197 MISC MISC CONFIRM |
| tms-outsource — wpdatatables | The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table. | 2021-04-12 | 5.5 | CVE-2021-24198 MISC MISC CONFIRM |
| tms-outsource — wpdatatables | The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the ‘start’ HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application. | 2021-04-12 | 4 | CVE-2021-24199 MISC MISC CONFIRM |
| tms-outsource — wpdatatables | The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the ‘length’ HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application. | 2021-04-12 | 4 | CVE-2021-24200 MISC MISC CONFIRM |
| trendmicro — password_manager | Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program. | 2021-04-13 | 4.4 | CVE-2021-28647 N/A |
| wikimedia — parsoid | An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. | 2021-04-09 | 4.3 | CVE-2021-30458 MISC MISC |
| x2engine — x2crm | Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the “New Name” field of the “Rename a Module” tool. | 2021-04-14 | 4.3 | CVE-2020-21087 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| appspace — appspace | Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. | 2021-04-14 | 3.5 | CVE-2021-27989 MISC |
| google — android | In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496160 | 2021-04-13 | 2.1 | CVE-2021-0436 MISC |
| google — android | In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-170474245 | 2021-04-13 | 1.9 | CVE-2021-0443 MISC |
| google — android | In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-173421434 | 2021-04-13 | 2.1 | CVE-2021-0428 MISC |
| google — android | In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of location data to emergency services with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-177561690 | 2021-04-13 | 2.1 | CVE-2021-0400 MISC |
| htmly — htmly | htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php. | 2021-04-13 | 3.5 | CVE-2021-30637 MISC MISC |
| ibm — spectrum_scale | IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478. | 2021-04-09 | 1.9 | CVE-2021-29671 XF CONFIRM |
| larsens_calendar_project — larsens_calendar | Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote attackers to execute arbitrary web script via the “titel” column on the “Eintrage hinzufugen” tab. | 2021-04-09 | 3.5 | CVE-2020-23762 MISC MISC |
| microsoft — windows_10 | Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093. | 2021-04-13 | 2.1 | CVE-2021-28309 MISC |
| microsoft — windows_10 | Windows Event Tracing Information Disclosure Vulnerability | 2021-04-13 | 2.1 | CVE-2021-28435 MISC |
| microsoft — windows_10 | Windows GDI+ Information Disclosure Vulnerability | 2021-04-13 | 2.1 | CVE-2021-28318 MISC |
| microsoft — windows_10 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | 2021-04-13 | 2.1 | CVE-2021-28317 MISC |
| microsoft — windows_10 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | 2021-04-13 | 2.1 | CVE-2021-28316 MISC |
| microsoft — windows_10 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447. | 2021-04-13 | 2.1 | CVE-2021-27094 MISC |
| microsoft — windows_10 | Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309. | 2021-04-13 | 2.1 | CVE-2021-27093 MISC |
| microsoft — windows_10 | Windows Overlay Filter Information Disclosure Vulnerability | 2021-04-13 | 2.1 | CVE-2021-26417 MISC |
| remoteclinic — remoteclinic | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. | 2021-04-13 | 3.5 | CVE-2021-30044 MISC |
| remoteclinic — remoteclinic | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. | 2021-04-13 | 3.5 | CVE-2021-30030 MISC |
| remoteclinic — remoteclinic | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. | 2021-04-13 | 3.5 | CVE-2021-30034 MISC |
| remoteclinic — remoteclinic | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the “Fever” or “Blood Pressure” field on the patients/register-report.php. | 2021-04-13 | 3.5 | CVE-2021-30039 MISC |
| remoteclinic — remoteclinic | Cross Site Scripting (XSS) in Remote Clinic v2.0 via the “Clinic Name”, “Clinic Address”, “Clinic City”, or “Clinic Contact” field on clinics/register.php | 2021-04-13 | 3.5 | CVE-2021-30042 MISC |
| sap — manufacturing_execution | SAP Manufacturing Execution (System Rules), versions – 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored Cross-Site Scripting (XSS) vulnerability. The malicious code can be used for different purposes. e.g., information can be read, modified, and sent to the attacker. However, availability of the server cannot be impacted. | 2021-04-13 | 3.5 | CVE-2021-27600 MISC MISC |
| skyworthdigital — rn510_firmware | Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed. | 2021-04-09 | 3.5 | CVE-2021-25326 MISC |
| trendmicro — apex_one | An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. | 2021-04-13 | 2.1 | CVE-2021-28646 N/A N/A |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| a12n-server — a12nserver |
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2. | 2021-04-16 | not yet calculated | CVE-2021-29452 CONFIRM MISC |
| accusoft — imagegear |
An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2021-04-13 | not yet calculated | CVE-2021-21784 MISC |
| adobe — bridge | Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-04-15 | not yet calculated | CVE-2021-21095 MISC MISC |
| adobe — bridge | Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-04-15 | not yet calculated | CVE-2021-21094 MISC MISC |
| adobe — bridge | Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-04-15 | not yet calculated | CVE-2021-21093 MISC MISC |
| adobe — bridge |
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction. | 2021-04-15 | not yet calculated | CVE-2021-21096 MISC MISC |
| adobe — bridge |
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-04-15 | not yet calculated | CVE-2021-21092 MISC MISC |
| adobe — bridge |
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-04-15 | not yet calculated | CVE-2021-21091 MISC MISC |
| adobe — coldfusion |
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction. | 2021-04-15 | not yet calculated | CVE-2021-21087 MISC |
| adobe — digital_editions |
Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-04-15 | not yet calculated | CVE-2021-21100 MISC |
| adobe — genuine_service | Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction. | 2021-04-16 | not yet calculated | CVE-2020-9681 MISC |
| adobe — genuine_service | Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user. | 2021-04-16 | not yet calculated | CVE-2020-9668 MISC |
| adobe — genuine_service |
Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction. | 2021-04-16 | not yet calculated | CVE-2020-9667 MISC |
| adobe — photoshop | Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-04-15 | not yet calculated | CVE-2021-28548 MISC |
| adobe — photoshop |
Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2021-04-15 | not yet calculated | CVE-2021-28549 MISC |
| advanced_authentication — advanced_authentication |
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. | 2021-04-12 | not yet calculated | CONFIRM |
| ajaxsearchpro — ajaxsearchpro |
AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution. | 2021-04-14 | not yet calculated | CVE-2021-29654 MISC |
| ampache — ampache |
Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and workaround guidance see the referenced GitHub security advisory. | 2021-04-13 | not yet calculated | CVE-2021-21399 CONFIRM |
| anuko — time_tracker |
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed(). | 2021-04-13 | not yet calculated | CVE-2021-29436 MISC MISC CONFIRM |
