Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Vulnerability Summary for the Week of January 4, 2021
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by
the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the
following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may
include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that
some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.
High Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
1234n -- minicms
Directory traversal vulnerability in post-
edit.php in MiniCMS V1.10 allows remote
attackers to include and execute arbitrary
files via the state parameter.
2021-01-05 7.5
CVE-
2020-
36052
MISC
asciitable.js_project --
asciitable.js
The package asciitable.js before 1.0.3 are
vulnerable to Prototype Pollution via the
main function.
2021-01-04 7.5
CVE-
2020-7771
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
asus -- dsl-n17u_firmware
The ASUS DSL-N17U modem with
firmware 1.1.0.2 allows attackers to access
the admin interface by changing the admin
password without authentication via a POST
request to Advanced_System_Content.asp
with the
uiViewTools_username=admin&uiViewToo
ls_Password= and
uiViewTools_PasswordConfirm= substrings.
2021-01-04 10
CVE-
2020-
35219
MISC
MISC
chatter-social -- creeper
Creeper is an experimental dynamic,
interpreted language. The binary release of
Creeper Interpreter 1.1.3 contains potential
malware. The compromised binary release
was available for a few hours between
December 26, 2020 at 3:22 PM EST to
December 26, 2020 at 11:00 PM EST. If you
used the source code, you are **NOT**
affected. This only affects the binary
releases. The binary of unknown quality has
been removed from the release. If you have
downloaded the binary, please delete it and
run a reputable antivirus scanner to ensure
that your computer is clean.
2021-01-04 7.5
CVE-
2020-
26292
CONFIR
M
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
clickhouse-driver_project
-- clickhouse-driver
clickhouse-driver before 0.1.5 allows a
malicious clickhouse server to trigger a crash
or execute arbitrary code (on a database
client) via a crafted server response, due to a
buffer overflow.
2021-01-06 7.5
CVE-
2020-
26759
MISC
MISC
cse_bookstore_project --
cse_bookstore
CSE Bookstore version 1.0 is vulnerable to
time-based blind, boolean-based blind and
OR error-based SQL injection in pubid
parameter in bookPerPub.php and in
cart.php. A successful exploitation of this
vulnerability will lead to an attacker
dumping the entire database on which the
web application is running.
2021-01-04 7.5
CVE-
2020-
36112
MISC
dell -- emc_isilon_onefs
Dell EMC Isilon OneFS versions 8.1 and
later and Dell EMC PowerScale OneFS
version 9.0.0 contain a privilege escalation
vulnerability on a SmartLock Compliance
mode cluster. The compadmin user
connecting using ISI PRIV LOGIN SSH or
ISI PRIV LOGIN CONSOLE can elevate
privileges to the root user if they have ISI
PRIV HARDENING privileges.
2021-01-05 7.2
CVE-
2020-
26181
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
djv_project -- djv
This affects the package djv before 2.1.4. By
controlling the schema file, an attacker can
run arbitrary JavaScript code on the victim
machine.
2021-01-04 10
CVE-
2020-
28464
MISC
MISC
MISC
drivergenius --
drivergenius_firmware
MyDrivers64.sys in DriverGenius
9.61.3708.3054 allows attackers to cause a
system crash via the ioctl command
0x9c402000 to \\.\MyDrivers0_0_1.
2021-01-03 7.1
CVE-
2020-
28841
MISC
MISC
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp2.datasources.S
haredPoolDataSource.
2021-01-06 7.5
CVE-
2020-
36185
MISC
MISC
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp.cpdsadapter.Dr
iverAdapterCPDS.
2021-01-06 7.5
CVE-
2020-
36181
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp2.cpdsadapter.
DriverAdapterCPDS.
2021-01-07 7.5
CVE-
2020-
36182
MISC
MISC
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
org.docx4j.org.apache.xalan.lib.sql.JNDICon
nectionPool.
2021-01-07 7.5
CVE-
2020-
36183
MISC
MISC
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp2.datasources.P
erUserPoolDataSource.
2021-01-06 7.5
CVE-
2020-
36184
MISC
MISC
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
oadd.org.apache.commons.dbcp.cpdsadapter.
DriverAdapterCPDS.
2021-01-07 7.5
CVE-
2020-
36179
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp.datasources.Pe
rUserPoolDataSource.
2021-01-06 7.5
CVE-
2020-
36186
MISC
MISC
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp.datasources.Sh
aredPoolDataSource.
2021-01-06 7.5
CVE-
2020-
36187
MISC
MISC
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
com.newrelic.agent.deps.ch.qos.logback.core
.db.JNDIConnectionSource.
2021-01-06 7.5
CVE-
2020-
36188
MISC
MISC
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
com.newrelic.agent.deps.ch.qos.logback.core
.db.DriverManagerConnectionSource.
2021-01-06 7.5
CVE-
2020-
36189
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
fasterxml -- jackson-
databind
FasterXML jackson-databind 2.x before
2.9.10.8 mishandles the interaction between
serialization gadgets and typing, related to
org.apache.commons.dbcp2.cpdsadapter.Dri
verAdapterCPDS.
2021-01-07 7.5
CVE-
2020-
36180
MISC
MISC
google -- android
An issue was discovered on Samsung mobile
devices with O(8.x), P(9.0), Q(10.0), and
R(11.0) (Exynos chipsets) software. The
Mali GPU driver allows out-of-bounds
access and a device reset. The Samsung ID is
SVE-2020-19174 (January 2021).
2021-01-05 7.1
CVE-
2021-
22495
MISC
ibm --
sterling_b2b_integrator
IBM Sterling B2B Integrator Standard
Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0
through 6.0.3.2, and 6.1.0.0 could allow a
remote attacker to execute arbitrary code on
the system, caused by the deserialization of
untrusted data. By sending specially crafted
request, an attacker could exploit this
vulnerability to execute arbitrary code with
SYSTEM privileges. IBM X-Force ID:
172452.
2021-01-05 9
CVE-
2019-4728
XF
CONFIR
M
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
ipeak -- ipeakcms
ipeak Infosystems ibexwebCMS (aka
IPeakCMS) 3.5 is vulnerable to an
unauthenticated Boolean-based SQL
injection via the id parameter on the
/cms/print.php page.
2021-01-05 7.5
CVE-
2021-3018
MISC
MISC
MISC
MISC
MISC
ispconfig -- ispconfig ISPConfig before 3.2.2 allows SQL
injection. 2021-01-05 7.5
CVE-
2021-3021
MISC
MISC
linux -- linux_kernel
mwifiex_cmd_802_11_ad_hoc_start in
drivers/net/wireless/marvell/mwifiex/join.c
in the Linux kernel through 5.10.4 might
allow remote attackers to execute arbitrary
code via a long SSID value, aka CID-
5c455c5ab332.
2021-01-05 8.3
CVE-
2020-
36158
MISC
MISC
MISC
MISC
proofpoint --
inside_threat_managemen
t
rcdsvc in the Proofpoint Insider Threat
Management Windows Agent (formerly
ObserveIT Windows Agent) before 7.9
2021-01-06 9
CVE-
2020-8884
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
allows remote authenticated users to execute
arbitrary code as SYSTEM because of
improper deserialization over named pipes.
CONFIR
M
proofpoint --
insider_threat_manageme
nt_server
The Proofpoint Insider Threat Management
Server (formerly ObserveIT Server) before
7.9.1 contains a vulnerability in the ITM
application server's WriteImage API. The
vulnerability allows an anonymous remote
attacker to execute arbitrary code with local
administrator privileges. The vulnerability is
caused by improper deserialization.
2021-01-06 7.5
CVE-
2020-
10658
MISC
CONFIR
M
proofpoint --
insider_threat_manageme
nt_server
The Proofpoint Insider Threat Management
Server (formerly ObserveIT Server) before
7.9.1 contains a vulnerability in the ITM
application server's
WriteWindowMouseWithChunksV2 API.
The vulnerability allows an anonymous
remote attacker to execute arbitrary code
with local administrator privileges. The
vulnerability is caused by improper
deserialization.
2021-01-06 7.5
CVE-
2020-
10656
MISC
CONFIR
M
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
proofpoint --
insider_threat_manageme
nt_server
The Proofpoint Insider Threat Management
Server (formerly ObserveIT Server) before
7.9.1 contains a vulnerability in the ITM
application server's WriteWindowMouse
API. The vulnerability allows an anonymous
remote attacker to execute arbitrary code
with local administrator privileges. The
vulnerability is caused by improper
deserialization.
2021-01-06 7.5
CVE-
2020-
10655
MISC
CONFIR
M
redlion -- crimson
A NULL pointer deference vulnerability has
been identified in the protocol converter. An
attacker could send a specially crafted packet
that could reboot the device running Crimson
3.1 (Build versions prior to 3119.001).
2021-01-06 7.8
CVE-
2020-
27279
MISC
rest\/json_project --
rest\/json
The REST/JSON project 7.x-1.x for Drupal
allows field access bypass, aka SA-
CONTRIB-2016-033. NOTE: This project is
not covered by Drupal's security advisory
policy.
2021-01-01 7.5
CVE-
2016-
20004
MISC
rest\/json_project --
rest\/json
The REST/JSON project 7.x-1.x for Drupal
allows node access bypass, aka SA-2021-01-01 7.5
CVE-
2016-
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
CONTRIB-2016-033. NOTE: This project is
not covered by Drupal's security advisory
policy.
20001
MISC
rest\/json_project --
rest\/json
The REST/JSON project 7.x-1.x for Drupal
allows comment access bypass, aka SA-
CONTRIB-2016-033. NOTE: This project is
not covered by Drupal's security advisory
policy.
2021-01-01 7.5
CVE-
2016-
20002
MISC
rest\/json_project --
rest\/json
The REST/JSON project 7.x-1.x for Drupal
allows user registration bypass, aka SA-
CONTRIB-2016-033. NOTE: This project is
not covered by Drupal's security advisory
policy.
2021-01-01 7.5
CVE-
2016-
20005
MISC
thecodingmachine --
gotenberg
A directory traversal vulnerability in file
upload function of Gotenberg through 6.2.1
allows an attacker to upload and overwrite
any writable files outside the intended folder.
This can lead to DoS, a change to program
behavior, or code execution.
2021-01-07 7.5
CVE-
2020-
13450
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
thecodingmachine --
gotenberg
An incomplete-cleanup vulnerability in the
Office rendering engine of Gotenberg
through 6.2.1 allows an attacker to overwrite
LibreOffice configuration files and execute
arbitrary code via macros.
2021-01-07 7.5
CVE-
2020-
13451
MISC
MISC
thecodingmachine --
gotenberg
In Gotenberg through 6.2.1, insecure
permissions for tini (writable by user
gotenberg) potentially allow an attacker to
overwrite the file, which can lead to denial of
service or code execution.
2021-01-07 7.5
CVE-
2020-
13452
MISC
MISC
thedaylightstudio --
fuel_cms
FUEL CMS 1.4.11 allows SQL Injection via
parameter 'name' in /fuel/permissions/create/.
Exploiting this issue could allow an attacker
to compromise the application, access or
modify data, or exploit latent vulnerabilities
in the underlying database.
2021-01-05 7.5
CVE-
2020-
26045
MISC
MISC
MISC
uclouvain -- openjpeg
A flaw was found in OpenJPEG in versions
prior to 2.4.0. This flaw allows an attacker to
provide specially crafted input to the
conversion or encoding functionality,
causing an out-of-bounds read. The highest
2021-01-05 7.1
CVE-
2020-
27843
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
threat from this vulnerability is system
availability.
uclouvain -- openjpeg
A flaw was found in openjpeg's
src/lib/openjp2/t2.c in versions prior to 2.4.0.
This flaw allows an attacker to provide
crafted input to openjpeg during conversion
and encoding, causing an out-of-bounds
write. The highest threat from this
vulnerability is to confidentiality, integrity,
as well as system availability.
2021-01-05 8.3
CVE-
2020-
27844
MISC
ultimatemember --
ultimate_member
An issue was discovered in the Ultimate
Member plugin before 2.1.12 for WordPress,
aka Unauthenticated Privilege Escalation via
User Meta. An attacker could supply an
array parameter for sensitive metadata, such
as the wp_capabilities user meta that defines
a user's role. During the registration process,
submitted registration details were passed to
the update_profile function, and any
metadata was accepted, e.g.,
wp_capabilities[administrator] for
Administrator access.
2021-01-04 7.5
CVE-
2020-
36155
MISC
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
ultimatemember --
ultimate_member
An issue was discovered in the Ultimate
Member plugin before 2.1.12 for WordPress,
aka Unauthenticated Privilege Escalation via
User Roles. Due to the lack of filtering on
the role parameter that could be supplied
during the registration process, an attacker
could supply the role parameter with a
WordPress capability (or any custom
Ultimate Member role) and effectively be
granted those privileges.
2021-01-04 7.5
CVE-
2020-
36157
MISC
MISC
MISC
win911 -- mobile-
911_server
An exploitable local privilege elevation
vulnerability exists in the file system
permissions of the Mobile-911 Server V2.5
install directory. Depending on the vector
chosen, an attacker can overwrite the service
executable and execute arbitrary code with
System privileges or replace other files
within the installation folder that could lead
to local privilege escalation.
2021-01-05 7.2
CVE-
2020-
13541
MISC
Medium Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
1234n -- minicms
Directory traversal vulnerability in
page_edit.php in MiniCMS V1.10
allows remote attackers to read arbitrary
files via the state parameter.
2021-01-05 5
CVE-
2020-
36051
MISC
advancedcustomfields --
advanced_custom_fields
The Advanced Custom Fields plugin
before 5.8.12 for WordPress mishandles
the escaping of strings in Select2
dropdowns, potentially leading to XSS.
2021-01-06 4.3
CVE-
2020-
36172
MISC
apache -- flink
Apache Flink 1.5.1 introduced a REST
handler that allows you to write an
uploaded file to an arbitrary location on
the local file system, through a
maliciously modified HTTP HEADER.
The files can be written to any location
accessible by Flink 1.5.1. All users
should upgrade to Flink 1.11.3 or 1.12.0
if their Flink instance(s) are exposed.
The issue was fixed in commit
a5264a6f41524afe8ceadf1d8ddc8c80f32
3ebc4 from apache/flink:master.
2021-01-05 5
CVE-
2020-
17518
MLIST
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
MLIST
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
apache -- flink
A change introduced in Apache Flink
1.11.0 (and released in 1.11.1 and 1.11.2
as well) allows attackers to read any file
on the local filesystem of the
JobManager through the REST interface
of the JobManager process. Access is
restricted to files accessible by the
JobManager process. All users should
upgrade to Flink 1.11.3 or 1.12.0 if their
Flink instance(s) are exposed. The issue
was fixed in commit
b561010b0ee741543c3953306037f00d7
a9f0801 from apache/flink:master.
2021-01-05 5
CVE-
2020-
17519
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
MISC
MLIST
MLIST
MLIST
broadcom -- ca_service_catalog
CA Service Catalog 17.2 and 17.3
contain a vulnerability in the default
configuration of the Setup Utility that
may allow a remote attacker to cause a
denial of service condition.
