Agenparl
Agenparl English Cronaca Sicurezza Social Network

VULNERABILITY SUMMARY FOR THE WEEK OF MARCH 9, 2020

(AGENPARL) – WASHINGTON lun 16 marzo 2020 Original release date: March 16, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — shardingsphere
 
In Apache ShardingSphere(incubator) and 4.0.0, the ShardingSphere’s web console uses the SnakeYAML library for parsing YAML inputs to load datasource configuration. SnakeYAML allows to unmarshal data to a Java type By using the YAML tag. Unmarshalling untrusted data can lead to security flaws of RCE. 7.5 CVE-
CONFIRM
bookstack — bookstack
 
BookStack before version has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions , and . Users should upgrade to at least v to avoid this vulnerability. 9 CVE-
MISC
MISC
MISC
CONFIRM
bwa_technology — direx-pro_devices BWA DiREX-Pro devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the PKG parameter to uninstall.php3. 10 CVE-
MISC
d-link — dcs-930l_devices
 
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. 9 CVE-
MISC
d-link — dir-825_devices
 
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the dns_query_name parameter in a dns_query.cgi POST request. TRENDnet TEW-632BRP is also affected. 9 CVE-
MISC
MISC
d-link — dir-825_devices
 
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the date parameter in a system_time.cgi POST request. TRENDnet TEW-632BRP is also affected. 9 CVE-
MISC
MISC
d-link — dir-825_devices
 
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute arbitrary commands via the wps_sta_enrollee_pin parameter in a set_sta_enrollee_pin.cgi POST request. TRENDnet TEW-632BRP is also affected. 9 CVE-
MISC
MISC
d-link — dir-825_devices
 
An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. 9 CVE-
MISC
dell — digital_delivery
 
Dell Digital Delivery versions prior to contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system. 7.2 CVE-
MISC
dell — emc_isilon_onefs
 
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur. 10 CVE-
MISC
dell — security_management_server
 
Dell Security Management Server versions prior to contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host./ 9.3 CVE-
MISC
fat-free_framework — fat-free_framework 
 
In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework’s Clear method. 7.5 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks. 7.5 CVE-
MISC
CONFIRM
gitlab– gitlab
 
GitLab 10.7 and later through has Incorrect Access Control. 7.5 CVE-
CONFIRM
MISC
MISC
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. 7.5 CVE-
MISC
CONFIRM
google — android In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-References: N/A 7.2 CVE-
MISC
google — android
 
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A- 7.8 CVE-
MISC
google — android
 
In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A- 7.8 CVE-
MISC
google — android
 
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A- 7.8 CVE-
MISC
google — android
 
In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A- 7.8 CVE-
MISC
google — android
 
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A- 7.2 CVE-
MISC
google — android
 
In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-References: N/A 7.2 CVE-
MISC
google — android
 
In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- 7.2 CVE-
MISC
google — android
 
In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A- 7.2 CVE-
MISC
google — android
 
In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A- 9.3 CVE-
MISC
google — android
 
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-References: Upstream kernel 7.2 CVE-
MISC
google — android
 
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-References: M-ALPS 7.2 CVE-
MISC
hp — storage_essentials
 
In HPE Storage Essentials , there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT. 10 CVE-
MISC
jenkins — jenkins Jenkins CryptoMove Plugin and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. 9 CVE-
MLIST
CONFIRM
jenkis — jenkins
 
An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. 8.5 CVE-
MLIST
CONFIRM
lexmark — markvision_exterprise
 
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( 7.5 CVE-
MISC
magento — advanced_newsletter
 
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. 10 CVE-
MISC
palo_alto_networks — pan-os
 
A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS . This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. 7.2 CVE-
CONFIRM
palo_alto_networks — pan-os
 
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS . This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS , and all later versions. 7.2 CVE-
CONFIRM
phpgurukul — job_portal
 
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. 7.5 CVE-
MISC
MISC
phpgurukul — online_book_store
 