| apache — commons_io |
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like “//../foo”, or “\..foo”, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus “limited” path traversal), if the calling code would use the result to construct a path value. | 2021-04-13 | not yet calculated | CVE-2021-29425 MISC MLIST MISC MLIST |
| apache — openoffice |
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink. | 2021-04-15 | not yet calculated | CVE-2021-30245 MLIST MISC MLIST MLIST MLIST MLIST |
| apache — solr |
The ReplicationHandler (normally registered at “/replication” under a Solr core) in Apache Solr has a “masterUrl” (also “leaderUrl” alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the “shards” parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2. | 2021-04-13 | not yet calculated | CVE-2021-27905 MISC |
| apache — solr |
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. | 2021-04-13 | not yet calculated | CVE-2021-29943 MISC |
| apache — solr |
When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. | 2021-04-13 | not yet calculated | CVE-2021-29262 MISC |
| apache — tapestry |
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later. | 2021-04-15 | not yet calculated | CVE-2021-27850 MLIST MISC |
| appspace — appspace |
Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. | 2021-04-14 | not yet calculated | CVE-2021-27990 MISC MISC |
| asus — multiple_routers |
In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42095 or < 9.0.0.4.386.41994, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP’s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. | 2021-04-12 | not yet calculated | CVE-2021-3128 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| atlassian — connect_express |
Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions between 3.0.2 – 6.5.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | 2021-04-16 | not yet calculated | CVE-2021-26073 MISC N/A |
| atlassian — connect_spring_boot |
Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 – 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | 2021-04-16 | not yet calculated | CVE-2021-26074 N/A N/A |
| atlassian — jira_server_and_data_center |
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution. | 2021-04-15 | not yet calculated | CVE-2020-36288 MISC |
| atlassian — jira_server_and_data_center |
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename. | 2021-04-15 | not yet calculated | CVE-2021-26075 MISC |
| atlassian — jira_server_and_data_center |
The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https. | 2021-04-15 | not yet calculated | CVE-2021-26076 MISC |
| b2evolution — b2evolution |
SQL Injection in the “evoadm.php” component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the “cf_name” parameter when creating a new filter under the “Collections” tab. | 2021-04-15 | not yet calculated | CVE-2021-28242 MISC MISC |
| binutils — binutils |
There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. | 2021-04-15 | not yet calculated | CVE-2021-3487 MISC |
| bitdefender — safepay |
An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser’s file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29. | 2021-04-12 | not yet calculated | CVE-2020-15734 MISC |
| c-bus — toolkit | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a file is uploaded. | 2021-04-13 | not yet calculated | CVE-2021-22719 MISC |
| c-bus — toolkit |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing config files. | 2021-04-13 | not yet calculated | CVE-2021-22717 MISC |
| c-bus — toolkit |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring project files. | 2021-04-13 | not yet calculated | CVE-2021-22718 MISC |
| c-bus — toolkit |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring a project. | 2021-04-13 | not yet calculated | CVE-2021-22720 MISC |
| c-bus — toolkit |
A CWE-269: Improper Privilege Management vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when an unprivileged user modifies a file. | 2021-04-13 | not yet calculated | CVE-2021-22716 MISC |
| casap — automated_enrollement_system |
CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter. | 2021-04-15 | not yet calculated | CVE-2021-27129 MISC |
| centreon — platform |
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user. | 2021-04-15 | not yet calculated | CVE-2021-28055 MISC |
| ceph — ceph |
An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn’t sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2021-04-15 | not yet calculated | CVE-2021-20288 MISC |
| chrono-node — chrono-node |
This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. | 2021-04-12 | not yet calculated | CVE-2021-23371 CONFIRM CONFIRM CONFIRM |
| corsori — smart_5.8-quart_air_fryer_cs158-af |
A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2021-04-15 | not yet calculated | CVE-2020-28593 MISC |
| corsori — smart_5.8-quart_air_fryer_cs158-af |
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2021-04-15 | not yet calculated | CVE-2020-28592 MISC |
| d-link — dap-2020_devices |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932. | 2021-04-14 | not yet calculated | CVE-2021-27248 MISC MISC |
| d-link — dap-2020_devices |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369. | 2021-04-14 | not yet calculated | CVE-2021-27249 MISC MISC |
| d-link — dap-2020_devices |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856. | 2021-04-14 | not yet calculated | CVE-2021-27250 MISC MISC |
| d-link — dir-802_devices |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2021-04-12 | not yet calculated | CVE-2021-29379 MISC MISC MISC |
| d-link — dir-816_devices | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the”‘s_ip” and “s_mac” fields could lead to a Stack-Based Buffer Overflow and overwrite the return address. | 2021-04-14 | not yet calculated | CVE-2021-27114 MISC MISC |
| d-link — dir-816_devices |
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters. | 2021-04-14 | not yet calculated | CVE-2021-27113 MISC MISC |
| dart — dart |
The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669. | 2021-04-15 | not yet calculated | CVE-2021-31402 MISC |
| deark — deark | In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize. | 2021-04-14 | not yet calculated | CVE-2021-28856 MISC MISC |
| deark — deark |
In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c). | 2021-04-14 | not yet calculated | CVE-2021-28855 MISC MISC |
| dell — peripheral_manager |
Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulnerability that could be potentially exploited to gain arbitrary code execution on the system with privileges of the system user. | 2021-04-12 | not yet calculated | CVE-2021-21545 MISC |
| dell — srm |
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. | 2021-04-12 | not yet calculated | CVE-2021-21524 MISC |
| devolutions — server |
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete. | 2021-04-14 | not yet calculated | CVE-2021-28157 CONFIRM |
| devolutions — server |
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page. | 2021-04-14 | not yet calculated | CVE-2021-28048 CONFIRM |
| django — debug_toolbar |
A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form. | 2021-04-14 | not yet calculated | CVE-2021-30459 MISC CONFIRM CONFIRM |
| eaton — intelligent_power_manager | Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow attackers to control the input to the function and execute attacker controlled commands. | 2021-04-13 | not yet calculated | CVE-2021-23277 MISC |