2021-01-05 5
CVE-
2020-
29478
CONFIR
M
dell -- emc_powerstore_firmware
Dell EMC PowerStore versions prior to
1.0.3.0.5.007 contain a Plain-Text
Password Storage Vulnerability in
PowerStore X & T environments. A
locally authenticated attacker could
potentially exploit this vulnerability,
2021-01-05 4.6
CVE-
2020-
29502
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
leading to the disclosure of certain user
credentials. The attacker may be able to
use the exposed credentials to access the
vulnerable application with privileges of
the compromised account.
dell -- emc_powerstore_firmware
Dell EMC PowerStore versions prior to
1.0.3.0.5.007 contain a Plain-Text
Password Storage Vulnerability in
PowerStore X & T environments. A
locally authenticated attacker could
potentially exploit this vulnerability,
leading to the disclosure of certain user
credentials. The attacker may be able to
use the exposed credentials to access the
vulnerable application with privileges of
the compromised account.
2021-01-05 4.6
CVE-
2020-
29501
MISC
dell -- emc_powerstore_firmware
Dell EMC PowerStore versions prior to
1.0.3.0.5.007 contain a Plain-Text
Password Storage Vulnerability in
PowerStore T environments. A locally
authenticated attacker could potentially
exploit this vulnerability, leading to the
disclosure of certain user credentials.
The attacker may be able to use the
2021-01-05 4.6
CVE-
2020-
29500
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
exposed credentials to access the
vulnerable application with privileges of
the compromised account.
dell -- wyse_management_suite
Dell Wyse Management Suite versions
prior to 3.1 contain an open redirect
vulnerability. A remote unauthenticated
attacker could potentially exploit this
vulnerability to redirect application
users to arbitrary web URLs by tricking
the victim users to click on maliciously
crafted links. The vulnerability could be
used to conduct phishing attacks that
cause users to unknowingly visit
malicious sites.
2021-01-04 5.8
CVE-
2020-
29498
MISC
dell -- wyse_thinos
Dell Wyse ThinOS 8.6 and prior
versions contain an insecure default
configuration vulnerability. A remote
unauthenticated attacker could
potentially exploit this vulnerability to
access the writable file and manipulate
the configuration of any target specific
station.
2021-01-04 6.4
CVE-
2020-
29492
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
dell -- wyse_thinos
Dell Wyse ThinOS 8.6 and prior
versions contain an insecure default
configuration vulnerability. A remote
unauthenticated attacker could
potentially exploit this vulnerability to
gain access to the sensitive information
on the local network, leading to the
potential compromise of impacted thin
clients.
2021-01-04 5
CVE-
2020-
29491
MISC
digisol -- dg-hr3400_firmware
Cross Site Scripting (XSS) vulnerability
in Digisol DG-HR3400 can be exploited
via the NTP server name in Time and
date module and "Keyword" in URL
Filter.
2021-01-06 4.3
CVE-
2020-
35262
MISC
MISC
MISC
dovecot -- dovecot
An issue was discovered in Dovecot
before 2.3.13. By using IMAP IDLE, an
authenticated attacker can trigger
unhibernation via attacker-controlled
parameters, leading to access to other
users' email messages (and path
disclosure).
2021-01-04 6.5
CVE-
2020-
24386
MISC
FULLDIS
C
CONFIR
M
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
CONFIR
M
MISC
GENTOO
DEBIAN
dovecot -- dovecot
Dovecot before 2.3.13 has Improper
Input Validation in lda, lmtp, and imap,
leading to an application crash via a
crafted email message with certain
choices for ten thousand MIME parts.
2021-01-04 5
CVE-
2020-
25275
MISC
FULLDIS
C
CONFIR
M
CONFIR
M
MISC
GENTOO
DEBIAN
expresstech --
quiz_and_survey_master
An issue was discovered in the Quiz and
Survey Master plugin before 7.0.1 for
WordPress. It allows users to delete
arbitrary files such as wp-config.php
file, which could effectively take a site
offline and allow an attacker to reinstall
2021-01-01 6.4
CVE-
2020-
35951
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
with a WordPress instance under their
control. This occurred via
qsm_remove_file_fd_question, which
allowed unauthenticated deletions (even
though it was only intended for a person
to delete their own quiz-answer files).
ffmpeg -- ffmpeg
decode_frame in libavcodec/exr.c in
FFmpeg 4.3.1 has an out-of-bounds
write because of errors in calculations of
when to perform memset zero
operations.
2021-01-04 5
CVE-
2020-
35965
MISC
MISC
MISC
ffmpeg -- ffmpeg
track_header in libavformat/vividas.c in
FFmpeg 4.3.1 has an out-of-bounds
write because of incorrect extradata
packing.
2021-01-03 4.3
CVE-
2020-
35964
MISC
MISC
foxitsoftware -- phantompdf
Foxit Reader before 9.5, and
PhantomPDF before 8.3.10 and 9.x
before 9.5, has a proxyPreviewAction
race condition that can cause a stack-
2021-01-07 6.8
CVE-
2018-
20313
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
based buffer overflow or an out-of-
bounds read.
foxitsoftware -- phantompdf
Foxit Reader before 9.5, and
PhantomPDF before 8.3.10 and 9.x
before 9.5, has a proxyDoAction race
condition that can cause a stack-based
buffer overflow or an out-of-bounds
read, a different issue than CVE-2018-
20310 because of a different opcode.
2021-01-07 6.8
CVE-
2018-
20312
MISC
foxitsoftware -- phantompdf
Foxit Reader before 9.5, and
PhantomPDF before 8.3.10 and 9.x
before 9.5, has a race condition that can
cause a stack-based buffer overflow or
an out-of-bounds read.
2021-01-07 6.8
CVE-
2018-
20315
MISC
foxitsoftware -- phantompdf
Foxit Reader before 9.5, and
PhantomPDF before 8.3.10 and 9.x
before 9.5, has a proxyCheckLicence
race condition that can cause a stack-
based buffer overflow or an out-of-
bounds read.
2021-01-07 6.8
CVE-
2018-
20314
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
foxitsoftware -- phantompdf
Foxit Reader before 9.5, and
PhantomPDF before 8.3.10 and 9.x
before 9.5, has a proxyDoAction race
condition that can cause a stack-based
buffer overflow or an out-of-bounds
read, a different issue than CVE-2018-
20310 because of a different opcode.
2021-01-07 6.8
CVE-
2018-
20316
MISC
foxitsoftware -- phantompdf
Foxit Reader before 9.5, and
PhantomPDF before 8.3.10 and 9.x
before 9.5, has a proxyCPDFAction race
condition that can cause a stack-based
buffer overflow or an out-of-bounds
read.
2021-01-07 6.8
CVE-
2018-
20311
MISC
foxitsoftware -- phantompdf
Foxit Reader before 9.5, and
PhantomPDF before 8.3.10 and 9.x
before 9.5, has a proxyGetAppEdition
race condition that can cause a stack-
based buffer overflow or an out-of-
bounds read.
2021-01-07 6.8
CVE-
2018-
20309
MISC
foxitsoftware -- phantompdf
Foxit Reader before 9.5, and
PhantomPDF before 8.3.10 and 9.x
before 9.5, has a proxyDoAction race
2021-01-07 6.8
CVE-
2018-
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
condition that can cause a stack-based
buffer overflow or an out-of-bounds
read.
20310
MISC
gigamon -- gigavue-os GigaVUE-OS (GVOS) 5.4 - 5.9 stores a
Redis database password in plaintext. 2021-01-05 4
CVE-
2020-
23249
MISC
gjson_project -- gjson
GJSON <=v1.6.5 allows attackers to
cause a denial of service (panic: runtime
error: slice bounds out of range) via a
crafted GET call.
2021-01-05 5
CVE-
2020-
36067
MISC
gjson_project -- gjson
GJSON <1.6.5 allows attackers to cause
a denial of service (remote) via crafted
JSON.
2021-01-05 5
CVE-
2020-
36066
MISC
gnu -- binutils
There's a flaw in
bfd_pef_scan_start_address() of
bfd/pef.c in binutils which could allow
an attacker who is able to submit a
crafted file to be processed by objdump
2021-01-04 4.3
CVE-
2020-
35496
MISC
FEDORA
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
to cause a NULL pointer dereference.
The greatest threat of this flaw is to
application availability. This flaw
affects binutils versions prior to 2.34.
gnu -- binutils
There's a flaw in binutils /opcodes/tic4x-
dis.c. An attacker who is able to submit
a crafted input file to be processed by
binutils could cause usage of
uninitialized memory. The highest threat
is to application availability with a
lower threat to data confidentiality. This
flaw affects binutils versions prior to
2.34.
2021-01-04 5.8
CVE-
2020-
35494
MISC
FEDORA
gnu -- binutils
A flaw exists in binutils in bfd/pef.c. An
attacker who is able to submit a crafted
PEF file to be parsed by objdump could
cause a heap buffer overflow -> out-of-
bounds read that could lead to an impact
to application availability. This flaw
affects binutils versions prior to 2.34.
2021-01-04 4.3
CVE-
2020-
35493
MISC
FEDORA
gnu -- binutils There's a flaw in binutils /bfd/pef.c. An
attacker who is able to submit a crafted 2021-01-04 4.3
CVE-
2020-
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
input file to be processed by the
objdump program could cause a null
pointer dereference. The greatest threat
from this flaw is to application
availability. This flaw affects binutils
versions prior to 2.34.
35495
MISC
FEDORA
gnu -- binutils
There's a flaw in
bfd_pef_parse_function_stubs of
bfd/pef.c in binutils which could allow
an attacker who is able to submit a
crafted file to be processed by objdump
to cause a NULL pointer dereference.
The greatest threat of this flaw is to
application availability. This flaw
affects binutils versions prior to 2.34.
2021-01-04 4.3
CVE-
2020-
35507
MISC
gnu -- glibc
The iconv feature in the GNU C Library
(aka glibc or libc6) through 2.32, when
processing invalid multi-byte input
sequences in the EUC-KR encoding,
may have a buffer over-read.
2021-01-04 5
CVE-
2019-
25013
MISC
MISC
golang -- go In x/text in Go 1.15.4, an "index out of
range" panic occurs in 2021-01-02 5
CVE-
2020-
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
language.ParseAcceptLanguage while
parsing the -u- extension.
(x/text/language is supposed to be able
to parse an HTTP Accept-Language
header.)
28851
MISC
golang -- go
In x/text in Go 1.15.4, a "slice bounds
out of range" panic occurs in
language.ParseAcceptLanguage while
processing a BCP 47 tag.
(x/text/language is supposed to be able
to parse an HTTP Accept-Language
header.)
2021-01-02 5
CVE-
2020-
28852
MISC
google -- android
An issue was discovered on Samsung
mobile devices with O(8.x), P(9.0), and
Q(10.0) software. The quram library
allows attackers to execute arbitrary
code or cause a denial of service
(memory corruption) during dng
decoding. The Samsung ID is SVE-
2020-18811 (January 2021).
2021-01-05 6.8
CVE-
2021-
22493
MISC
google -- android An issue was discovered in the
fingerprint scanner on Samsung Note20 2021-01-05 4.3
CVE-
2021-
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
mobile devices with Q(10.0) software.
When a screen protector is used, the
required image compensation is not
present. Consequently, inversion can
occur during fingerprint enrollment, and
a high False Recognition Rate (FRR)
can occur. The Samsung ID is SVE-
2020-19216 (January 2021).
22494
MISC
google -- android
An issue was discovered on Samsung
mobile devices with O(8.x), P(9.0), and
Q(10.0) (Broadcom Bluetooth chipsets)
software. The Bluetooth UART driver
has a buffer overflow. The Samsung ID
is SVE-2020-18731 (January 2021).
2021-01-05 5.8
CVE-
2021-
22492
MISC
hp -- integrated_lights-out_4
A potential security vulnerability has
been identified in HPE Integrated
Lights-Out 5 (iLO 5) and Integrated
Lights-Out 4 (iLO 4) firmware. The
vulnerability could be remotely
exploited to disclose the serial number
and other information.
2021-01-05 5
CVE-
2020-7202
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
htmlsanitizer_project -- htmlsanitizer
HtmlSanitizer is a .NET library for
cleaning HTML fragments and
documents from constructs that can lead
to XSS attacks. In HtmlSanitizer before
version 5.0.372, there is a possible XSS
bypass if style tag is allowed. If you
have explicitly allowed the `<style>`
tag, an attacker could craft HTML that
includes script after passing through the
sanitizer. The default settings disallow
the `<style>` tag so there is no risk if
you have not explicitly allowed the
`<style>` tag. The problem has been
fixed in version 5.0.372.
2021-01-04 4.3
CVE-
2020-
26293
MISC
MISC
CONFIR
M
MISC
ibm -- api_connect
IBM API Connect 5.0.0.0 through
5.0.8.10 could potentially leak sensitive
information or allow for data corruption
due to plain text transmission of
sensitive information across the
network. IBM X-Force ID: 190990.
2021-01-05 6.4
CVE-
2020-4899
XF
CONFIR
M
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 is
vulnerable to cross-site request forgery
which could allow an attacker to execute
malicious and unauthorized actions
2021-01-04 6.8
CVE-
2020-4917
XF
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
transmitted from a user that the website
trusts. IBM X-Force ID: 191391.
CONFIR
M
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 could allow
a local privileged attacker to upload
arbitrary files. By intercepting the
request and modifying the file extention,
the attacker could execute arbitrary code
on the server. IBM X-Force ID: 191705.
2021-01-04 4.6
CVE-
2020-4928
XF
CONFIR
M
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 Self Service
Console could allow a privilege
escalation by capturing the user request
URL when logged in as a privileged
user. IBM X-Force ID: 191287.
2021-01-04 6.5
CVE-
2020-4912
XF
CONFIR
M
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 has
insufficient logout controls which could
allow an authenticated privileged user to
impersonate another user on the system.
IBM X-Force ID: 191395.
2021-01-04 5.5
CVE-
2020-4919
XF
CONFIR
M
ibm --
curam_social_program_management
IBM Curam Social Program
Management 7.0.9 and 7.0.11 is 2021-01-04 6.8
CVE-
2020-4942
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
vulnerable to cross-site request forgery
which could allow an attacker to execute
malicious and unauthorized actions
transmitted from a user that the website
trusts. IBM X-Force ID: 191942.
XF
CONFIR
M
ibm --
emptoris_strategic_supply_managem
ent
IBM Emptoris Strategic Supply
Management 10.1.0, 10.1.1, and 10.1.3
transmits sensitive information in HTTP
GET request parameters. This may lead
to information disclosure via man in the
middle methods. IBM X-Force ID:
190984.
2021-01-07 4.3
CVE-
2020-4893
XF
CONFIR
M
ibm --
emptoris_strategic_supply_managem
ent
IBM Emptoris Strategic Supply
Management 10.1.3 uses weaker than
expected cryptographic algorithms that
could allow an attacker to decrypt
highly sensitive information. IBM X-
Force ID: 190989.