| eaton — intelligent_power_manager | Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code. | 2021-04-13 | not yet calculated | CVE-2021-23281 MISC |
| eaton — intelligent_power_manager |
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base. | 2021-04-13 | not yet calculated | CVE-2021-23276 MISC |
| eaton — intelligent_power_manager |
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | 2021-04-13 | not yet calculated | CVE-2021-23279 MISC |
| eaton — intelligent_power_manager |
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability. | 2021-04-13 | not yet calculated | CVE-2021-23280 MISC |
| eaton — intelligent_power_manager |
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | 2021-04-13 | not yet calculated | CVE-2021-23278 MISC |
| exif — exif |
NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. | 2021-04-14 | not yet calculated | CVE-2021-27815 MISC MISC MISC |
| ezxml — ezxml | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap). | 2021-04-16 | not yet calculated | CVE-2021-31347 MISC |
| ezxml — ezxml |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. | 2021-04-11 | not yet calculated | CVE-2021-30485 MISC |
| ezxml — ezxml |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. | 2021-04-15 | not yet calculated | CVE-2021-31229 MISC |
| ezxml — ezxml |
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure). | 2021-04-16 | not yet calculated | CVE-2021-31348 MISC |
| fatek — automation_win_proladder |
FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code. | 2021-04-12 | not yet calculated | CVE-2021-27486 MISC |
| forescout — counteract |
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%ForeScout SecureConnector that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking. | 2021-04-14 | not yet calculated | CVE-2021-28098 MISC MISC MISC |
| fortinet — fortios |
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. | 2021-04-12 | not yet calculated | CVE-2019-17656 CONFIRM CONFIRM |
| fortinet — fortiweb |
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet’s FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. | 2021-04-12 | not yet calculated | CVE-2020-15942 CONFIRM CONFIRM |
| gargoyle — gargoyle_os |
In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP’s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. | 2021-04-12 | not yet calculated | CVE-2021-23270 MISC |
| genexis — platinum_4410_2.1_p4410-v2-1.28_devices |
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI. | 2021-04-13 | not yet calculated | CVE-2021-29003 MISC MISC |
| gitlab — workhorse |
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token | 2021-04-12 | not yet calculated | CVE-2021-22190 CONFIRM MISC MISC |
| google — android
|
In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172252122 | 2021-04-13 | not yet calculated | CVE-2021-0446 MISC |
| google — android |
In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-178825358 | 2021-04-13 | not yet calculated | CVE-2021-0444 MISC |
| google — android |
In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-180427272 | 2021-04-13 | not yet calculated | CVE-2021-0468 MISC |
| google — android |
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444786 | 2021-04-13 | not yet calculated | CVE-2021-0471 MISC |
| google — android |
In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781 | 2021-04-15 | not yet calculated | CVE-2021-0488 MISC |
| google — android |
In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android ID: A-172322502 | 2021-04-13 | not yet calculated | CVE-2021-0445 MISC |
| gpac — gpac |
NULL Pointer Dereference in the “isomedia/track.c” module’s “MergeTrack()” function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. | 2021-04-14 | not yet calculated | CVE-2021-28300 MISC |
| gradle — gradle |
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system’s umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. | 2021-04-12 | not yet calculated | CVE-2021-29429 MISC CONFIRM |
| gradle — gradle |
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the “sticky” bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the “sticky” bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory. | 2021-04-13 | not yet calculated | CVE-2021-29428 MISC MISC MISC CONFIRM |
| gradle — gradle |
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the “A Confusing Dependency” blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced. | 2021-04-13 | not yet calculated | CVE-2021-29427 MISC CONFIRM |
| grav — grav |
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11. | 2021-04-13 | not yet calculated | CVE-2021-29440 CONFIRM MISC |
| grav — grav |
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller’s privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation. | 2021-04-13 | not yet calculated | CVE-2021-29439 CONFIRM |
| group_office — group_office | Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter. | 2021-04-14 | not yet calculated | CVE-2020-35419 MISC |
| group_office — group_office |
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file. | 2021-04-14 | not yet calculated | CVE-2020-35418 MISC |
| group_office — group_office |
A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php. | 2021-04-14 | not yet calculated | CVE-2021-28060 MISC MISC |
| handlebars — handlebars |
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | 2021-04-12 | not yet calculated | CVE-2021-23369 MISC MISC MISC MISC MISC MISC |
| hewlett_packard_enterprises — icewall |
A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). | 2021-04-15 | not yet calculated | CVE-2021-26582 MISC |
| ibm — spectrum_protect_server |
IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792. | 2021-04-16 | not yet calculated | CVE-2021-20491 XF CONFIRM |
| intelbras — telephone_ip_tip200 |
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. | 2021-04-12 | not yet calculated | CVE-2020-24285 MISC MISC |
| intelbras — win_300_and_wrn_342_devices |
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. | 2021-04-14 | not yet calculated | CVE-2021-3017 MISC MISC |
| jitsi — meet |
Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the “sessionpriv.php” module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. | 2021-04-14 | not yet calculated | CVE-2021-26812 MISC |
| joomla! — joomla! |
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI. | 2021-04-14 | not yet calculated | CVE-2021-26031 MISC |
| joomla! — joomla! |
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page | 2021-04-14 | not yet calculated | CVE-2021-26030 MISC |
| jose — jose |
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `^1.28.1 || ^2.0.5 || >=3.11.4`. Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4. Thanks to Jason from Microsoft Vulnerability Research (MSVR) for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory. | 2021-04-16 | not yet calculated | CVE-2021-29443 CONFIRM MISC |
| jose — jose |
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`. | 2021-04-16 | not yet calculated | CVE-2021-29444 CONFIRM MISC |
| jose — jose |
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`. | 2021-04-16 | not yet calculated | CVE-2021-29445 CONFIRM MISC |
| jose — jose |
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`. | 2021-04-16 | not yet calculated | CVE-2021-29446 CONFIRM MISC |
| json — json |
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above. | 2021-04-16 | not yet calculated | CVE-2021-22539 MISC MISC |
| lavalite — lavalite |
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | 2021-04-14 | not yet calculated | CVE-2020-28124 MISC |
| lenovo — power_management_driver |
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. | 2021-04-13 | not yet calculated | CVE-2021-3463 MISC |
| lenovo — power_management_driver |
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver’s device object. | 2021-04-13 | not yet calculated | CVE-2021-3462 MISC |
| lenovo — xclarity_controller |
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC. | 2021-04-13 | not yet calculated | CVE-2021-3473 MISC |
| liberty — lispbx |
In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords. | 2021-04-12 | not yet calculated | CVE-2019-15059 MISC |
| lightcms — lightcms |
LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images. | 2021-04-15 | not yet calculated | CVE-2021-27112 MISC |
| linux — linux_kernel |
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. | 2021-04-17 | not yet calculated | CVE-2021-3493 MISC MISC MISC |
| linux — linux_kernel |
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1. | 2021-04-14 | not yet calculated | CVE-2021-25316 CONFIRM |
| linux — linux_kernel |
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. | 2021-04-17 | not yet calculated | CVE-2021-3492 MISC MISC MISC MISC |
| linux — linux_kernel |
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. | 2021-04-14 | not yet calculated | CVE-2020-36322 MISC MISC |
| linux — linux_kernel |
A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. | 2021-04-14 | not yet calculated | CVE-2021-25314 CONFIRM |
| lotus — lotus |
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: “serialized”, and “compressed”, meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393. | 2021-04-15 | not yet calculated | CVE-2021-21405 MISC MISC CONFIRM |
| mcafee — advanced_threat_defense |
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. | 2021-04-15 | not yet calculated | CVE-2020-7269 CONFIRM |
| mcafee — advanced_threat_defense |
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them. | 2021-04-15 | not yet calculated | CVE-2020-7270 CONFIRM |
| mcafee — content_security_reporter |
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR. | 2021-04-15 | not yet calculated | CVE-2021-23884 CONFIRM |
| mcafee — data_loss_prevention | Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory. | 2021-04-15 | not yet calculated | CVE-2021-23886 CONFIRM CONFIRM |
| mcafee — data_loss_prevention |
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver. | 2021-04-15 | not yet calculated | CVE-2021-23887 CONFIRM CONFIRM |
| mcafee — endpoint_security |
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses. | 2021-04-15 | not yet calculated | CVE-2020-7308 CONFIRM |
| mdaemon — mdaemon | An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user. | 2021-04-14 | not yet calculated | CVE-2021-27182 MISC MISC |
| mdaemon — mdaemon | An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the value of the anti-CSRF token, the attacker may trick the user into visiting his malicious page and performing any request with the privileges of attacked user. | 2021-04-14 | not yet calculated | CVE-2021-27181 MISC MISC |
| mdaemon — mdaemon |
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution. | 2021-04-14 | not yet calculated | CVE-2021-27183 MISC MISC |
| mdaemon — mdaemon |
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user. | 2021-04-14 | not yet calculated | CVE-2021-27180 MISC MISC |
| mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Users can bypass intended restrictions on deleting pages in certain “fast double move” situations. MovePage::isValidMoveTarget() uses FOR UPDATE, but it’s only called if Title::getArticleID() returns non-zero with no special flags. Next, MovePage::moveToInternal() will delete the page if getArticleID(READ_LATEST) is non-zero. Therefore, if the page is missing in the replica DB, isValidMove() will return true, and then moveToInternal() will unconditionally delete the page if it can be found in the master. | 2021-04-09 | not yet calculated | CVE-2021-30159 MISC DEBIAN |
| mendix — multiple_versions |
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges. | 2021-04-16 | not yet calculated | CVE-2021-27394 CONFIRM |
| micro_focus — operations_agent |
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent. | 2021-04-13 | not yet calculated | CVE-2021-22505 MISC |
| microsoft — azure |
Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28458 MISC |
| microsoft — azure |
Azure Sphere Unsigned Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28460 MISC |
| microsoft — azure |
Azure DevOps Server Spoofing Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28459 MISC FULLDISC MISC |
| microsoft — excel | Microsoft Excel Information Disclosure Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28456 MISC |
| microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28451. | 2021-04-13 | not yet calculated | CVE-2021-28454 MISC MISC |
| microsoft — excel |
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28454. | 2021-04-13 | not yet calculated | CVE-2021-28451 MISC |
| microsoft — office |
Microsoft Office Remote Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28449 MISC |
| microsoft — outlook |
Microsoft Outlook Memory Corruption Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28452 MISC |
| microsoft — raw_image_extension |
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28468. | 2021-04-13 | not yet calculated | CVE-2021-28466 MISC |
| microsoft — raw_image_extension |
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28466. | 2021-04-13 | not yet calculated | CVE-2021-28468 MISC |
| microsoft — sharepoint |
Microsoft SharePoint Denial of Service Update | 2021-04-13 | not yet calculated | CVE-2021-28450 MISC |
| microsoft — visual_studio_code | Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477. | 2021-04-13 | not yet calculated | CVE-2021-28469 MISC |
| microsoft — visual_studio_code | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28448 MISC |
| microsoft — visual_studio_code |
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28471 MISC |
| microsoft — visual_studio_code |
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28470 MISC |
| microsoft — visual_studio_code |
Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28472 MISC |
| microsoft — visual_studio_code |
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code execution via a crafted glslangValidatorPath in the workspace configuration. | 2021-04-13 | not yet calculated | CVE-2021-30503 MISC MISC MISC |
| microsoft — visual_studio_code |
The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration. | 2021-04-16 | not yet calculated | CVE-2021-31414 MISC MISC |
| microsoft — visual_studio_code |
Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477. | 2021-04-13 | not yet calculated | CVE-2021-28457 MISC |
| microsoft — vp9_video_extensions |
VP9 Video Extensions Remote Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28464 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28330 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28341 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28345 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28334 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28344 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28343 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28342 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28333 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28335 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28338 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28337 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28336 MISC |