2021-01-07 5
CVE-
2020-4898
XF
CONFIR
M
ibm -- sterling_b2b_integrator
IBM Sterling B2B Integrator Standard
Edition 5.2.0.0 through 5.2.6.5_2,
6.0.0.0 through 6.0.3.2, and 6.1.0.0
could allow an authenticated user to
2021-01-05 6.5
CVE-
2020-4762
XF
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
create a privileged account due to
improper access controls. IBM X-Force
ID: 188896.
CONFIR
M
ibm -- sterling_b2b_integrator
IBM Sterling B2B Integrator Standard
Edition 5.2.0.0 through 5.2.6.5_2,
6.0.0.0 through 6.0.3.2, and 6.1.0.0
could allow a remote attacker to obtain
sensitive information when a detailed
technical error message is returned in
the browser. This information could be
used in further attacks against the
system. IBM X-Force ID: 188895.
2021-01-05 5
CVE-
2020-4761
XF
CONFIR
M
invisioncommunity --
ips_community_suite
Invision Community IPS Community
Suite before 4.5.4.2 allows XSS during
the quoting of a post or comment.
2021-01-05 4.3
CVE-
2021-3026
MISC
kamadak-exif_project -- kamadak-
exif
kamadak-exif is an exif parsing library
written in pure Rust. In kamadak-exif
version 0.5.2, there is an infinite loop in
parsing crafted PNG files. Specifically,
reader::read_from_container can cause
an infinite loop when a crafted PNG file
is given. This is fixed in version 0.5.3.
2021-01-06 4.3
CVE-
2021-
21235
MISC
MISC
CONFIR
M
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
No workaround is available.
Applications that do not pass files with
the PNG signature to
Reader::read_from_container are not
affected.
lanproxy_project -- lanproxy
ffay lanproxy 0.1 allows Directory
Traversal to read
/../conf/config.properties to obtain
credentials for a connection to the
intranet.
2021-01-05 5
CVE-
2021-3019
MISC
MISC
limit_login_attempts_project --
limit_login_attempts
The Limit Login Attempts plugin before
1.7.1 for WordPress does not clear auth
cookies upon a lockout, which might
make it easier for remote attackers to
conduct brute-force authentication
attempts.
2021-01-06 5
CVE-
2012-
10001
MISC
loopring -- loopring
The sellTokenForLRC function in the
vault protocol in the smart contract
implementation for Loopring (LRC), an
Ethereum token, lacks access control for
fee swapping and thus allows price
manipulation.
2021-01-03 5
CVE-
2020-
35962
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
mcafee --
network_security_management
Cross Site Request Forgery vulnerability
in McAfee Network Security
Management (NSM) prior to 10.1.7.35
and NSM 9.x prior to 9.2.9.55 may
allow an attacker to change the
configuration of the Network Security
Manager via a carefully crafted HTTP
request.
2021-01-05 4.3
CVE-
2020-7336
CONFIR
M
mikrotik -- routeros
In MikroTik RouterOS through 2021-
01-04, the hotspot login page is
vulnerable to reflected XSS via the
target parameter.
2021-01-04 4.3
CVE-
2021-3014
MISC
MISC
mk-auth -- mk-auth
MK-AUTH through 19.01 K4.9 allows
remote attackers to obtain sensitive
information (e.g., a CPF number) via a
modified titulo (aka invoice number)
value to the central/recibo.php URI.
2021-01-03 4
CVE-
2021-3005
MISC
MISC
mk-auth -- mk-auth
MK-AUTH through 19.01 K4.9 allows
CSRF for password changes via the
central/executar_central.php?acao=altse
nha_princ URI.
2021-01-04 6.8
CVE-
2021-
21495
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
ninjaforms -- ninja_forms
The Ninja Forms plugin before 3.4.27.1
for WordPress allows attackers to
bypass validation via the email field.
2021-01-06 5
CVE-
2020-
36175
MISC
ninjaforms -- ninja_forms
The Ninja Forms plugin before 3.4.28
for WordPress lacks escaping for
submissions-table fields.
2021-01-06 5
CVE-
2020-
36173
MISC
ninjaforms -- ninja_forms
The Ninja Forms plugin before 3.4.27.1
for WordPress allows CSRF via services
integration.
2021-01-06 4.3
CVE-
2020-
36174
MISC
nxlog -- nxlog
The fileop module of the NXLog service
in NXLog Community Edition
2.10.2150 allows remote attackers to
cause a denial of service (daemon crash)
via a crafted Syslog payload to the
Syslog service. This attack requires a
specific configuration. Also, the name of
the directory created must use a Syslog
field. (For example, on Linux it is not
possible to create a .. directory. On
2021-01-05 4.3
CVE-
2020-
35488
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
Windows, it is not possible to create a
CON directory.)
orangehrm -- orangehrm
SQL injection in the Buzz module of
OrangeHRM through 4.6 allows remote
authenticated attackers to execute
arbitrary SQL commands via the
orangehrmBuzzPlugin/lib/dao/BuzzDao.
php loadMorePostsForm[profileUserId]
parameter to the buzz/loadMoreProfile
endpoint.
2021-01-05 5.5
CVE-
2020-
29437
MISC
MISC
CONFIR
M
MISC
pagelayer -- pagelayer
An issue was discovered in the
PageLayer plugin before 1.1.2 for
WordPress. Nearly all of the AJAX
action endpoints lacked permission
checks, allowing these actions to be
executed by anyone authenticated on the
site. This happened because nonces
were used as a means of authorization,
but a nonce was present in a publicly
viewable page. The greatest impact was
the pagelayer_save_content function
that allowed pages to be modified and
allowed XSS to occur.
2021-01-01 6.5
CVE-
2020-
35947
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
pagelayer -- pagelayer
An issue was discovered in the
PageLayer plugin before 1.1.2 for
WordPress. The
pagelayer_settings_page function is
vulnerable to CSRF, which can lead to
XSS.
2021-01-01 6.8
CVE-
2020-
35944
MISC
MISC
proofpoint --
insider_threat_management_server
The Proofpoint Insider Threat
Management Server (formerly
ObserveIT Server) before 7.9.1 contains
a vulnerability in the ITM web console's
ImportAlertRules feature. The
vulnerability allows a remote attacker
(with admin or config-admin privileges
in the console) to execute arbitrary code
with local administrator privileges. The
vulnerability is caused by improper
deserialization.
2021-01-06 6.5
CVE-
2020-
10657
MISC
CONFIR
M
redlion -- crimson
An attacker could send a specially
crafted message to Crimson 3.1 (Build
versions prior to 3119.001) that could
leak arbitrary memory locations.
2021-01-06 5
CVE-
2020-
27283
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
redlion -- crimson
The default configuration of Crimson
3.1 (Build versions prior to 3119.001)
allows a user to be able to read and
modify the database without
authentication.
2021-01-06 6.4
CVE-
2020-
27285
MISC
rest\/json_project -- rest\/json
The REST/JSON project 7.x-1.x for
Drupal allows session enumeration, aka
SA-CONTRIB-2016-033. NOTE: This
project is not covered by Drupal's
security advisory policy.
2021-01-01 5
CVE-
2016-
20008
MISC
rest\/json_project -- rest\/json
The REST/JSON project 7.x-1.x for
Drupal allows user enumeration, aka
SA-CONTRIB-2016-033. NOTE: This
project is not covered by Drupal's
security advisory policy.
2021-01-01 5
CVE-
2016-
20003
MISC
rest\/json_project -- rest\/json
The REST/JSON project 7.x-1.x for
Drupal allows blockage of user logins,
aka SA-CONTRIB-2016-033. NOTE:
This project is not covered by Drupal's
security advisory policy.
2021-01-01 5
CVE-
2016-
20006
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
rest\/json_project -- rest\/json
The REST/JSON project 7.x-1.x for
Drupal allows session name guessing,
aka SA-CONTRIB-2016-033. NOTE:
This project is not covered by Drupal's
security advisory policy.
2021-01-01 5
CVE-
2016-
20007
MISC
seal_finance_project -- seal_finance
The breed function in the smart contract
implementation for Farm in Seal
Finance (Seal), an Ethereum token,
lacks access control and thus allows
price manipulation, as exploited in the
wild in December 2020 and January
2021.
2021-01-03 5
CVE-
2021-3006
MISC
MISC
seopanel -- seo_panel
Seo Panel 4.8.0 allows reflected XSS
via the
seo/seopanel/login.php?sec=forgot
email parameter.
2021-01-01 4.3
CVE-
2021-3002
MISC
MISC
solarwinds -- web_help_desk
SolarWinds Web Help Desk 12.7.0
allows HTML injection via a Comment
in a Help Request ticket.
2021-01-06 4.9
CVE-
2019-
16954
MISC
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
stableyieldcredit_project --
stableyieldcredit
The _deposit function in the smart
contract implementation for Stable
Yield Credit (yCREDIT), an Ethereum
token, has certain incorrect calculations.
An attacker can obtain more yCREDIT
tokens than they should.
2021-01-03 5
CVE-
2021-3004
MISC
MISC
thecodingmachine -- gotenberg
A directory traversal vulnerability in the
Markdown engine of Gotenberg through
6.2.1 allows an attacker to read any
container files.
2021-01-07 5
CVE-
2020-
13449
MISC
MISC
thedaylightstudio -- fuel_cms
FUEL CMS 1.4.11 has stored XSS in
Blocks/Navigation/Site variables. This
could lead to cookie stealing and other
malicious actions. This vulnerability can
be exploited with an authenticated
account and also impact other visitors.
2021-01-05 4.3
CVE-
2020-
26046
MISC
MISC
treasuredata -- fluent_bit
flb_gzip_compress in flb_gzip.c in
Fluent Bit before 1.6.4 has an out-of-
bounds write because it does not use the
correct calculation of the maximum gzip
data-size expansion.
2021-01-03 6.8
CVE-
2020-
35963
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
MISC
MISC
uclouvain -- openjpeg
There's a flaw in src/lib/openjp2/pi.c of
openjpeg in versions prior to 2.4.0. If an
attacker is able to provide untrusted
input to openjpeg's conversion/encoding
functionality, they could cause an out-
of-bounds read. The highest impact of
this flaw is to application availability.
2021-01-05 4.3
CVE-
2020-
27845
MISC
uclouvain -- openjpeg
There's a flaw in openjpeg's t2 encoder
in versions prior to 2.4.0. An attacker
who is able to provide crafted input to
be processed by openjpeg could cause a
null pointer dereference. The highest
impact of this flaw is to application
availability.
2021-01-05 4.3
CVE-
2020-
27842
MISC
uclouvain -- openjpeg
There's a flaw in openjpeg in versions
prior to 2.4.0 in src/lib/openjp2/pi.c.
When an attacker is able to provide
crafted input to be processed by the
openjpeg encoder, this could cause an
out-of-bounds read. The greatest impact
2021-01-05 4.3
CVE-
2020-
27841
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
from this flaw is to application
availability.
ultimatemember -- ultimate_member
The Ultimate Member plugin before
2.1.13 for WordPress mishandles hidden
name="timestamp" fields in forms.
2021-01-06 5
CVE-
2020-
36170
MISC
ultimatemember -- ultimate_member
An issue was discovered in the Ultimate
Member plugin before 2.1.12 for
WordPress, aka Authenticated Privilege
Escalation via Profile Update. Any user
with wp-admin access to the profile.php
page could supply the parameter um-
role with a value set to any role (e.g.,
Administrator) during a profile update,
and effectively escalate their privileges.
2021-01-04 6.5
CVE-
2020-
36156
MISC
MISC
MISC
veno_file_manager_project --
veno_file_manager
Veno File Manager 3.5.6 is affected by a
directory traversal vulnerability. Using
the traversal allows an attacker to
download sensitive files from the server.
2021-01-04 5
CVE-
2020-
22550
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
veritas -- desktop_and_laptop_option
Veritas Desktop and Laptop Option
(DLO) before 9.5 disclosed operational
information on the backup processing
status through a URL that did not
require authentication.
2021-01-05 5
CVE-
2020-
36159
MISC
vikisolutions -- vera
An issue was discovered in Viki Vera
4.9.1.26180. A user without access to a
project could download or upload
project files by opening the Project URL
directly in the browser after logging in.
2021-01-05 5.5
CVE-
2019-
20484
MISC
webform_report_project --
webform_report
The Webform Report project 7.x-1.x-
dev for Drupal allows remote attackers
to view submissions by visiting the
/rss.xml page. NOTE: This project is not
covered by Drupal's security advisory
policy.
2021-01-01 5
CVE-
2019-
25012
MISC
win911 -- win-911
An exploitable local privilege elevation
vulnerability exists in the file system
permissions of the Win-911 Enterprise
V4.20.13 install directory via “WIN-911
Mobile Runtime” service. Depending on
the vector chosen, an attacker can
2021-01-05 4.6
CVE-
2020-
13539
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch
Info
overwrite various executables which
could lead to escalation of the privileges
when executed.
win911 -- win-911
An exploitable local privilege elevation
vulnerability exists in the file system
permissions of the Win-911 Enterprise
V4.20.13 install directory via WIN-911
Account Change Utility. Depending on
the vector chosen, an attacker can
overwrite various executables which
could lead to escalation of the privileges
when executed.
2021-01-05 4.6
CVE-
2020-
13540
MISC
Low Vulnerabilities
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
beetel -- 777vr1_firmware Cross Site Scripting (XSS) vulnerability
in Beetel router 777VR1 can be exploited
2021-01-
06 3.5
CVE-
2020-
25498
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
via the NTP server name in System Time
and "Keyword" in URL Filter.
MISC
MISC
MISC
MISC
dell --
emc_unity_operating_environment
Dell EMC Unity, Unity XT, and
UnityVSA versions prior to 5.0.4.0.5.012
contain a plain-text password storage
vulnerability. A user credentials
(including the Unisphere admin privilege
user) password is stored in a plain text in
multiple log files. A local authenticated
attacker with access to the log files may
use the exposed password to gain access
with the privileges of the compromised
user.
2021-01-
05 2.1
CVE-
2020-
26199
MISC
dell -- unisphere
Dell EMC Unisphere for PowerMax
versions prior to 9.1.0.9, Dell EMC
Unisphere for PowerMax versions prior to
9.0.2.16, and Dell EMC PowerMax OS
5978.221.221 and 5978.479.479 contain a
Cross-Site Scripting (XSS) vulnerability.
An authenticated malicious user may
potentially exploit this vulnerability to
inject javascript code and affect other
authenticated users’ sessions.
2021-01-
05 3.5
CVE-
2020-
35170
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
dell -- wyse_management_suite
Dell Wyse Management Suite versions
prior to 3.1 contain a stored cross-site
scripting vulnerability. A remote
authenticated malicious user with high
privileges could exploit this vulnerability
to store malicious HTML or JavaScript
code while creating the Enduser. When
victim users access the submitted data
through their browsers, the malicious
code gets executed by the web browser in
the context of the vulnerable application.
2021-01-
04 3.5
CVE-
2020-
29496
MISC
dell -- wyse_management_suite
Dell Wyse Management Suite versions
prior to 3.1 contain a stored cross-site
scripting vulnerability. A remote
authenticated malicious user with low
privileges could exploit this vulnerability
to store malicious HTML or JavaScript
code under the device tag. When victim
users access the submitted data through
their browsers, the malicious code gets
executed by the web browser in the
context of the vulnerable application.
2021-01-
04 3.5
CVE-
2020-
29497
MISC
electronjs -- zonote zonote through 0.4.0 allows XSS via a
crafted note, with resultant Remote Code
2021-01-
01 3.5
CVE-
2020-
35717
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
Execution (because nodeIntegration in
webPreferences is true).
MISC
MISC
MISC
MISC
gigamon -- gigavue-os
GigaVUE-OS (GVOS) 5.4 - 5.9 uses a
weak algorithm for a hash stored in
internal database.
2021-01-
05 2.1
CVE-
2020-
23250
MISC
google -- android
An issue was discovered on LG mobile
devices with Android OS 10 software.
There was no write protection for the
MTK protect2 partition. The LG ID is
LVE-SMP-200028 (January 2021).
2021-01-
05 2.1
CVE-
2021-3022
MISC
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 is vulnerable
to cross-site scripting. This vulnerability
allows users to embed arbitrary JavaScript
code in the Web UI thus altering the
intended functionality potentially leading
to credentials disclosure within a trusted
session. IBM X-Force ID: 191274.
2021-01-
04 3.5
CVE-
2020-4910
XF
CONFIRM
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 is vulnerable
to cross-site scripting. This vulnerability
allows users to embed arbitrary JavaScript
code in the Web UI thus altering the
intended functionality potentially leading
to credentials disclosure within a trusted
session. IBM X-Force ID: 191273.
2021-01-
04 3.5
CVE-
2020-4909
XF
CONFIRM
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 could reveal
credential information in the HTTP
response to a local privileged user. IBM
X-Force ID: 191288.
2021-01-
04 2.1
CVE-
2020-4913
XF
CONFIRM
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 could allow l
local privileged user to disclose sensitive
information due to an insecure direct
object reference in sell service console for
the Platform System Manager. IBM X-
Force ID: 191392.
2021-01-
04 2.1
CVE-
2020-4918
XF
CONFIRM
ibm -- cloud_pak_system
IBM Cloud Pak System 2.3 is vulnerable
to cross-site scripting. This vulnerability
allows users to embed arbitrary JavaScript
code in the Web UI thus altering the
intended functionality potentially leading
2021-01-
04 3.5
CVE-
2020-4916
XF
CONFIRM
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
to credentials disclosure within a trusted
session. IBM X-Force ID: 191390.
ibm --
emptoris_strategic_supply_management
IBM Emptoris Strategic Supply
Management 10.1.0, 10.1.1, and 10.1.3 is
vulnerable to stored cross-site scripting.
This vulnerability allows users to embed
arbitrary JavaScript code in the Web UI
thus altering the intended functionality
potentially leading to credentials
disclosure within a trusted session. IBM
X-Force ID: 190986.
2021-01-
07 3.5
CVE-
2020-4895
XF
CONFIRM
mk-auth -- mk-auth
MK-AUTH through 19.01 K4.9 allows
XSS via the admin/logs_ajax.php tipo
parameter. An attacker can leverage this
to read the centralmka2 (session token)
cookie, which is not set to HTTPOnly.
2021-01-
04 3.5
CVE-
2021-
21494
MISC
MISC
semperplugins -- all_in_one_seo_pack
An issue was discovered in the All in One
SEO Pack plugin before 3.6.2 for
WordPress. The SEO Description and
Title fields are vulnerable to unsanitized
input from a Contributor, leading to stored
XSS.
2021-01-
01 3.5
CVE-
2020-
35946
MISC
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
solarwinds -- web_help_desk
SolarWinds Web Help Desk 12.7.0 allows
XSS via a CSV template file with a
crafted Location Name field.
2021-01-
04 3.5
CVE-
2019-
16960
MISC
MISC
MISC
solarwinds -- web_help_desk
SolarWinds Web Help Desk 12.7.0 allows
XSS via the Request Type parameter of a
ticket.
2021-01-
04 3.5
CVE-
2019-
16956
MISC
MISC
MISC
tenda -- f3_firmware
Tenda N300 F3 12.01.01.48 devices allow
remote attackers to obtain sensitive
information (possibly including an
http_passwd line) via a direct request for
cgi-bin/DownloadCfg/RouterCfm.cfg, a
related issue to CVE-2017-14942. NOTE:
the vulnerability report may suggest that
either a ? character must be placed after
the RouterCfm.cfg filename, or that the
HTTP request headers must be unusual,
but it is not known why these are relevant
to the device's HTTP response behavior.
2021-01-
01 3.3
CVE-
2020-
35391
MISC
Primary
Vendor -- Product Description Published
CVSS
Score
Source &
Patch Info
vikisolutions -- vera
An issue was discovered in Viki Vera
4.9.1.26180. An attacker could set a user's
last name to an XSS Payload, and read
another user's cookie and use that to login
to the application.
2021-01-
05 3.5
CVE-
2019-
20483
MISC
zohocorp --
manageengine_desktop_central
Zoho ManageEngine Desktop Central
10.0.430 allows HTML injection via a
modified Report Name in a New Custom
Report.
2021-01-
06 3.5
CVE-
2019-
16962
MISC
MISC
Severity Not Yet Assigned
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
actionpack_gem_for_ruby_on_rails --
actionpack_gem_for_ruby_on_rails
In actionpack gem >= 6.0.0, a
possible XSS vulnerability exists
when an application is running in
development mode allowing an
2021-
01-06
not yet
calculat
ed
CVE-
2020-
8264
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
attacker to send or embed (in
another page) a specially crafted
URL which can allow the attacker
to execute JavaScript in the
context of the local application.
This vulnerability is in the
Actionable Exceptions
middleware.
MISC
MISC
advanced_webhost_billing_system --
advanced_webhost_billing_system
Advanced Webhost Billing
System 3.7.0 is affected by Cross
Site Request Forgery (CSRF)
attacks that can delete a contact
from the My Additional Contact
page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
25950
MISC
asp.net -- cute_editor
Cute Editor for ASP.NET 6.4 is
vulnerable to reflected cross-site
scripting (XSS) caused by
improper validation of user
supplied input. A remote attacker
could exploit this vulnerability
using a specially crafted URL to
execute a script in a victim's Web
browser within the security
context of the hosting Web site,
2021-
01-07
not yet
calculat
ed
CVE-
2020-
24903
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
once the URL is clicked. An
attacker could use this
vulnerability to steal the victim's
cookie-based authentication
credentials.
barco -- multiple_products
Barco TransForm NDN-210 Lite,
NDN-210 Pro, NDN-211 Lite,
and NDN-211 Pro before 3.8
allows Command Injection (issue
1 of 4). The NDN-210 has a web
administration panel which is
made available over https. The
logon method is basic
authentication. There is a
command injection issue that will
result in unauthenticated remote
code execution in the username
and password fields of the logon
prompt. The NDN-210 is part of
Barco TransForm N solution and
includes the patch from
TransForm N version 3.8
onwards.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
17500
MISC
CONFIR
M
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
barco -- transform_n
Barco TransForm N before 3.8
allows Command Injection (issue
2 of 4). The NDN-210 has a web
administration panel which is
made available over https. There
is a command injection issue that
will allow authenticated users of
the administration panel to
perform authenticated remote
code execution. An issue exists in
split_card_cmd.php in which the
http parameters xmodules,
ymodules and savelocking are not
properly handled. The NDN-210
is part of Barco TransForm N
solution and includes the patch
from TransForm N version 3.8
onwards.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
17502
MISC
CONFIR
M
MISC
barco -- transform_n
The NDN-210 has a web
administration panel which is
made available over https. There
is a command injection issue that
will allow authenticated users to
the administration panel to
perform authenticated remote
2021-
01-08
not yet
calculat
ed
CVE-
2020-
17503
MISC
CONFIR
M
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
code execution. An issue exists in
split_card_cmd.php in which the
http parameter "locking" is not
properly handled. The NDN-210
is part of Barco TransForm N
solution and this vulnerability is
patched from TransForm N
version 3.8 onwards.
barco -- transform_n
The NDN-210 has a web
administration panel which is
made available over https. There
is a command injection issue that
will allow authenticated users to
the administration panel to
perform authenticated remote
code execution. An issue exists in
ngpsystemcmd.php in which the
http parameters "x_modules" and
"y_modules" are not properly
handled. The NDN-210 is part of
Barco TransForm N solution and
this vulnerability is patched from
TransForm N version 3.8
onwards.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
17504
MISC
CONFIR
M
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
bssi -- web-sesame
A misconfiguration in Web-
Sesame 2020.1.1.3375 allows an
unauthenticated attacker to
download the source code of the
application, facilitating its
comprehension (code review).
Specifically, JavaScript source
maps were inadvertently included
in the production Webpack
configuration. These maps
contain sources used to generate
the bundle, configuration settings
(e.g., API keys), and developers'
comments.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
29041
MISC
MISC
buns -- buns
This affects all versions of
package buns. The injection point
is located in line 678 in index file
lib/index.js in the exported
function
install(requestedModule).
2021-
01-08
not yet
calculat
ed
CVE-
2020-
7794
MISC
cairosvg -- cairosvg
CairoSVG is a Python (pypi)
package. CairoSVG is an SVG
converter based on Cairo. In
CairoSVG before version 2.5.1,
2021-
01-06
not yet
calculat
ed
CVE-
2021-
21236
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
there is a regular expression
denial of service (REDoS)
vulnerability. When processing
SVG files, the python package
CairoSVG uses two regular
expressions which are vulnerable
to Regular Expression Denial of
Service (REDoS). If an attacker
provides a malicious SVG, it can
make cairosvg get stuck
processing the file for a very long
time. This is fixed in version
2.5.1. See Referenced GitHub
advisory for more information.
MISC
CONFIR
M
MISC
ceph -- ceph
A flaw was found in ceph in
versions prior to 16.y.z where
ceph stores mgr module
passwords in clear text. This can
be found by searching the mgr
logs for grafana and dashboard,
with passwords visible.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
25678
MISC
MISC
cisco -- jabber
Multiple vulnerabilities in Cisco
Jabber for Windows, Jabber for
MacOS, and Jabber for mobile
2021-
01-07
not yet
calculat
ed
CVE-
2020-
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
platforms could allow an attacker
to execute arbitrary programs on
the underlying operating system
(OS) with elevated privileges or
gain access to sensitive
information. For more
information about these
vulnerabilities, see the Details
section of this advisory.
26085
CISCO
citrix -- secure_mail
Citrix Secure Mail for Android
before 20.11.0 suffers from
improper access control allowing
unauthenticated access to read
limited calendar related data
stored within Secure Mail. Note
that a malicious app would need
to be installed on the Android
device or a threat actor would
need to execute arbitrary code on
the Android device.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
8275
MISC
citrix -- secure_mail
Citrix Secure Mail for Android
before 20.11.0 suffers from
Improper Control of Generation
of Code ('Code Injection') by
2021-
01-06
not yet
calculat
ed
CVE-
2020-
8274
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
allowing unauthenticated access
to read data stored within Secure
Mail. Note that a malicious app
would need to be installed on the
Android device or a threat actor
would need to execute arbitrary
code on the Android device.
cockpit -- cockpit
Cockpit before 0.6.1 allows an
attacker to inject custom PHP
code and achieve Remote
Command Execution via
registerCriteriaFunction in
lib/MongoLite/Database.php, as
demonstrated by values in JSON
data to the /auth/check or
/auth/requestreset URI.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
35131
MISC
MISC
MISC
d-link -- dsl-2888a_devices
An issue was discovered on D-
Link DSL-2888A devices with
firmware prior to
AU_2.31_V1.1.47ae55. The One
Touch application discloses
sensitive information, such as the
hashed admin login password and
the Internet provider connection
2021-
01-08
not yet
calculat
ed
CVE-
2020-
24577
MISC
CONFIR
M
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
username and cleartext password,
in the application's response body
for a /tmp/var/passwd or
/tmp/home/wan_stat URI.
dell --
client_and_commerical_consumer_platforms
Select Dell Client Commercial
and Consumer platforms support
a BIOS password reset capability
that is designed to assist
authorized customers who forget
their passwords. Dell is aware of
unauthorized password generation
tools that can generate BIOS
recovery passwords. The tools,
which are not authorized by Dell,
can be used by a physically
present attacker to reset BIOS
passwords and BIOS-managed
Hard Disk Drive (HDD)
passwords. An unauthenticated
attacker with physical access to
the system could potentially
exploit this vulnerability to
bypass security restrictions for
BIOS Setup configuration, HDD
2021-
01-04
not yet
calculat
ed
CVE-
2020-
5361
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
access and BIOS pre-boot
authentication.
dell -- inspiron_5675_bios
Dell Inspiron 5675 BIOS versions
prior to 1.4.1 contain a UEFI
BIOS RuntimeServices overwrite
vulnerability. A local attacker
with access to system memory
may exploit this vulnerability by
overwriting the RuntimeServices
structure to execute arbitrary code
in System Management Mode
(SMM).
2021-
01-08
not yet
calculat
ed
CVE-
2020-
26186
MISC
dell -- multiple_products
Dell EMC Unity, Unity XT, and
UnityVSA versions prior to
5.0.4.0.5.012 contains a plain-text
password storage vulnerability. A
user credentials (including the
Unisphere admin privilege user)
password is stored in a plain text
in a system file. A local
authenticated attacker with access
to the system files may use the
exposed password to gain access
2021-
01-05
not yet
calculat
ed
CVE-
2020-
29489
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
with the privileges of the
compromised user.
dell -- multiple_products
Dell EMC Unity, Unity XT, and
UnityVSA versions prior to
5.0.4.0.5.012 contain a Denial of
Service vulnerability on NAS
Servers with NFS exports. A
remote authenticated attacker
could potentially exploit this
vulnerability and cause Denial of
Service (Storage Processor Panic)
by sending specially crafted UDP
requests.
2021-
01-05
not yet
calculat
ed
CVE-
2020-
29490
MISC
drupal -- aes_encryption
The AES encryption project 7.x
and 8.x for Drupal does not
sufficiently prevent attackers
from decrypting data, aka SA-
CONTRIB-2017-027. NOTE:
This project is not covered by
Drupal's security advisory policy.
2021-
01-01
not yet
calculat
ed
CVE-
2017-
20001
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
drupal -- kcfinder_integration
uploader.php in the KCFinder
integration project through 2018-
06-01 for Drupal mishandles
validation, aka SA-CONTRIB-
2018-024. NOTE: This project is
not covered by Drupal's security
advisory policy.
2021-
01-01
not yet
calculat
ed
CVE-
2018-
25002
MISC
MISC
MISC
eaton -- easysoft
Eaton's easySoft software v7.20
and prior are susceptible to file
parsing type confusion remote
code execution vulnerability. A
malicious entity can execute a
malicious code or make the
application crash by tricking user
upload a malformed .E70 file in
the application. The vulnerability
arises due to improper validation
of user data supplied through E70
file which is causing Type
Confusion.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
6656
MISC
MISC
MISC
MISC
eaton -- easysoft
The Eaton's easySoft software
v7.20 and prior are susceptible to
Out-of-bounds remote code
execution vulnerability. A
2021-
01-07
not yet
calculat
ed
CVE-
2020-
6655
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
malicious entity can execute a
malicious code or make the
application crash by tricking user
to upload the malformed .E70 file
in the application. The
vulnerability arises due to
improper validation and parsing
of the E70 file content by the
application.