| microsoft — windows | Windows DNS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28323. | 2021-04-13 | not yet calculated | CVE-2021-28328 MISC |
| microsoft — windows | Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28329 MISC |
| microsoft — windows |
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28340 MISC |
| microsoft — windows |
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28327 MISC |
| microsoft — windows |
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28332 MISC |
| microsoft — windows |
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28331, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28339 MISC |
| microsoft — windows |
Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28327, CVE-2021-28329, CVE-2021-28330, CVE-2021-28332, CVE-2021-28333, CVE-2021-28334, CVE-2021-28335, CVE-2021-28336, CVE-2021-28337, CVE-2021-28338, CVE-2021-28339, CVE-2021-28340, CVE-2021-28341, CVE-2021-28342, CVE-2021-28343, CVE-2021-28344, CVE-2021-28345, CVE-2021-28346, CVE-2021-28352, CVE-2021-28353, CVE-2021-28354, CVE-2021-28355, CVE-2021-28356, CVE-2021-28357, CVE-2021-28358, CVE-2021-28434. | 2021-04-13 | not yet calculated | CVE-2021-28331 MISC |
| microsoft — windows_10 | Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28351, CVE-2021-28436. | 2021-04-13 | not yet calculated | CVE-2021-28347 MISC |
| microsoft — windows_10 | Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28351. | 2021-04-13 | not yet calculated | CVE-2021-28436 MISC |
| microsoft — windows_10 | Windows Network File System Remote Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28445 MISC |
| microsoft — windows_10 | Windows Hyper-V Security Feature Bypass Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28444 MISC |
| microsoft — windows_10 | Windows Hyper-V Information Disclosure Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28441 MISC |
| microsoft — windows_10 |
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28349, CVE-2021-28350. | 2021-04-13 | not yet calculated | CVE-2021-28348 MISC |
| microsoft — windows_10 |
Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28438. | 2021-04-13 | not yet calculated | CVE-2021-28443 MISC |
| microsoft — windows_10 |
Windows Installer Spoofing Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-26413 MISC |
| microsoft — windows_10 |
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-27094. | 2021-04-13 | not yet calculated | CVE-2021-28447 MISC |
| microsoft — windows_10 |
Windows Portmapping Information Disclosure Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28446 MISC |
| microsoft — windows_10 |
Windows TCP/IP Information Disclosure Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28442 MISC |
| microsoft — windows_10 |
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28350. | 2021-04-13 | not yet calculated | CVE-2021-28349 MISC |
| microsoft — windows_10 |
Windows Installer Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26415. | 2021-04-13 | not yet calculated | CVE-2021-28440 MISC |
| microsoft — windows_10 |
Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28319. | 2021-04-13 | not yet calculated | CVE-2021-28439 MISC |
| microsoft — windows_10 |
Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28443. | 2021-04-13 | not yet calculated | CVE-2021-28438 MISC |
| microsoft — windows_10 |
Windows Installer Information Disclosure Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28437 MISC |
| microsoft — windows_10 |
Windows GDI+ Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28348, CVE-2021-28349. | 2021-04-13 | not yet calculated | CVE-2021-28350 MISC |
| microsoft — windows_10 |
Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28436. | 2021-04-13 | not yet calculated | CVE-2021-28351 MISC |
| microsoft — word |
Microsoft Word Remote Code Execution Vulnerability | 2021-04-13 | not yet calculated | CVE-2021-28453 MISC |
| mongo-express — mongo-express |
All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. | 2021-04-13 | not yet calculated | CVE-2021-23372 MISC |
| mongodb — tools |
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0. | 2021-04-12 | not yet calculated | CVE-2020-7924 MISC |
| monica — monica |
Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page. | 2021-04-14 | not yet calculated | CVE-2020-35660 MISC MISC MISC |
| monitorr — monitorr |
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. | 2021-04-12 | not yet calculated | CVE-2020-28872 MISC MISC |
| motorola — mh702x_devices |
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. | 2021-04-13 | not yet calculated | CVE-2021-3460 MISC |
| multilaser — ac1200_router | Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. | 2021-04-14 | not yet calculated | CVE-2021-31152 MISC |
| netgear — nighthawk_r7800 |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216. | 2021-04-14 | not yet calculated | CVE-2021-27252 MISC MISC |
| netgear — nighthawk_r7800 |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303. | 2021-04-14 | not yet calculated | CVE-2021-27253 MISC MISC |
| netgear — nighthawk_r7800 |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308. | 2021-04-14 | not yet calculated | CVE-2021-27251 MISC MISC |
| nextcloud — desktop_client |
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. | 2021-04-14 | not yet calculated | CVE-2021-22879 MISC MISC MISC |
| nextcloud — nextcloud |
The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to display HTML in the toast, explicitly pass the `options.isHTML` config flag. | 2021-04-13 | not yet calculated | CVE-2021-29438 CONFIRM MISC |
| online_reviewer_system — online_reviewer_system |
Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload. | 2021-04-14 | not yet calculated | CVE-2021-27130 MISC |
| openclinic_project — openclinic | An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2021-04-15 | not yet calculated | CVE-2020-27239 MISC |
| openclinic_project — openclinic |
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system. | 2021-04-13 | not yet calculated | CVE-2020-27227 MISC |
| openclinic_project — openclinic |
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2021-04-15 | not yet calculated | CVE-2020-27238 MISC |
| openclinic_project — openclinic |
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2021-04-15 | not yet calculated | CVE-2020-27237 MISC |
| openclinic_project — openclinic |
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. | 2021-04-13 | not yet calculated | CVE-2020-27228 MISC |
| openjpeg — openjpeg |
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option “-ImgDir” on a directory that contains 1048576 files. | 2021-04-14 | not yet calculated | CVE-2021-29338 MISC |
| orchard — orchard |
An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display. | 2021-04-14 | not yet calculated | CVE-2020-29593 MISC MISC |
| orchard — orchard |
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor’s file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings). | 2021-04-14 | not yet calculated | CVE-2020-29592 MISC MISC |
| outsystems — platform_server |
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests. | 2021-04-12 | not yet calculated | CVE-2021-29357 MISC MISC |
| papoo — papoo |
Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. This affects Papoo CMS Light through 21.02 and Papoo CMS Pro through 6.0.1. The impact is: gain privileges (remote). | 2021-04-13 | not yet calculated | CVE-2021-29054 CONFIRM CONFIRM CONFIRM |
| parallels — desktop |
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12068. | 2021-04-14 | not yet calculated | CVE-2021-27260 MISC MISC |
| parallels — desktop |
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12021. | 2021-04-14 | not yet calculated | CVE-2021-27259 MISC MISC |
| pega — platform |
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. | 2021-04-12 | not yet calculated | CVE-2020-15390 MISC |
| perforce — helix_alm |
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. | 2021-04-13 | not yet calculated | CVE-2021-28973 MISC |
| phpgurukul — beauty_parlour_management_system |
SQL Injection in the “add-services.php” component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the “sername” parameter. | 2021-04-15 | not yet calculated | CVE-2021-27545 MISC MISC MISC |
| phpgurukul — beauty_parlour_management_system |
Cross Site Scripting (XSS) in the “add-services.php” component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the “sername” parameter. | 2021-04-15 | not yet calculated | CVE-2021-27544 MISC MISC |
| pi-hole — pi-hole |
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details. | 2021-04-14 | not yet calculated | CVE-2021-29449 CONFIRM |
| pi-hole — pi-hole |
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details. | 2021-04-15 | not yet calculated | CVE-2021-29448 CONFIRM |
| portofino — portofino |
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release. | 2021-04-16 | not yet calculated | CVE-2021-29451 MISC CONFIRM MISC |
| postcss — postcss |
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | 2021-04-12 | not yet calculated | CVE-2021-23368 MISC MISC MISC MISC |
| priority — enterprise_management_system |
Cross Site Scripting (XSS) in the “Reset Password” page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site. | 2021-04-14 | not yet calculated | CVE-2021-26832 MISC |
| qed — resourcexpress |
In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation. | 2021-04-15 | not yet calculated | CVE-2020-28898 CONFIRM |
| qnap — nas_devices |
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS) | 2021-04-14 | not yet calculated | CVE-2021-28797 MISC |
| qnap — qts | An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later | 2021-04-17 | not yet calculated | CVE-2020-36195 MISC |
| qnap — qts |
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later | 2021-04-17 | not yet calculated | CVE-2020-2509 MISC |
| qnap — qts |
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later) | 2021-04-16 | not yet calculated | CVE-2018-19942 CONFIRM |
| razer — synapse |
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations). | 2021-04-14 | not yet calculated | CVE-2021-30494 MISC MISC MISC |
| razer — synapse |
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations). | 2021-04-14 | not yet calculated | CVE-2021-30493 MISC MISC MISC |
| rust — rust | In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | 2021-04-11 | not yet calculated | CVE-2021-28878 MISC MISC |
| rust — rust | In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | 2021-04-11 | not yet calculated | CVE-2021-28877 MISC |
| rust — rust |
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. | 2021-04-11 | not yet calculated | CVE-2021-28876 MISC MISC |
| rust — rust |
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | 2021-04-11 | not yet calculated | CVE-2021-28875 MISC MISC |
| rust — rust |
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. | 2021-04-11 | not yet calculated | CVE-2021-28879 MISC MISC |
| rust — rust |
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation. | 2021-04-11 | not yet calculated | CVE-2015-20001 MISC MISC |
| rust — rust |
In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions. | 2021-04-14 | not yet calculated | CVE-2018-25008 MISC MISC |
| rust — rust |
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. | 2021-04-11 | not yet calculated | CVE-2020-36318 MISC MISC |
| rust — rust |
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. | 2021-04-14 | not yet calculated | CVE-2020-36323 MISC MISC |
| rust — rust |
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. | 2021-04-11 | not yet calculated | CVE-2020-36317 MISC MISC |
| rust — rust |
In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions. | 2021-04-14 | not yet calculated | CVE-2017-20004 MISC MISC |
| sap — commerce |
SAP Commerce, versions – 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application. | 2021-04-13 | not yet calculated | CVE-2021-27602 MISC MISC |
| sap — focused_run |
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization. | 2021-04-13 | not yet calculated | CVE-2021-27609 MISC MISC |
| sap — hcm_travel_management_fiori_apps |
SAP’s HCM Travel Management Fiori Apps V2, version – 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted. | 2021-04-13 | not yet calculated | CVE-2021-27605 MISC MISC |
| sap — netweaver | SAP NetWeaver ABAP Server and ABAP Platform (Process Integration – Integration Builder Framework), versions – 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. | 2021-04-14 | not yet calculated | CVE-2021-27599 MISC MISC |
| sap — netweaver |
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions – 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet. | 2021-04-13 | not yet calculated | CVE-2021-27598 MISC MISC |
| sap — netweaver |
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attacker does not have control over kind or degree. | 2021-04-13 | not yet calculated | CVE-2021-27601 MISC MISC |
| sap — netweaver_abap_server_and_abap_platform |
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration – Enterprise Service Repository JAVA Mappings), versions – 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. | 2021-04-14 | not yet calculated | CVE-2021-27604 MISC MISC |
| sap — netweaver_application_server |
SAP NetWeaver Application Server Java(HTTP Service), versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled. | 2021-04-13 | not yet calculated | CVE-2021-21492 MISC MISC |
| sap — netweaver_application_server |
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user. | 2021-04-13 | not yet calculated | CVE-2021-21485 MISC MISC |
| sap — netweaver_as_abap |
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions – 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system. | 2021-04-13 | not yet calculated | CVE-2021-27603 MISC MISC |
| sap — netweaver_master_data_management |
SAP NetWeaver Master Data Management, versions – 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed. | 2021-04-13 | not yet calculated | CVE-2021-21482 MISC MISC |
| sap — setup |
An unquoted service path in SAPSetup, version – 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability. | 2021-04-14 | not yet calculated | CVE-2021-27608 MISC MISC |
| sap — solution_manager |
Under certain conditions SAP Solution Manager, version – 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application. | 2021-04-13 | not yet calculated | CVE-2021-21483 MISC MISC |
| scratchoauth2 — scratchoauth2 |
ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user can be read and modified by a third party. 1. Scratch user visits 3rd party site. 2. 3rd party site asks user for Scratch username. 3. 3rd party site pretends to be user and gets login code from ScratchOAuth2. 4. 3rd party site gives code to user and instructs them to post it on their profile. 5. User posts code on their profile, not knowing it is a ScratchOAuth2 login code. 6. 3rd party site completes login with ScratchOAuth2. 7. 3rd party site has full access to anything the user could do if they directly logged in. See referenced GitHub security advisory for patch notes and workarounds. | 2021-04-13 | not yet calculated | CVE-2021-29437 MISC CONFIRM |
| shopxo — shopxo |
Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in “/index.php” by manipulating the parameter “user_id” in the HTML request. | 2021-04-14 | not yet calculated | CVE-2020-19778 MISC |
| sickrage — sickrage | in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information. | 2021-04-12 | not yet calculated | CVE-2021-25925 MISC MISC |
| sickrage — sickrage |
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user’s sessionID to masquerade as a victim user, to carry out any actions in the context of the user. | 2021-04-12 | not yet calculated | CVE-2021-25926 MISC MISC |
| siren — federate |
Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information across thread contexts. This occurs in opportunistic circumstances when there is concurrent query execution by a low-privilege user and a high-privilege user. The former query might run with the latter query’s privileges. | 2021-04-13 | not yet calculated | CVE-2021-28938 MISC |
| slab — quill |
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. | 2021-04-12 | not yet calculated | CVE-2021-3163 MISC MISC MISC |
| slic3r — libslic3r |
An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | 2021-04-13 | not yet calculated | CVE-2020-28590 MISC |
| solarwinds — orion_platform_2020 |
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903. | 2021-04-14 | not yet calculated | CVE-2021-27258 MISC |
| sopel-channelmgnt — sopel-channelmgnt |
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1. | 2021-04-09 | not yet calculated | CVE-2021-21431 MISC CONFIRM MISC |
| swiper — swiper |
This affects the package swiper before 6.5.1. | 2021-04-12 | not yet calculated | CVE-2021-23370 MISC MISC MISC MISC MISC MISC |
| sydent — sydent |
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses. | 2021-04-15 | not yet calculated | CVE-2021-29430 MISC MISC MISC MISC CONFIRM MISC |
| sydent — sydent |
Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources. | 2021-04-15 | not yet calculated | CVE-2021-29431 MISC MISC MISC MISC MISC CONFIRM MISC |
| sydent — sydent |
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d. | 2021-04-15 | not yet calculated | CVE-2021-29432 MISC MISC CONFIRM MISC |
| sydent — sydent |
### Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. ### Patches Fixed by 3175fd3. ### Workarounds There are no known workarounds. ### References n/a ### For more information If you have any questions or comments about this advisory, email us at security@matrix.org. | 2021-04-15 | not yet calculated | CVE-2021-29433 CONFIRM MISC |
| synapse — synapse | Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | 2021-04-12 | not yet calculated | CVE-2021-21393 MISC MISC CONFIRM MISC |
| synapse — synapse |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds. | 2021-04-12 | not yet calculated | CVE-2021-21392 MISC CONFIRM MISC |
| synapse — synapse |
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Note that the groups feature is not part of the Matrix specification and the chosen maximum lengths are arbitrary. Not all clients might abide by them. Refer to referenced GitHub security advisory for additional details including workarounds. | 2021-04-12 | not yet calculated | CVE-2021-21394 MISC MISC CONFIRM MISC |
| tencent — wechat | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-11907. | 2021-04-14 | not yet calculated | CVE-2021-27247 MISC |
| tenda — g1_and_g3_routers
|
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/”portMappingIndex “request. This occurs because the “formDelPortMapping” function directly passes the parameter “portMappingIndex” to strcpy without limit. | 2021-04-14 | not yet calculated | CVE-2021-27707 MISC |
| tenda — g1_and_g3_routers
|
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/”qosIndex “request. This occurs because the “formQOSRuleDel” function directly passes the parameter “qosIndex” to strcpy without limit. | 2021-04-14 | not yet calculated | CVE-2021-27705 MISC |
| tenda — g1_and_g3_routers |
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted “action/umountUSBPartition” request. This occurs because the “formSetUSBPartitionUmount” function executes the “doSystemCmd” function with untrusted input. | 2021-04-16 | not yet calculated | CVE-2021-27692 MISC |
| tenda — g1_and_g3_routers |
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/”IPMacBindIndex “request. This occurs because the “formIPMacBindDel” function directly passes the parameter “IPMacBindIndex” to strcpy without limit. | 2021-04-14 | not yet calculated | CVE-2021-27706 MISC |
| tenda — go_routers |
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the “formSetDebugCfg” function executes glibc’s system function with untrusted input. | 2021-04-16 | not yet calculated | CVE-2021-27691 MISC |
| textpattern — textpattern |
Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. | 2021-04-15 | not yet calculated | CVE-2021-30209 MISC |
| thanos — soft_cheetah_browser |
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website. | 2021-04-13 | not yet calculated | CVE-2021-29370 MISC |
| thrift — thrist |
An invalid free in Thrift’s table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | 2021-04-14 | not yet calculated | CVE-2021-24028 CONFIRM CONFIRM |
| tibal_systems — zenario_cms |
Cross Site Scripting (XSS) in the “admin_boxes.ajax.php” component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the “cID” parameter when creating a new HTML component. | 2021-04-15 | not yet calculated | CVE-2021-27673 MISC |
| tibal_systems — zenario_cms |
SQL Injection in the “admin_boxes.ajax.php” component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the “cID” parameter when creating a new HTML component. | 2021-04-15 | not yet calculated | CVE-2021-27672 MISC |
| tibco — multiple_products | The Windows Installation component of TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Community Edition and TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Community Edition: versions 1.3.0 and below and TIBCO Messaging – Eclipse Mosquitto Distribution – Core – Enterprise Edition: versions 1.3.0 and below. | 2021-04-14 | not yet calculated | CVE-2021-28825 CONFIRM CONFIRM |
| tibco — multiple_products |
The Windows Installation component of TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Community Edition and TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.’s TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Community Edition: versions 1.3.0 and below and TIBCO Messaging – Eclipse Mosquitto Distribution – Bridge – Enterprise Edition: versions 1.3.0 and below. | 2021-04-14 | not yet calculated | CVE-2021-28826 CONFIRM CONFIRM |
| totlink — x5000r_router |
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc’s system function with untrusted input. In the function, “ip” parameter is directly passed to the attacker, allowing them to control the “ip” field to attack the OS. | 2021-04-14 | not yet calculated | CVE-2021-27710 MISC MISC |
| totlink — x5000r_router |