MISC
MISC
evolucare -- ecsimaging
** UNSUPPORTED WHEN
ASSIGNED ** EVOLUCARE
ECSIMAGING (aka ECS
Imaging) through 6.21.5 has an
OS Command Injection
vulnerability via shell
metacharacters and an IFS
manipulation. The parameter
"file" on the webpage
/showfile.php can be exploited to
gain root access. NOTE: This
vulnerability only affects products
that are no longer supported by
the maintainer.
2021-
01-07
not yet
calculat
ed
CVE-
2021-
3029
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
formstone -- formstone
Formstone <=1.4.16 is vulnerable
to a Reflected Cross-Site
Scripting (XSS) vulnerability
caused by improper validation of
user supplied input in the upload-
target.php and upload-
chunked.php files. A remote
attacker could exploit this
vulnerability using a specially
crafted URL to execute a script in
a victim's Web browser within the
security context of the hosting
Web site once the URL is clicked
or visited. An attacker could use
this vulnerability to steal the
victim's cookie-based
authentication credentials, force
malware execution, user
redirection and others.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26768
MISC
foxit -- multiple_products
The Portable Document Format
(PDF) specification does not
provide any information
regarding the concrete procedure
of how to validate signatures.
Consequently, a Signature
2021-
01-07
not yet
calculat
ed
CVE-
2018-
18689
MISC
MISC
CONFIR
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
Wrapping vulnerability exists in
multiple products. An attacker
can use /ByteRange and xref
manipulations that are not
detected by the signature-
validation logic. This affects
Foxit Reader before 9.4 and
PhantomPDF before 8.3.9 and 9.x
before 9.4. It also affects eXpert
PDF 12 Ultimate, Expert PDF
Reader, Nitro Pro, Nitro Reader,
PDF Architect 6, PDF Editor 6
Pro, PDF Experte 9 Ultimate,
PDFelement6 Pro, PDF Studio
Viewer 2018, PDF Studio Pro,
PDF-XChange Editor and
Viewer, Perfect PDF 10
Premium, Perfect PDF Reader,
Soda PDF, and Soda PDF
Desktop.
M
MISC
foxit -- multiple_products
The Portable Document Format
(PDF) specification does not
provide any information
regarding the concrete procedure
of how to validate signatures.
2021-
01-07
not yet
calculat
ed
CVE-
2018-
18688
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
Consequently, an Incremental
Saving vulnerability exists in
multiple products. When an
attacker uses the Incremental
Saving feature to add pages or
annotations, Body Updates are
displayed to the user without any
action by the signature-validation
logic. This affects Foxit Reader
before 9.4 and PhantomPDF
before 8.3.9 and 9.x before 9.4. It
also affects LibreOffice, Master
PDF Editor, Nitro Pro, Nitro
Reader, Nuance Power PDF
Standard, PDF Editor 6 Pro,
PDFelement6 Pro, PDF Studio
Viewer 2018, PDF Studio Pro,
Perfect PDF 10 Premium, and
Perfect PDF Reader.
CONFIR
M
MISC
foxit -- pdf_activex
Foxit PDF ActiveX before 5.5.1
allows remote code execution via
command injection because of the
lack of a security permission
control.
2021-
01-07
not yet
calculat
ed
CVE-
2018-
19418
MISC
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
google -- chrome
Use after free in WebCodecs in
Google Chrome prior to
87.0.4280.66 allowed a remote
attacker to potentially exploit
heap corruption via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16023
MISC
MISC
google -- chrome
Use after free in WebRTC in
Google Chrome prior to
87.0.4280.66 allowed a remote
attacker to potentially exploit
heap corruption via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16026
MISC
MISC
google -- chrome
Use after free in safe browsing in
Google Chrome prior to
87.0.4280.141 allowed a remote
attacker to potentially perform a
sandbox escape via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21110
MISC
MISC
GENTO
O
google -- chrome
Insufficient policy enforcement in
WebUI in Google Chrome prior
to 87.0.4280.141 allowed an
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21111
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
attacker who convinced a user to
install a malicious extension to
potentially perform a sandbox
escape via a crafted Chrome
Extension.
MISC
MISC
GENTO
O
google -- chrome
Insufficient data validation in
cros-disks in Google Chrome on
ChromeOS prior to 87.0.4280.66
allowed a remote attacker who
had compromised the browser
process to bypass noexec
restrictions via a malicious file.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16035
MISC
MISC
google -- chrome
Use after free in clipboard in
Google Chrome prior to
87.0.4280.88 allowed a remote
attacker to potentially exploit
heap corruption via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16037
MISC
MISC
google -- chrome
Use after free in audio in Google
Chrome prior to 87.0.4280.141
allowed a remote attacker to
potentially exploit heap
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21114
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
corruption via a crafted HTML
page.
MISC
GENTO
O
google -- chrome
Use after free in drag and drop in
Google Chrome on Linux prior to
87.0.4280.141 allowed a remote
attacker who had compromised
the renderer process to potentially
perform a sandbox escape via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21107
MISC
MISC
GENTO
O
google -- chrome
User after free in safe browsing in
Google Chrome prior to
87.0.4280.141 allowed a remote
attacker who had compromised
the renderer process to potentially
perform a sandbox escape via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21115
MISC
MISC
GENTO
O
google -- chrome
Heap buffer overflow in audio in
Google Chrome prior to
87.0.4280.141 allowed a remote
attacker to potentially exploit
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21116
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
heap corruption via a crafted
HTML page.
GENTO
O
google -- chrome
Use after free in media in Google
Chrome on OS X prior to
87.0.4280.88 allowed a remote
attacker to potentially exploit
heap corruption via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16038
MISC
MISC
google -- chrome
Inappropriate implementation in
PDFium in Google Chrome prior
to 87.0.4280.66 allowed a remote
attacker to bypass navigation
restrictions via a crafted PDF file.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16029
MISC
MISC
google -- chrome
Inappropriate implementation in
cookies in Google Chrome prior
to 87.0.4280.66 allowed a remote
attacker to bypass cookie
restrictions via a crafted HTML
page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16036
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
google -- chrome
Insufficient data validation in
sharing in Google Chrome prior
to 87.0.4280.66 allowed a remote
attacker to spoof the contents of
the Omnibox (URL bar) via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16032
MISC
MISC
google -- chrome
Inappropriate implementation in
filesystem in Google Chrome on
ChromeOS prior to 87.0.4280.66
allowed a remote attacker who
had compromised the browser
process to bypass noexec
restrictions via a malicious file.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16019
MISC
MISC
google -- chrome
Insufficient data validation in UI
in Google Chrome prior to
87.0.4280.66 allowed a remote
attacker to spoof the contents of
the Omnibox (URL bar) via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16031
MISC
MISC
google -- chrome
Insufficient data validation in
Blink in Google Chrome prior to
87.0.4280.66 allowed a remote
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16030
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
attacker to inject arbitrary scripts
or HTML (UXSS) via a crafted
HTML page.
MISC
MISC
google -- chrome
Insufficient policy enforcement in
developer tools in Google
Chrome prior to 87.0.4280.66
allowed an attacker who
convinced a user to install a
malicious extension to obtain
potentially sensitive information
from the user's disk via a crafted
Chrome Extension.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16027
MISC
MISC
google -- chrome
Heap buffer overflow in WebRTC
in Google Chrome prior to
87.0.4280.66 allowed a remote
attacker to potentially exploit
heap corruption via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16028
MISC
MISC
google -- chrome
Insufficient data validation in V8
in Google Chrome prior to
87.0.4280.88 allowed a remote
attacker to potentially exploit
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16040
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
heap corruption via a crafted
HTML page.
MISC
MISC
google -- chrome
Use after free in site isolation in
Google Chrome prior to
86.0.4240.198 allowed a remote
attacker who had compromised
the renderer process to potentially
perform a sandbox escape via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16017
MISC
MISC
google -- chrome
Heap buffer overflow in clipboard
in Google Chrome prior to
87.0.4280.66 allowed a remote
attacker who had compromised
the renderer process to potentially
perform a sandbox escape via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16025
MISC
MISC
google -- chrome
Heap buffer overflow in UI in
Google Chrome prior to
87.0.4280.66 allowed a remote
attacker who had compromised
the renderer process to potentially
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16024
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
perform a sandbox escape via a
crafted HTML page.
google -- chrome
Inappropriate implementation in
cryptohome in Google Chrome on
ChromeOS prior to 87.0.4280.66
allowed a remote attacker who
had compromised the browser
process to bypass discretionary
access control via a malicious file.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16020
MISC
MISC
google -- chrome
Inappropriate implementation in
WebRTC in Google Chrome prior
to 87.0.4280.66 allowed a local
attacker to bypass policy
restrictions via a crafted HTML
page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16034
MISC
MISC
google -- chrome
Use after free in extensions in
Google Chrome prior to
87.0.4280.88 allowed a remote
attacker to potentially exploit
heap corruption via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16039
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
google -- chrome
Use after free in media in Google
Chrome prior to 87.0.4280.141
allowed a remote attacker who
had compromised the renderer
process to potentially perform a
sandbox escape via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21108
MISC
MISC
GENTO
O
google -- chrome
Out of bounds read in networking
in Google Chrome prior to
87.0.4280.88 allowed a remote
attacker who had compromised
the renderer process to obtain
potentially sensitive information
from process memory via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16041
MISC
MISC
google -- chrome
Uninitialized Use in V8 in Google
Chrome prior to 87.0.4280.88
allowed a remote attacker to
obtain potentially sensitive
information from process memory
via a crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16042
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
google -- chrome
Insufficient data validation in
networking in Google Chrome
prior to 87.0.4280.141 allowed a
remote attacker to bypass
discretionary access control via
malicious network traffic.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16043
MISC
MISC
GENTO
O
google -- chrome
Race in image burner in Google
Chrome on ChromeOS prior to
87.0.4280.66 allowed a remote
attacker who had compromised
the browser process to perform
OS-level privilege escalation via a
malicious file.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16021
MISC
MISC
google -- chrome
Inappropriate implementation in
WebUSB in Google Chrome prior
to 87.0.4280.66 allowed a remote
attacker to spoof security UI via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16033
MISC
MISC
google -- chrome
Inappropriate implementation in
base in Google Chrome prior to
86.0.4240.193 allowed a remote
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16016
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
attacker who had compromised
the renderer process to potentially
perform a sandbox escape via a
crafted HTML page.
MISC
MISC
google -- chrome
Insufficient policy enforcement in
networking in Google Chrome
prior to 87.0.4280.66 allowed a
remote attacker to potentially
bypass firewall controls via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16022
MISC
MISC
google -- chrome
Use after free in PPAPI in Google
Chrome prior to 87.0.4280.66
allowed a remote attacker who
had compromised the renderer
process to potentially perform a
sandbox escape via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16014
MISC
MISC
google -- chrome
Inappropriate implementation in
V8 in Google Chrome prior to
86.0.4240.198 allowed a remote
attacker to potentially exploit
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16013
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
heap corruption via a crafted
HTML page.
google -- chrome
Side-channel information leakage
in graphics in Google Chrome
prior to 87.0.4280.66 allowed a
remote attacker to leak cross-
origin data via a crafted HTML
page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16012
MISC
MISC
google -- chrome
Use after free in payments in
Google Chrome prior to
87.0.4280.141 allowed a remote
attacker who had compromised
the renderer process to potentially
perform a sandbox escape via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21109
MISC
MISC
GENTO
O
google -- chrome
Insufficient data validation in
WASM in Google Chrome prior
to 87.0.4280.66 allowed a remote
attacker to potentially exploit
heap corruption via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16015
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
google -- chrome
Heap buffer overflow in Skia in
Google Chrome prior to
87.0.4280.141 allowed a remote
attacker to potentially exploit
heap corruption via a crafted
HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21113
MISC
MISC
GENTO
O
google -- chrome
Use after free in Blink in Google
Chrome prior to 87.0.4280.141
allowed a remote attacker to
potentially exploit heap
corruption via a crafted HTML
page.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21112
MISC
MISC
GENTO
O
google -- chrome
Use after free in payments in
Google Chrome prior to
87.0.4280.66 allowed a remote
attacker who had compromised
the renderer process to potentially
perform a sandbox escape via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
16018
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
google -- chrome
Use after free in autofill in
Google Chrome prior to
87.0.4280.141 allowed a remote
attacker who had compromised
the renderer process to potentially
perform a sandbox escape via a
crafted HTML page.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
21106
MISC
MISC
GENTO
O
ibm -- emptoris_contract_management
IBM Emptoris Contract
Management 10.1.3 is vulnerable
to cross-site scripting. This
vulnerability allows users to
embed arbitrary JavaScript code
in the Web UI thus altering the
intended functionality potentially
leading to credentials disclosure
within a trusted session. IBM X-
Force ID: 190979.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
4892
XF
CONFIR
M
ibm --
emptoris_contract_management_and_emptoris_sp
end_analysis
IBM Emptoris Contract
Management and IBM Emptoris
Spend Analysis 10.1.0, 10.1.1,
and 10.1.3 could allow a remote
attacker to obtain sensitive
information when a detailed
technical error message is
2021-
01-07
not yet
calculat
ed
CVE-
2020-
4897
XF
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
returned in the browser. This
information could be used in
further attacks against the system.
IBM X-Force ID: 190988.
CONFIR
M
ibm -- emptoris_sourcing
IBM Emptoris Sourcing 10.1.0,
10.1.1, and 10.1.3 is vulnerable to
web cache poisoning, caused by
improper input validation by
modifying HTTP request headers.
IBM X-Force ID: 190987.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
4896
XF
CONFIR
M
ibm --
engineering_requirements_quality_assistant_on-
premises
IBM Engineering Requirements
Quality Assistant On-Premises
could allow an authenticated user
to obtain sensitive information
due to improper input validation.
IBM X-Force ID: 186282.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4667
XF
CONFIR
M
ibm --
engineering_requirements_quality_assistant_on-
premises
IBM Engineering Requirements
Quality Assistant On-Premises is
vulnerable to cross-site scripting.
This vulnerability allows users to
embed arbitrary JavaScript code
in the Web UI thus altering the
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4666
XF
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
intended functionality potentially
leading to credentials disclosure
within a trusted session. IBM X-
Force ID: 186281.
ibm --
engineering_requirements_quality_assistant_on-
premises
IBM Engineering Requirements
Quality Assistant On-Premises is
vulnerable to cross-site scripting.
This vulnerability allows users to
embed arbitrary JavaScript code
in the Web UI thus altering the
intended functionality potentially
leading to credentials disclosure
within a trusted session. IBM X-
Force ID: 186235.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4664
XF
CONFIR
M
ibm --
engineering_requirements_quality_assistant_on-
premises
IBM Engineering Requirements
Quality Assistant On-Premises is
vulnerable to cross-site scripting.