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc’s system function with untrusted input. In the function, “command” parameter is directly passed to the attacker, allowing them to control the “command” field to attack the OS. | 2021-04-14 | not yet calculated | CVE-2021-27708 MISC MISC |
| tp-link — archer |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306. | 2021-04-14 | not yet calculated | CVE-2021-27246 MISC |
| tp-link — tl-wr802n |
TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution. | 2021-04-12 | not yet calculated | CVE-2021-29302 MISC MISC MISC |
| tp-link — wr2041_firmware |
Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long “ssid” parameter to the “/userRpm/popupSiteSurveyRpm.html” webpage, which crashes the router. | 2021-04-14 | not yet calculated | CVE-2021-26827 MISC |
| tp-link –multiple_devices |
In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP’s router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. | 2021-04-12 | not yet calculated | CVE-2021-3125 MISC MISC MISC MISC MISC MISC |
| trestle — trestle-auth |
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails’ built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially allows an attacker to alter protected data, including admin account credentials. The vulnerability has been fixed in trestle-auth 0.4.2 released to RubyGems. | 2021-04-13 | not yet calculated | CVE-2021-29435 MISC CONFIRM MISC |
| tribalsystems — zenario |
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library – delete` module. | 2021-04-16 | not yet calculated | CVE-2021-26830 CONFIRM |
| tsmuxer — tsmuxer |
Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. | 2021-04-14 | not yet calculated | CVE-2021-26805 MISC |
| valve_steam — valve_steam |
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. | 2021-04-10 | not yet calculated | CVE-2021-30481 MISC MISC MISC MISC |
| wfilter — icf |
Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function. | 2021-04-15 | not yet calculated | CVE-2021-3243 MISC |
| wordpress — wordpress | The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin before 2.3.9.4, Thrive Apprentice WordPress plugin before 2.3.9.4, Thrive Visual Editor WordPress plugin before 2.6.7.4, Thrive Dashboard WordPress plugin before 2.3.9.3, Thrive Ovation WordPress plugin before 2.4.5, Thrive Clever Widgets WordPress plugin before 1.57.1 and Rise by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0, Thrive Themes Builder WordPress theme before 2.2.4 register a REST API endpoint associated with Zapier functionality. While this endpoint was intended to require an API key in order to access, it was possible to access it by supplying an empty api_key parameter in vulnerable versions if Zapier was not enabled. Attackers could use this endpoint to add arbitrary data to a predefined option in the wp_options table. | 2021-04-12 | not yet calculated | CVE-2021-24219 CONFIRM MISC |
| wordpress — wordpress | The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. | 2021-04-12 | not yet calculated | CVE-2021-24218 CONFIRM MISC |
| wordpress — wordpress | The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the ‘s’ GET parameter on the Donors page. | 2021-04-12 | not yet calculated | CVE-2021-24213 MISC CONFIRM |
| wordpress — wordpress | The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE. | 2021-04-12 | not yet calculated | CVE-2021-24224 MISC CONFIRM |
| wordpress — wordpress | Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code. | 2021-04-12 | not yet calculated | CVE-2021-24220 CONFIRM MISC |
| wordpress — wordpress | WordPress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. | 2021-04-15 | not yet calculated | CVE-2021-29447 CONFIRM MISC |
| wordpress — wordpress | The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE. | 2021-04-12 | not yet calculated | CVE-2021-24222 MISC CONFIRM |
| wordpress — wordpress |
The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the “Seasons & Calendars” page before outputing it in an A tag, leading to a reflected XSS issue | 2021-04-12 | not yet calculated | CVE-2021-24225 MISC CONFIRM |
| wordpress — wordpress |
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution. | 2021-04-12 | not yet calculated | CVE-2021-24217 CONFIRM MISC |
| wordpress — wordpress |
The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it’s generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial. | 2021-04-12 | not yet calculated | CVE-2021-24223 MISC CONFIRM |
| wordpress — wordpress |
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource. | 2021-04-12 | not yet calculated | CVE-2021-24215 MISC CONFIRM |
| wordpress — wordpress |
WordPress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It’s strongly recommended that you keep auto-updates enabled to receive the fix. | 2021-04-15 | not yet calculated | CVE-2021-29450 CONFIRM MISC |
| wordpress — wordpress |
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attribute, concatenating it in a SQL statement and leading to an SQL injection. The lowest role allowed to use this shortcode in post or pages being author, such user could gain unauthorised access to the DBMS. If the shortcode (without the id attribute) is embed on a public page or post, then unauthenticated users could exploit the injection. | 2021-04-12 | not yet calculated | CVE-2021-24221 MISC CONFIRM |
| x2engine — x2crm |
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the “Comment” field in “/profile/activity” page. | 2021-04-14 | not yet calculated | CVE-2021-27288 MISC |
| x2engine — x2engine |
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the “First Name” and “Last Name” fields in “/index.php/contacts/create page” | 2021-04-14 | not yet calculated | CVE-2020-21088 MISC MISC |
| xerox — altalink |
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. | 2021-04-13 | not yet calculated | CVE-2019-10881 MISC |
| yubico — yubihsm-connector |
An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this. | 2021-04-14 | not yet calculated | CVE-2021-28484 MISC MISC |
| zoom — chat |
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat software, which is different from the chat feature of the Zoom Meetings and Zoom Video Webinars software. | 2021-04-09 | not yet calculated | CVE-2021-30480 MISC MISC MISC MISC MISC MISC |
| zte — multiple_products |
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1 | 2021-04-13 | not yet calculated | CVE-2021-21729 MISC |
| zte — zxclous_irai |
A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused because the management page does not fully verify whether the request comes from a trusted user. The attacker could submit a malicious request to the affected device to delete the data. This affects: ZXCLOUD iRAI All versions up to KVM-ProductV6.03.04 | 2021-04-13 | not yet calculated | CVE-2021-21731 MISC |
| zte — zxhn_h168n | A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this vulnerability to access CLI by brute force attacks.This affects: ZXHN H168N V3.5.0_TY.T6 | 2021-04-13 | not yet calculated | CVE-2021-21730 MISC |
| zulip — server
|
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation. | 2021-04-15 | not yet calculated | CVE-2021-30478 MISC |
| zulip — server
|
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to. | 2021-04-15 | not yet calculated | CVE-2021-30477 MISC |
| zulip — server |
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation. | 2021-04-15 | not yet calculated | CVE-2021-30487 MISC |
| zulip — server |
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization. | 2021-04-15 | not yet calculated | CVE-2021-30479 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.