This vulnerability allows users to
embed arbitrary JavaScript code
in the Web UI thus altering the
intended functionality potentially
leading to credentials disclosure
within a trusted session. IBM X-
Force ID: 186234.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4663
XF
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
ibm -- jazz_foundation_products
IBM Jazz Foundation products
are vulnerable to cross-site
scripting. This vulnerability
allows users to embed arbitrary
JavaScript code in the Web UI
thus altering the intended
functionality potentially leading
to credentials disclosure within a
trusted session. IBM X-Force ID:
188127.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4733
XF
CONFIR
M
ibm -- jazz_foundation_products
IBM Jazz Foundation Products
could allow a remote attacker to
obtain sensitive information when
a detailed technical error message
is returned in the browser. This
information could be used in
further attacks against the system.
IBM X-Force ID: 183189.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4544
XF
CONFIR
M
ibm -- jazz_foundation_products
IBM Jazz Foundation Products
could allow a remote attacker to
obtain sensitive information when
a detailed technical error message
is returned in the browser. This
information could be used in
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4487
XF
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
further attacks against the system.
IBM X-Force ID: 181862.
ibm -- jazz_foundation_products
IBM Jazz Foundation Products
are vulnerable to cross-site
scripting. This vulnerability
allows users to embed arbitrary
JavaScript code in the Web UI
thus altering the intended
functionality potentially leading
to credentials disclosure within a
trusted session. IBM X-Force ID:
186698.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4691
XF
CONFIR
M
ibm -- jazz_foundation_products
IBM Jazz Foundation products
are vulnerable to cross-site
scripting. This vulnerability
allows users to embed arbitrary
JavaScript code in the Web UI
thus altering the intended
functionality potentially leading
to credentials disclosure within a
trusted session. IBM X-Force ID:
186790.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4697
XF
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
ibm -- security_verify_privilege_manager
IBM Security Verify Privilege
Manager 10.8 is vulnerable to an
XML External Entity Injection
(XXE) attack when processing
XML data. A local attacker could
exploit this vulnerability to
expose sensitive information or
consume memory resources. IBM
X-Force ID: 184883.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
4606
XF
CONFIR
M
ibm -- spectrum_protect_plus
IBM Spectrum Protect Plus
10.1.0 through 10.1.6 may
include sensitive information in
its URLs increasing the risk of
such information being caputured
by an attacker. IBM X-Force ID:
193654.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
5018
XF
CONFIR
M
ibm -- spectrum_protect_plus
IBM Spectrum Protect Plus
10.1.0 through 10.1.6 does not
invalidate session after a
password reset which could allow
a local user to impersonate
another user on the system. IBM
X-Force ID: 193657.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
5021
XF
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
ibm -- spectrum_protect_plus
IBM Spectrum Protect Plus
10.1.0 through 10.1.6 is
vulnerable to HTTP header
injection, caused by improper
validation of input by the HOST
headers. By sending a specially
crafted HTTP request, a remote
attacker could exploit this
vulnerability to inject HTTP
HOST header, which will allow
the attacker to conduct various
attacks against the vulnerable
system, including cross-site
scripting, cache poisoning or
session hijacking. IBM X-Force
ID: 193655.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
5019
XF
CONFIR
M
ibm -- spectrum_protect_plus
IBM Spectrum Protect Plus
10.1.0 through 10.1.6 could allow
a remote attacker to hijack the
clicking action of the victim. By
persuading a victim to visit a
malicious Web site, a remote
attacker could exploit this
vulnerability to hijack the victim's
click actions and possibly launch
2021-
01-08
not yet
calculat
ed
CVE-
2020-
5020
XF
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
further attacks against the victim.
IBM X-Force ID: 193656.
ibm -- spectrum_protect_plus
IBM Spectrum Protect Plus
10.1.0 through 10.1.6 may allow a
local user to obtain access to
information beyond their intended
role and permissions. IBM X-
Force ID: 193653.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
5017
XF
CONFIR
M
ibm -- spectrum_protect_plus
IBM Spectrum Protect Plus
10.1.0 through 10.1.6 may allow
unauthenticated and unauthorized
access to VDAP proxy which can
result in an attacker obtaining
information they are not
authorized to access. IBM X-
Force ID: 193658.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
5022
XF
CONFIR
M
ibm -- websphere_extreme_scale
IBM WebSphere eXtreme Scale
8.6.1 stores sensitive information
in URL parameters. This may
lead to information disclosure if
unauthorized parties have access
to the URLs via server logs,
2021-
01-06
not yet
calculat
ed
CVE-
2020-
4336
XF
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
referrer header or browser history.
IBM X-Force ID: 177932.
innokas -- yhtma_oy_vital_signs_monitor
Innokas Yhtymä Oy Vital Signs
Monitor VC150 prior to Version
1.7.15 HL7 v2.x injection
vulnerabilities exist in the
affected products that allow
physically proximate attackers
with a connected barcode reader
to inject HL7 v2.x segments into
specific HL7 v2.x messages via
multiple expected parameters.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
27260
MISC
innokas -- yhtma_oy_vital_signs_monitor
Innokas Yhtymä Oy Vital Signs
Monitor VC150 prior to Version
1.7.15 A stored cross-site
scripting (XSS) vulnerability
exists in the affected products that
allow an attacker to inject
arbitrary web script or HTML via
the filename parameter to
multiple update endpoints of the
administrative web interface.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
27262
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
invision_community -- ips_community_suite
Invision Community IPS
Community Suite before 4.5.4.2
allows SQL Injection via the
Downloads REST API (the
sortDir parameter in a
sortBy=popular action to the
GETindex() method in
applications/downloads/api/files.p
hp).
2021-
01-08
not yet
calculat
ed
CVE-
2021-
3025
MISC
MISC
krpano -- panorama_viewer
The default installation of Krpano
Panorama Viewer version
<=1.20.8 is prone to Reflected
XSS due to insecure XML load in
file /viewer/krpano.html,
parameter xml.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
24900
MISC
krpano -- panorama_viewer
The default installation of Krpano
Panorama Viewer version
<=1.20.8 is vulnerable to
Reflected XSS due to insecure
remote js load in file
viewer/krpano.html, parameter
plugin[test].url.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
24901
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
liferay -- cms_portal
Liferay CMS Portal version 7.1.3
and 7.2.1 have a blind persistent
cross-site scripting (XSS)
vulnerability in the user name
parameter to Calendar. An
attacker can insert the malicious
payload on the username,
lastname or surname fields of its
own profile, and the malicious
payload will be injected and
reflected in the calendar of the
user who submitted the payload.
An attacker could escalate its
privileges in case an admin visits
the calendar that injected the
payload.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
25476
MISC
MISC
MISC
linux -- linux_kernel
A use after free in the Linux
kernel infiniband hfi1 driver in
versions prior to 5.10-rc6 was
found in the way user calls Ioctl
after open dev file and fork. A
local user could use this flaw to
crash the system.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
27835
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
marvell -- qcconvergeconsole
Marvell QConvergeConsole GUI
<= 5.5.0.74 is affected by a path
traversal vulnerability. The
deleteEventLogFile method of the
GWTTestServiceImpl class lacks
proper validation of a user-
supplied path prior to using it in
file deletion operations. An
authenticated, remote attacker can
leverage this vulnerability to
delete arbitrary remote files as
SYSTEM or root.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
5804
MISC
marvell -- qcconvergeconsole
In Marvell QConvergeConsole
GUI <= 5.5.0.74, credentials are
stored in cleartext in tomcat-
users.xml. OS-level users on the
QCC host who are not authorized
to use QCC may use the plaintext
credentials to login to QCC.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
5805
MISC
mdbook -- mdbook
mdBook is a utility to create
modern online books from
Markdown files and is written in
Rust. In mdBook before version
0.4.5, there is a vulnerability
2021-
01-04
not yet
calculat
ed
CVE-
2020-
26297
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
affecting the search feature of
mdBook, which could allow an
attacker to execute arbitrary
JavaScript code on the page. The
search feature of mdBook
(introduced in version 0.1.4) was
affected by a cross site scripting
vulnerability that allowed an
attacker to execute arbitrary
JavaScript code on an user's
browser by tricking the user into
typing a malicious search query,
or tricking the user into clicking a
link to the search page with the
malicious search query prefilled.
mdBook 0.4.5 fixes the
vulnerability by properly escaping
the search query. Owners of
websites built with mdBook have
to upgrade to mdBook 0.4.5 or
greater and rebuild their website
contents with it.
MISC
CONFIR
M
MISC
mendixsso -- mendixsso
MendixSSO <= 2.1.1 contains
endpoints that make use of the
openid handler, which is suffering
2021-
01-06
not yet
calculat
ed
CVE-
2020-
8160
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
from a Cross-Site Scripting
vulnerability via the URL path.
This is caused by the reflection of
user-supplied data without
appropriate HTML escaping or
output encoding. As a result, a
JavaScript payload may be
injected into the above endpoint
causing it to be executed within
the context of the victim's
browser.
MISC
MISC
mercusys -- mercury_xg18_devices
MERCUSYS Mercury X18G
1.0.5 devices allow Directory
Traversal via ../ to the UPnP
server, as demonstrated by the
/../../conf/template/uhttpd.json
URI.
2021-
01-07
not yet
calculat
ed
CVE-
2021-
23242
MISC
MISC
MISC
mercusys -- mercury_xg18_devices
MERCUSYS Mercury X18G
1.0.5 devices allow Directory
Traversal via ../ in conjunction
with a loginLess or login.htm
URI (for authentication bypass) to
the web server, as demonstrated
2021-
01-07
not yet
calculat
ed
CVE-
2021-
23241
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
by the /loginLess/../../etc/passwd
URI.
monocms -- monocms_blog
MonoCMS Blog 1.0 is affected
by incorrect access control that
can lead to remote arbitrary code
execution. At
monofiles/category.php:27, user
input can be saved to
category/[foldername]/index.php
causing RCE.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
28672
MISC
mozilla -- firefox
Mozilla developers reported
memory safety bugs present in
Firefox 83. Some of these bugs
showed evidence of memory
corruption and we presume that
with enough effort some of these
could have been exploited to run
arbitrary code. This vulnerability
affects Firefox < 84.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
35114
MISC
MISC
mozilla -- firefox
When a user typed a URL in the
address bar or the search bar and
quickly hit the enter key, a
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26979
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
website could sometimes capture
that event and then redirect the
user before navigation occurred to
the desired, entered address. To
construct a convincing spoof the
attacker would have had to guess
what the user was typing, perhaps
by suggesting it. This
vulnerability affects Firefox < 84.
MISC
MISC
mozilla -- firefox
When a HTTPS pages was
embedded in a HTTP page, and
there was a service worker
registered for the former, the
service worker could have
intercepted the request for the
secure page despite the iframe not
being a secure context due to the
(insecure) framing. This
vulnerability affects Firefox < 84.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26976
MISC
MISC
mozilla -- firefox
When a malicious application
installed on the user's device
broadcast an Intent to Firefox for
Android, arbitrary headers could
have been specified, leading to
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26975
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
attacks such as abusing ambient
authority or session fixation. This
was resolved by only allowing
certain safe-listed headers. *Note:
This issue only affected Firefox
for Android. Other operating
systems are unaffected.*. This
vulnerability affects Firefox < 84.
mozilla -- firefox
The lifecycle of IPC Actors
allows managed actors to outlive
their manager actors; and the
former must ensure that they are
not attempting to use a dead actor
they have a reference to. Such a
check was omitted in WebGL,
resulting in a use-after-free and a
potentially exploitable crash. This
vulnerability affects Firefox < 84.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26972
MISC
MISC
mozilla -- firefox
By attempting to connect a
website using an unresponsive
port, an attacker could have
controlled the content of a tab
while the URL bar displayed the
original domain. *Note: This
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26977
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
issue only affects Firefox for
Android. Other operating systems
are unaffected.*. This
vulnerability affects Firefox < 84.
mozilla -- multiple_products
Mozilla developers reported
memory safety bugs present in
Firefox 83 and Firefox ESR 78.5.
Some of these bugs showed
evidence of memory corruption
and we presume that with enough
effort some of these could have
been exploited to run arbitrary
code. This vulnerability affects
Firefox < 84, Thunderbird < 78.6,
and Firefox ESR < 78.6.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
35113
MISC
MISC
MISC
MISC
mozilla -- multiple_products
Certain input to the CSS Sanitizer
confused it, resulting in incorrect
components being removed. This
could have been used as a
sanitizer bypass. This
vulnerability affects Firefox < 84,
Thunderbird < 78.6, and Firefox
ESR < 78.6.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26973
MISC
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
mozilla -- multiple_products
When an extension with the proxy
permission registered to receive
<all_urls>, the proxy.onRequest
callback was not triggered for
view-source URLs. While web
content cannot navigate to such
URLs, a user opening View
Source could have inadvertently
leaked their IP address. This
vulnerability affects Firefox < 84,
Thunderbird < 78.6, and Firefox
ESR < 78.6.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
35111
MISC
MISC
MISC
MISC
mozilla -- multiple_products
If a user downloaded a file
lacking an extension on
Windows, and then "Open"-ed it
from the downloads panel, if there
was an executable file in the
downloads directory with the
same name but with an executable
extension (such as .bat or .exe)
that executable would have been
launched instead. *Note: This
issue only affected Windows
operating systems. Other
operating systems are
2021-
01-07
not yet
calculat
ed
CVE-
2020-
35112
MISC
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
unaffected.*. This vulnerability
affects Firefox < 84, Thunderbird
< 78.6, and Firefox ESR < 78.6.
mozilla -- multiple_products
When flex-basis was used on a
table wrapper, a
StyleGenericFlexBasis object
could have been incorrectly cast
to the wrong type. This resulted in
a heap user-after-free, memory
corruption, and a potentially
exploitable crash. This
vulnerability affects Firefox < 84,
Thunderbird < 78.6, and Firefox
ESR < 78.6.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26974
MISC
MISC
MISC
MISC
mozilla -- multiple_products
Certain blit values provided by
the user were not properly
constrained leading to a heap
buffer overflow on some video
drivers. This vulnerability affects
Firefox < 84, Thunderbird < 78.6,
and Firefox ESR < 78.6.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26971
MISC
MISC
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
mozilla -- multiple_products
Using techniques that built on the
slipstream research, a malicious
webpage could have exposed both
an internal network's hosts as well
as services running on the user's
local machine. This vulnerability
affects Firefox < 84, Thunderbird
< 78.6, and Firefox ESR < 78.6.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26978
MISC
MISC
MISC
MISC
multiple_vendors -- multiple_2fa_security_keys
An electromagnetic-wave side-
channel issue was discovered on
NXP SmartMX / P5x security
microcontrollers and A7x secure
authentication microcontrollers,
with CryptoLib through v2.9. It
allows attackers to extract the
ECDSA private key after
extensive physical access (and
consequently produce a clone).
This was demonstrated on the
Google Titan Security Key, based
on an NXP A7005a chip. Other
FIDO U2F security keys are also
impacted (Yubico YubiKey Neo
and Feitian K9, K13, K21, and
K40) as well as several NXP
2021-
01-07
not yet
calculat
ed
CVE-
2021-
3011
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
JavaCard smartcards (J3A081,
J2A081, J3A041, J3D145_M59,
J2D145_M59, J3D120_M60,
J3D082_M60, J2D120_M60,
J2D082_M60, J3D081_M59,
J2D081_M59, J3D081_M61,
J2D081_M61, J3D081_M59_DF,
J3D081_M61_DF, J3E081_M64,
J3E081_M66, J2E081_M64,
J3E041_M66, J3E016_M66,
J3E016_M64, J3E041_M64,
J3E145_M64, J3E120_M65,
J3E082_M65, J2E145_M64,
J2E120_M65, J2E082_M65,
J3E081_M64_DF,
J3E081_M66_DF,
J3E041_M66_DF,
J3E016_M66_DF,
J3E041_M64_DF, and
J3E016_M64_DF).
netapp -- element_os
Element OS versions prior to
1.8P1 and 12.2 are susceptible to
a vulnerability that could allow an
unauthenticated remote attacker
2021-
01-08
not yet
calculat
ed
CVE-
2020-
8584
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
to perform arbitrary code
execution.
nextcloud -- contacts
A missing file type check in
Nextcloud Contacts 3.3.0 allows a
malicious user to upload
malicious SVG files to perform
cross-site scripting (XSS) attacks.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
8281
MISC
MISC
nextcloud -- contacts
A missing file type check in
Nextcloud Contacts 3.4.0 allows a
malicious user to upload SVG
files as PNG files to perform
cross-site scripting (XSS) attacks.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
8280
MISC
MISC
node.js -- node.js
Node.js versions before 10.23.1,
12.20.1, 14.15.4, 15.5.1 are
vulnerable to a use-after-free bug
in its TLS implementation. When
writing to a TLS enabled socket,
node::StreamBase::Write calls
node::TLSWrap::DoWrite with a
freshly allocated WriteWrap
object as first argument. If the
DoWrite method does not return
2021-
01-06
not yet
calculat
ed
CVE-
2020-
8265
MISC
FEDOR
A
MISC
DEBIA
N
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
an error, this object is passed back
to the caller as part of a
StreamWriteResult structure. This
may be exploited to corrupt
memory leading to a Denial of
Service or potentially other
exploits.
node.js -- node.js
Node.js versions before 10.23.1,
12.20.1, 14.15.4, 15.5.1 allow two
copies of a header field in an
HTTP request (for example, two
Transfer-Encoding header fields).
In this case, Node.js identifies the
first header field and ignores the
second. This can lead to HTTP
Request Smuggling.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
8287
MISC
FEDOR
A
MISC
DEBIA
N
nvidia -- gpu_display_driver
NVIDIA GPU Display Driver for
Linux, all versions, contains a
vulnerability in the kernel mode
layer (nvidia.ko) in which it does
not completely honor operating
system file system permissions to
provide GPU device-level
isolation, which may lead to
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1056
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
denial of service or information
disclosure.
nvidia -- gpu_display_driver
NVIDIA GPU Display Driver for
Windows and Linux, all versions,
contains a vulnerability in the
kernel mode layer
(nvlddmkm.sys) handler for
DxgkDdiEscape or IOCTL in
which user-mode clients can
access legacy privileged APIs,
which may lead to denial of
service, escalation of privileges,
and information disclosure.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1052
CONFIR
M
nvidia -- gpu_display_driver
NVIDIA GPU Display Driver for
Windows and Linux, all versions,
contains a vulnerability in the
kernel mode layer
(nvlddmkm.sys) handler for
DxgkDdiEscape or IOCTL in
which improper validation of a
user pointer may lead to denial of
service.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1053
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
nvidia -- gpu_display_driver
NVIDIA GPU Display Driver for
Windows, all versions, contains a
vulnerability in the kernel mode
layer (nvlddmkm.sys) handler for
DxgkDdiEscape in which the
software does not perform or
incorrectly performs an
authorization check when an actor
attempts to access a resource or
perform an action, which may
lead to denial of service.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1054
CONFIR
M
nvidia -- gpu_display_driver
NVIDIA GPU Display Driver for
Windows, all versions, contains a
vulnerability in the kernel mode
layer (nvlddmkm.sys) handler for
DxgkDdiEscape in which
improper access control may lead
to denial of service and
information disclosure.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1055
CONFIR
M
nvidia -- gpu_display_driver
NVIDIA GPU Display Driver for
Windows, all versions, contains a
vulnerability in the kernel mode
layer (nvlddmkm.sys) handler for
DxgkDdiEscape in which an
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1051
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
operation is performed which may
lead to denial of service or
escalation of privileges.
nvidia -- vgpu
NVIDIA vGPU software contains
a vulnerability in the guest kernel
mode driver and vGPU plugin, in
which an input index is not
validated, which may lead to
tampering of data or denial of
service. This affects vGPU
version 8.x (prior to 8.6) and
version 11.0 (prior to 11.3).
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1060
CONFIR
M
nvidia -- vgpu
NVIDIA vGPU software contains
a vulnerability in the guest kernel
mode driver and vGPU plugin, in
which an input data size is not
validated, which may lead to
tampering of data or denial of
service. This affects vGPU
version 8.x (prior to 8.6) and
version 11.0 (prior to 11.3).
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1058
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
nvidia -- vgpu_manager
NVIDIA vGPU manager contains
a vulnerability in the vGPU
plugin, in which input data is not
validated, which may lead to
tampering of data or denial of
service. This affects vGPU
version 8.x (prior to 8.6) and
version 11.0 (prior to 11.3).
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1065
CONFIR
M
nvidia -- vgpu_manager
NVIDIA vGPU manager contains
a vulnerability in the vGPU
plugin, in which an input offset is
not validated, which may lead to a
buffer overread, which in turn
may cause tampering of data,
information disclosure, or denial
of service. This affects vGPU
version 8.x (prior to 8.6) and
version 11.0 (prior to 11.3).
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1063
CONFIR
M
nvidia -- vgpu_manager
NVIDIA vGPU manager contains
a vulnerability in the vGPU
plugin, in which it obtains a value
from an untrusted source,
converts this value to a pointer,
and dereferences the resulting
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1064
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
pointer, which may lead to
information disclosure or denial
of service. This affects vGPU
version 8.x (prior to 8.6) and
version 11.0 (prior to 11.3).
nvidia -- vgpu_manager
NVIDIA vGPU manager contains
a vulnerability in the vGPU
plugin, in which an input index is
not validated, which may lead to
integer overflow, which in turn
may cause tampering of data,
information disclosure, or denial
of service. This affects vGPU
version 8.x (prior to 8.6) and
version 11.0 (prior to 11.3).
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1059
CONFIR
M
nvidia -- vgpu_manager
NVIDIA vGPU manager contains
a vulnerability in the vGPU
plugin, in which a race condition
may cause the vGPU plugin to
continue using a previously
validated resource that has since
changed, which may lead to
denial of service or information
disclosure. This affects vGPU
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1061
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
version 8.x (prior to 8.6) and
version 11.0 (prior to 11.3).
nvidia -- vgpu_manager
NVIDIA vGPU manager contains
a vulnerability in the vGPU
plugin, in which input data is not
validated, which may lead to
unexpected consumption of
resources, which in turn may lead
to denial of service. This affects
vGPU version 8.x (prior to 8.6)
and version 11.0 (prior to 11.3).
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1066
CONFIR
M
nvidia -- vgpu_manager
NVIDIA vGPU manager contains
a vulnerability in the vGPU
plugin, in which an input data
length is not validated, which may
lead to tampering of data or denial
of service. This affects vGPU
version 8.x (prior to 8.6) and
version 11.0 (prior to 11.3).
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1062
CONFIR
M
nvidia -- virtual_gpu_manager
NVIDIA Virtual GPU Manager
NVIDIA vGPU manager contains
a vulnerability in the vGPU
2021-
01-08
not yet
calculat
ed
CVE-
2021-
1057
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
plugin in which it allows guests to
allocate some resources for which
the guest is not authorized, which
may lead to integrity and
confidentiality loss, denial of
service, or information disclosure.
This affects vGPU version 8.x
(prior to 8.6) and version 11.0
(prior to 11.3).
CONFIR
M
pearson -- vue_vts_installer
The Application Wrapper in
Pearson VUE VTS Installer
2.3.1911 has Full Control
permissions for Everyone in the
"%SYSTEMDRIVE%\Pearson
VUE" directory, which allows
local users to obtain
administrative privileges via a
Trojan horse application.
2021-
01-04
not yet
calculat
ed
CVE-
2020-
36154
MISC
MISC
phpfusion -- phpfusion
login.php in PHPFusion (aka
PHP-Fusion) Andromeda 9.x
before 2020-12-30 generates error
messages that distinguish between
incorrect username and incorrect
password (i.e., not a single
2021-
01-03
not yet
calculat
ed
CVE-
2020-
35952
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
"Incorrect username or password"
message in both cases), which
might allow enumeration.
phpgurukul -- hospital_management_system
PHPGURUKUL Hospital
Management System V 4.0 does
not properly restrict access to
admin/dashboard.php, which
allows attackers to access all data
of users, doctors, patients, change
admin password, get appointment
history and access all session
logs.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
35745
MISC
MISC
MISC
portland_labs -- concrete5
The Express Entries Dashboard in
Concrete5 8.5.4 allows stored
XSS via the name field of a new
data object at an
index.php/dashboard/express/entri
es/view/ URI.
2021-
01-08
not yet
calculat
ed
CVE-
2021-
3111
MISC
MISC
pwntools -- pwntools
This affects the package pwntools
before 4.3.1. The shellcraft
generator for affected versions of
this module are vulnerable to
2021-
01-08
not yet
calculat
ed
CVE-
2020-
28468
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
Server-Side Template Injection
(SSTI), which can lead to remote
code execution.
MISC
MISC
quixplorer -- quixplorer
Quixplorer <=2.4.1 is vulnerable
to reflected cross-site scripting
(XSS) caused by improper
validation of user supplied input.
A remote attacker could exploit
this vulnerability using a specially
crafted URL to execute a script in
a victim's Web browser within the
security context of the hosting
Web site, once the URL is
clicked. An attacker could use this
vulnerability to steal the victim's
cookie-based authentication
credentials.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
24902
MISC
red_hat -- jbcs_httpd
A flaw was found in JBCS httpd
in version 2.4.37 SP3, where it
uses a back-end worker SSL
certificate with the keystore file's
ID is 'unknown'. The validation of
the certificate whether CN and
hostname are matching stopped
2021-
01-07
not yet
calculat
ed
CVE-
2020-
25680
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
working and allow connecting to
the back-end work. The highest
threat from this vulnerability is to
data integrity.
rock_rms -- rock_rms
Rock RMS versions before 8.10
and versions 9.0 through 9.3 fails
to properly validate files uploaded
in the application. The only
protection mechanism is a file-
extension blacklist that can be
bypassed by adding multiple
spaces and periods after the file
name. This could allow an
attacker to upload ASPX code
and gain remote code execution
on the application. The
application typically runs as
LocalSystem as mandated in the
installation guide. Patched in
versions 8.10 and 9.4.
2021-
01-07
not yet
calculat
ed
CVE-
2019-
18643
MISC
rock_rms -- rock_rms
Rock RMS version before 8.6 is
vulnerable to account takeover by
tampering with the user ID
parameter in the profile update
2021-
01-07
not yet
calculat
ed
CVE-
2019-
18642
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
feature. The lack of validation and
use of sequential user IDs allows
any user to change account details
of any other user. This
vulnerability could be used to
change the email address of
another account, even the
administrator account. Upon
changing another account's email
address, performing a password
reset to the new email address
could allow an attacker to take
over any account.
rocket.chat_technologies_corp -- rocket.chat
An email address enumeration
vulnerability exists in the
password reset function of
Rocket.Chat through 3.7.1.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
28208
MISC
MLIST
MLIST
MISC
MISC
rockwell_automation -- rslinx_classic
A denial-of-service vulnerability
exists in the Ethernet/IP server
functionality of Rockwell
2021-
01-07
not yet
calculat
ed
CVE-
2020-
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
Automation RSLinx Classic
2.57.00.14 CPR 9 SR 3. A
specially crafted network request
can lead to a denial of service. An
attacker can send a sequence of
malicious packets to trigger this
vulnerability.
13573
MISC
socket.io -- engine.io
Engine.IO before 4.0.0 allows
attackers to cause a denial of
service (resource consumption)
via a POST request to the long
polling transport.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
36048
MISC
MISC
MISC
socket.io -- socket.io-parser
socket.io-parser before 3.4.1
allows attackers to cause a denial
of service (memory consumption)
via a large packet because a
concatenation approach is used.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
36049
MISC
MISC
MISC
softmaker -- office_textmaker
An exploitable signed conversion
vulnerability exists in the
TextMaker document parsing
2021-
01-06
not yet
calculat
ed
CVE-
2020-
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
functionality of SoftMaker Office
2021’s TextMaker application. A
specially crafted document can
cause the document parser to
miscalculate a length used to
allocate a buffer, later upon usage
of this buffer the application will
write outside its bounds resulting
in a heap-based memory
corruption. An attacker can entice
the victim to open a document to
trigger this vulnerability.
13545
MISC
softmaker -- office_textmaker
An exploitable sign extension
vulnerability exists in the
TextMaker document parsing
functionality of SoftMaker Office
2021’s TextMaker application. A
specially crafted document can
cause the document parser to
sign-extend a length used to
terminate a loop, which can later
result in the loop’s index being
used to write outside the bounds
of a heap buffer during the
reading of file data. An attacker
2021-
01-06
not yet
calculat
ed
CVE-
2020-
13544
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
can entice the victim to open a
document to trigger this
vulnerability.
sonicwall -- netextender
SonicWall NetExtender Windows
client vulnerable to unquoted
service path vulnerability, this
allows a local attacker to gain
elevated privileges in the host
operating system. This
vulnerability impact SonicWall
NetExtender Windows client
version 10.2.300 and earlier.
2021-
01-09
not yet
calculat
ed
CVE-
2020-
5147
CONFIR
M
sonicwall -- sma100_apliiance
A vulnerability in SonicWall
SMA100 appliance allow an
authenticated management-user to
perform OS command injection
using HTTP POST parameters.
This vulnerability affected
SMA100 Appliance version
10.2.0.2-20sv and earlier.
2021-
01-09
not yet
calculat
ed
CVE-
2020-
5146
CONFIR
M
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
sourcecodester -- restaurant_reservation_system
Restaurant Reservation System
1.0 suffers from an authenticated
SQL injection vulnerability,
which allows a remote,
authenticated attacker to execute
arbitrary SQL commands via the
date parameter in
includes/reservation.inc.php.
2021-
01-07
not yet
calculat
ed
CVE-
2020-
26773
MISC
MISC
spring-boot-actuator-logview -- spring-boot-
actuator-logview
spring-boot-actuator-logview in a
library that adds a simple logfile
viewer as spring boot actuator
endpoint. It is maven package
"eu.hinsch:spring-boot-actuator-
logview". In spring-boot-actuator-
logview before version 0.2.13
there is a directory traversal
vulnerability. The nature of this
library is to expose a log file
directory via admin (spring boot
actuator) HTTP endpoints. Both
the filename to view and a base
folder (relative to the logging
folder root) can be specified via
request parameters. While the
filename parameter was checked
2021-
01-05
not yet
calculat
ed
CVE-
2021-
21234
MISC
MISC
CONFIR
M
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
to prevent directory traversal
exploits (so that
`filename=../somefile` would not
work), the base folder parameter
was not sufficiently checked, so
that
`filename=somefile&base=../`
could access a file outside the
logging base directory). The
vulnerability has been patched in
release 0.2.13. Any users of
0.2.12 should be able to update
without any issues as there are no
other changes in that release.
There is no workaround to fix the
vulnerability other than updating
or removing the dependency.
However, removing read access
of the user the application is run
with to any directory not required
for running the application can
limit the impact. Additionally,
access to the logview endpoint
can be limited by deploying the
application behind a reverse
proxy.
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
tp-link -- tl-wr840n_6_eu_devices
oal_ipt_addBridgeIsolationRules
on TP-Link TL-WR840N
6_EU_0.9.1_4.16 devices allows
OS command injection because a
raw string entered from the web
interface (an IP address field) is
used directly for a call to the
system library function (for
iptables). NOTE:
oal_ipt_addBridgeIsolationRules
is not the only function that calls
util_execSystem.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36178
MISC
MISC
MISC
ts-process-promises -- ts-process-promises
This affects all versions of
package ts-process-promises. The
injection point is located in line
45 in main entry of package in
lib/process-promises.js. The
vulnerability is demonstrated with
the following PoC:
2021-
01-08
not yet
calculat
ed
CVE-
2020-
7784
MISC
vela -- vela
Vela is a Pipeline Automation
(CI/CD) framework built on
Linux container technology
written in Golang. In Vela
compiler before version 0.6.1
2021-
01-04
not yet
calculat
ed
CVE-
2020-
26294
MISC
CONFIR
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
there is a vulnerability which
allows exposure of server
configuration. It impacts all users
of Vela. An attacker can use
Sprig's `env` function to retrieve
configuration information, see
referenced GHSA for an example.
This has been fixed in version
0.6.1. In addition to upgrading, it
is recommended to rotate all
secrets.
M
MISC
veritas -- aptare
An issue was discovered in
Veritas APTARE 10.4 before
10.4P9 and 10.5 before 10.5P3.
By default, on Windows systems,
users can create directories under
C:\. A low privileged user can
create a directory at the
configuration file locations. When
the Windows system restarts, a
malicious OpenSSL engine could
exploit arbitrary code execution
as SYSTEM. This gives the
attacker administrator access on
the system, allowing the attacker
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36161
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
(by default) to access all data,
access all installed applications,
etc.
veritas -- backup_exec
An issue was discovered in the
server in Veritas Backup Exec
through 16.2, 20.6 before hotfix
298543, and 21.1 before hotfix
657517. On start-up, it loads the
OpenSSL library from the
Installation folder. This library in
turn attempts to load the
/usr/local/ssl/openssl.cnf
configuration file, which may not
exist. On Windows systems, this
path could translate to
<drive>:\usr\local\ssl\openssl.cnf.
A low privileged user can create a
:\usr\local\ssl\openssl.cnf
configuration file to load a
malicious OpenSSL engine,
resulting in arbitrary code
execution as SYSTEM when the
service starts. This gives the
attacker administrator access on
the system, allowing the attacker
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36167
CERT-
VN
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
(by default) to access all data,
access all installed applications,
etc. If the system is also an Active
Directory domain controller, then
this can affect the entire domain.
veritas -- cloudpoint
An issue was discovered in
Veritas CloudPoint before
8.3.0.1+hotfix. The CloudPoint
Windows Agent leverages
OpenSSL. This OpenSSL library
attempts to load the
\usr\local\ssl\openssl.cnf
configuration file, which does not
exist. By default, on Windows
systems users can create
directories under <drive>:\. A low
privileged user can create a
<drive>:\usr\local\ssl\openssl.cnf
configuration file to load a
malicious OpenSSL engine,
which may result in arbitrary code
execution. This would give the
attacker administrator access on
the system, allowing the attacker
(by default) to access all data,
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36162
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
access all installed applications,
etc.
veritas -- desktop_and_laptop_option
An issue was discovered in
Veritas Desktop and Laptop
Option (DLO) before 9.4. On
start-up, it loads the OpenSSL
library from /ReleaseX64/ssl.
This library attempts to load the
/ReleaseX64/ssl/openssl.cnf
configuration file, which does not
exist. By default, on Windows
systems, users can create
directories under C:\. A low
privileged user can create a
C:/ReleaseX64/ssl/openssl.cnf
configuration file to load a
malicious OpenSSL engine,
resulting in arbitrary code
execution as SYSTEM when the
service starts. This gives the
attacker administrator access on
the system, allowing the attacker
(by default) to access all data,
access all installed applications,
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36165
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
etc. This impacts DLO server and
client installations.
veritas -- enterprise_vault
An issue was discovered in
Veritas Enterprise Vault through
14.0. On start-up, it loads the
OpenSSL library. The OpenSSL
library then attempts to load the
openssl.cnf configuration file
(which does not exist) at the
following locations in both the
System drive (typically C:\) and
the product's installation drive
(typically not C:\):
\Isode\etc\ssl\openssl.cnf (on
SMTP Server) or
\user\ssl\openssl.cnf (on other
affected components). By default,
on Windows systems, users can
create directories under C:\. A
low privileged user can create a
openssl.cnf configuration file to
load a malicious OpenSSL
engine, resulting in arbitrary code
execution as SYSTEM when the
service starts. This gives the
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36164
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
attacker administrator access on
the system, allowing the attacker
(by default) to access all data,
access all installed applications,
etc. This vulnerability only affects
a server with MTP Server, SMTP
Archiving IMAP Server, IMAP
Archiving, Vault Cloud Adapter,
NetApp File server, or File
System Archiving for NetApp as
File Server.
veritas -- infoscale
An issue was discovered in
Veritas InfoScale 7.x through
7.4.2 on Windows, Storage
Foundation through 6.1 on
Windows, Storage Foundation
HA through 6.1 on Windows, and
InfoScale Operations Manager
(aka VIOM) Windows
Management Server 7.x through
7.4.2. On start-up, it loads the
OpenSSL library from
\usr\local\ssl. This library
attempts to load the
\usr\local\ssl\openssl.cnf
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36166
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
configuration file, which may not
exist. On Windows systems, this
path could translate to
<drive>:\usr\local\ssl\openssl.cnf,
where <drive> could be the
default Windows installation
drive such as C:\ or the drive
where a Veritas product is
installed. By default, on Windows
systems, users can create
directories under any top-level
directory. A low privileged user
can create a
<drive>:\usr\local\ssl\openssl.cnf
configuration file to load a
malicious OpenSSL engine,
resulting in arbitrary code
execution as SYSTEM when the
service starts. This gives the
attacker administrator access on
the system, allowing the attacker
(by default) to access all data,
access all installed applications,
etc.
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
veritas -- netbackup
An issue was discovered in
Veritas NetBackup through
8.3.0.1 and OpsCenter through
8.3.0.1. Processes using OpenSSL
attempt to load and execute
libraries from paths that do not
exist by default on the Windows
operating system. By default, on
Windows systems, users can
create directories under the top
level of any drive. If a low
privileged user creates an affected
path with a library that the Veritas
product attempts to load, they can
execute arbitrary code as
SYSTEM or Administrator. This
gives the attacker administrator
access on the system, allowing the
attacker (by default) to access all
data, access all installed
applications, etc. This
vulnerability affects master
servers, media servers, clients,
and OpsCenter servers on the
Windows platform. The system is
vulnerable during an install or
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36169
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
upgrade and post-install during
normal operations.
veritas -- netbackup_and_opscenter
An issue was discovered in
Veritas NetBackup and
OpsCenter through 8.3.0.1.
NetBackup processes using
Strawberry Perl attempt to load
and execute libraries from paths
that do not exist by default on the
Windows operating system. By
default, on Windows systems,
users can create directories under
C:\. If a low privileged user on the
Windows system creates an
affected path with a library that
NetBackup attempts to load, they
can execute arbitrary code as
SYSTEM or Administrator. This
gives the attacker administrator
access on the system, allowing the
attacker (by default) to access all
data, access all installed
applications, etc. This affects
NetBackup master servers, media
servers, clients, and OpsCenter
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36163
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
servers on the Windows platform.
The system is vulnerable during
an install or upgrade on all
systems and post-install on
Master, Media, and OpsCenter
servers during normal operations.
veritas -- resiliency_platform
An issue was discovered in
Veritas Resiliency Platform 3.4
and 3.5. It leverages OpenSSL on
Windows systems when using the
Managed Host addon. On start-
up, it loads the OpenSSL library.
This library may attempt to load
the openssl.cnf configuration file,
which does not exist. By default,
on Windows systems, users can
create directories under C:\. A
low privileged user can create a
C:\usr\local\ssl\openssl.cnf
configuration file to load a
malicious OpenSSL engine,
resulting in arbitrary code
execution as SYSTEM when the
service starts. This gives the
attacker administrator access on
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36168
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
the system, allowing the attacker
(by default) to access all data,
access all installed applications,
etc.
veritas -- system_recovery
An issue was discovered in
Veritas System Recovery before
21.2. On start-up, it loads the
OpenSSL library from
\usr\local\ssl. This library
attempts to load the from
\usr\local\ssl\openssl.cnf
configuration file, which does not
exist. By default, on Windows
systems, users can create
directories under C:\. A low
privileged user can create a
C:\usr\local\ssl\openssl.cnf
configuration file to load a
malicious OpenSSL engine,
resulting in arbitrary code
execution as SYSTEM when the
service starts. This gives the
attacker administrator access on
the system, allowing the attacker
(by default) to access all data and
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36160
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
installed applications, etc. If the
system is also an Active Directory
domain controller, then this can
affect the entire domain.
videolan -- vlc_media_player
A vulnerability in
EbmlTypeDispatcher::send in
VideoLAN VLC media player
3.0.11 allows attackers to trigger
a heap-based buffer overflow via
a crafted .mkv file.
2021-
01-08
not yet
calculat
ed
CVE-
2020-
26664
MISC
MISC
MISC
wolfssl -- wolfssl
RsaPad_PSS in
wolfcrypt/src/rsa.c in wolfSSL
before 4.6.0 has an out-of-bounds
write for certain relationships
between key size and digest size.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36177
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
An issue was discovered in the
Divi Builder plugin, Divi theme,
and Divi Extra theme before 4.5.3
for WordPress. Authenticated
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35945
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
attackers, with contributor-level
or above capabilities, can upload
arbitrary files, including .php
files. This occurs because the
check for file extensions is on the
client side.
MISC
MISC
wordpress -- wordpress
PHP Object injection
vulnerabilities in the Team
Showcase plugin before 1.22.16
for WordPress allow remote
authenticated attackers to inject
arbitrary PHP objects due to
insecure unserialization of data
supplied in a remotely hosted
crafted payload in the source
parameter via AJAX. The action
must be set to
team_import_xml_layouts.
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35939
MISC
wordpress -- wordpress
PHP Object injection
vulnerabilities in the Post Grid
plugin before 2.0.73 for
WordPress allow remote
authenticated attackers to inject
arbitrary PHP objects due to
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35938
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
insecure unserialization of data
supplied in a remotely hosted
crafted payload in the source
parameter via AJAX. The action
must be set to
post_grid_import_xml_layouts.
wordpress -- wordpress
Stored Cross-Site Scripting (XSS)
vulnerabilities in the Post Grid
plugin before 2.0.73 for
WordPress allow remote
authenticated attackers to import
layouts including JavaScript
supplied via a remotely hosted
crafted payload in the source
parameter via AJAX. The action
must be set to
post_grid_import_xml_layouts.
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35936
MISC
wordpress -- wordpress
The Advanced Access Manager
plugin before 6.6.2 for WordPress
allows privilege escalation on
profile updates via the
aam_user_roles POST parameter
if Multiple Role support is
enabled. (The mechanism for
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35935
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
deciding whether a user was
entitled to add a role did not work
in various custom-role scenarios.)
wordpress -- wordpress
A Reflected Authenticated Cross-
Site Scripting (XSS) vulnerability
in the Newsletter plugin before
6.8.2 for WordPress allows
remote attackers to trick a victim
into submitting a tnpc_render
AJAX request containing either
JavaScript in an options
parameter, or a base64-encoded
JSON string containing
JavaScript in the encoded_options
parameter.
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35933
MISC
wordpress -- wordpress
Stored Cross-Site Scripting (XSS)
vulnerabilities in the Team
Showcase plugin before 1.22.16
for WordPress allow remote
authenticated attackers to import
layouts including JavaScript
supplied via a remotely hosted
crafted payload in the source
parameter via AJAX. The action
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35937
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
must be set to
team_import_xml_layouts.
wordpress -- wordpress
The iThemes Security (formerly
Better WP Security) plugin before
7.7.0 for WordPress does not
enforce a new-password
requirement for an existing
account until the second login
occurs.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36176
MISC
wordpress -- wordpress
An issue was discovered in the
Quiz and Survey Master plugin
before 7.0.1 for WordPress. It
made it possible for
unauthenticated attackers to
upload arbitrary files and achieve
remote code execution. If a quiz
question could be answered by
uploading a file, only the Content-
Type header was checked during
the upload, and thus the attacker
could use text/plain for a .php file.
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35949
MISC
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
wordpress -- wordpress
The Advanced Access Manager
plugin before 6.6.2 for WordPress
displays the unfiltered user object
(including all metadata) upon
login via the REST API
(aam/v1/authenticate or
aam/v2/authenticate). This is a
security problem if this object
stores information that the user is
not supposed to have (e.g.,
custom metadata added by a
different plugin).
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35934
MISC
wordpress -- wordpress
An issue was discovered in the
XCloner Backup and Restore
plugin before 4.2.153 for
WordPress. It allows CSRF (via
almost any endpoint).
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35950
MISC
MISC
wordpress -- wordpress
Insecure Deserialization in the
Newsletter plugin before 6.8.2 for
WordPress allows authenticated
remote attackers with minimal
privileges (such as subscribers) to
use the tpnc_render AJAX action
to inject arbitrary PHP objects via
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35932
MISC
Primary
Vendor -- Product Description
Publish
ed
CVSS
Score
Source
& Patch
Info
the options[inline_edits]
parameter. NOTE: exploitability
depends on PHP objects that
might be present with certain
other plugins or themes.
wordpress -- wordpress
The Elementor Website Builder
plugin before 3.0.14 for
WordPress does not properly
restrict SVG uploads.
2021-
01-06
not yet
calculat
ed
CVE-
2020-
36171
MISC
wordpress -- wordpress
An issue was discovered in the
XCloner Backup and Restore
plugin before 4.2.13 for
WordPress. It gave authenticated
attackers the ability to modify
arbitrary files, including PHP
files. Doing so would allow an
attacker to achieve remote code
execution. The
xcloner_restore.php
write_file_action could overwrite
wp-config.php, for example.
Alternatively, an attacker could
create an exploit chain to obtain a
database dump.
2021-
01-01
not yet
calculat
ed
CVE-
2020-
35948
MISC
MISC