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. 7.5 CVE-
MISC
MISC
quest — kace_k1000_systems_management_appliance
 
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 () allows a remote attacker to execute code via shell metacharacters in the kuid parameter. 7.5 CVE-
MISC
rconfig — rconfig
 
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. 9 CVE-
MISC
MISC
MISC
rconfig — rconfig
 
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. 7.5 CVE-
MISC
MISC
responsive_filemanager — responsive_filemanager
 
upload.php in Responsive FileManager and allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the PATH_INFO. Also, an attacker could create a DNS hostname that resolves to the IP address for DNS pinning. NOTE: this issue exists because of an incomplete fix for CVE-. 7.5 CVE-
MISC
ricoh — multiple_devices
 
A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls’ Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior. 10 CVE-
CONFIRM
CERT
sap — solution_manager
 
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. 7.5 CVE-
MISC
MISC
sap — solution_manager
 
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. 7.5 CVE-
MISC
MISC
siemens — multiple_simatic_devices
 
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability. 7.8 CVE-
MISC

siemens — simatic_s7-300_cpu_family_and_sinumerik_840d_sl

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V), SINUMERIK 840D sl (All versions). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known. 7.8 CVE-
MISC
siemens — siprotec_4_and_sprotec_devices
 
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens. 7.8 CVE-
MISC
sleuth_kit — sleuth_kit
 
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. 7.5 CVE-
MISC
MLIST
substack — minimist
 
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a “constructor” or “__proto__” payload. 7.5 CVE-
MISC
sumavision — enhanced_multimedia_router
 
goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) allows creation of arbitrary users with elevated privileges (administrator) on a device, as demonstrated by a setString=new_user<*1*>administrator<*1*> request. 7.5 CVE-
MISC
MISC
tibco_software — spotfire_analytics_platform_for_aws_marketplace
 
The Spotfire library component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not “Script Author” group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions and below and TIBCO Spotfire Server: versions and below, versions , , , , , , , , , , , , , and , versions , , , , , and . 9 CVE-
CONFIRM
CONFIRM
twisted_matrix — twisted_web
 
In Twisted Web through , there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. 7.5 CVE-
MISC
MISC
twisted_matrix — twisted_web
 
In Twisted Web through , there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. 7.5 CVE-
MISC
MISC
urllib3 — urllib3
 
The _encode_invalid_chars function in util/url.py in the urllib3 library through for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((). 7.8 CVE-
MISC
MISC
MISC
wago — pfc200_devices An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions ), ), and ). A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. 9 CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version ). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=<contents of dns node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file. 9.3 CVE-
MISC
wftpserver — wing_ftp_server
 
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root. 7.2 CVE-
MISC
wftpserver — wing_ftp_server
 
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files. 7.2 CVE-
MISC
wordpress — wordpress
 
The ThemeREX Addons plugin before for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter. 7.5 CVE-
MISC
zoho — manageengine_desktop_central
 
An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the update allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. 7.5 CVE-
CONFIRM
zoho — manageengine_desktop_central
 
Zoho ManageEngine Desktop Central before allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. 10 CVE-
MISC
MISC
MISC
CONFIRM
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ansible — ansible
 
A flaw was found in Ansible and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. 4.6 CVE-
CONFIRM
MISC
FEDORA
FEDORA
ansible — ansible
 
A race condition flaw was found in Ansible Engine and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with “umask 77 && mkdir -p <dir>”; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating ‘/proc/<pid>/cmdline’. 4.4 CVE-
CONFIRM
MISC
avast — antitrack
 
Avast AntiTrack before and AVG Antitrack before proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with “Allow filtering of HTTPS traffic for tracking detection” enabled. (This is the default configuration.) 5.8 CVE-
CONFIRM
MISC
barracuda — load_balancer_adc
 
Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware <= v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be used by any authenticated administrative user to expose the LDAP credentials configured in the LDAP connector over the network. 5.5 CVE-
MISC
bwa_technology — direx-pro_devices BWA DiREX-Pro devices allow full path disclosure via an invalid name array parameter to val_soft.php3. 5 CVE-
MISC
bwa_technology — direx-pro_devices BWA DiREX-Pro devices allow remote attackers to discover passwords via a direct request to val_users.php3. 5 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comment on any article via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new glossary term via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request. 4.3 CVE-
MISC

chadha — phpkb_standard_multi-language

CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request. 4.3 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php (vulnerable file admin/include/functions-articles.php). 4.3 CVE-
MISC
chadha — phpkb_standard_multi-language
 
admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data. 4 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. 4 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to rename any file on the webserver using a dot-dot-slash sequence (../) via the POST parameter imgName (for the new name) and imgUrl (for the current file to be renamed). 4 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanager/functions.php) in Chadha PHPKB Standard Multi-Language 9 allows attackers to list the files that are stored on the webserver using a dot-dot-slash sequence (../) via the POST parameter inpCurrFolder. 4 CVE-
MISC
chadha — phpkb_standard_multi-language
 
CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to change the global settings, potentially gaining code execution or causing a denial of service, via a crafted request. 4.3 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way comments in article.php (vulnerable function in include/functions-article.php) are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored (Blind) XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php, via the GET parameter cmt. 4.3 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete any folder on the webserver using a dot-dot-slash sequence (../) via the GET parameter crdir, when the GET parameter action is set to df, causing a Denial of Service. 5.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php. 6.5 CVE-
MISC

chadha — phpkb_standard_multi-languagee

CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request. 4.3 CVE-
MISC
citrix — gateway
 
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. 5.8 CVE-
MISC
MISC
MISC
citrix — gateway
 
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. 5 CVE-
MISC
MISC
MISC
citrix — gateway
 
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. 5 CVE-
MISC
MISC
MISC
citrix — sd-wan_center_and_netscaler_sd-wan_center Citrix SD-WAN Center 10.2.x before and NetScaler SD-WAN Center 10.0.x before allow XSS. 4.3 CVE-
CONFIRM
ckeditor — ckeditor
 
A cross-site scripting (XSS) vulnerability in the WSC plugin through for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. 4.3 CVE-
MISC
ckeditor — ckeditor
 
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted “protected” comment (with the cke_protected syntax). 4.3 CVE-
MISC
dojo — dojo
 
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions , , , and 5 CVE-
MISC
CONFIRM
MLIST
dojo — dojo
 
In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions , , , , and 5 CVE-
MISC
CONFIRM
MLIST
eclipse — theia
 
In Eclipse Theia versions 0.3.9 through , one of the default pre-packaged Theia extensions is “Mini-Browser”, published as “@theia/mini-browser” on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host’s filesystem, given their path, without restrictions on the requester’s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit. 5.8 CVE-
CONFIRM
eset — archive_support_module
 
ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression Information in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. 5 CVE-
MISC
facebook — thrift
 
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v. 5 CVE-
MISC
MISC
CONFIRM
facebook — thrift
 
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v. 5 CVE-
MISC
MISC
CONFIRM
froxlor — froxlor
 
An issue was discovered in Froxlor before . Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php. 6.5 CVE-
MISC
MISC
MISC
MISC
gitlab — enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition 8.3 through . The color codes decoder was vulnerable to a resource depletion attack if specific formats were used. It has Incorrect Access Control. 4.3 CVE-
MISC
CONFIRM
gitlab — enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. 4.3 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. 4.3 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. 5 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. 5 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 9.0 and through . Users with access to issues, but not the repository were able to view the number of related merge requests on an issue. It has Incorrect Access Control. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through . When specific encoded characters were added to comments, the comments section would become inaccessible. It has Incorrect Access Control (issue 1 of 2). 5 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.11 through . When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition before . One of the parsers used by Gilab CI was vulnerable to a resource exhaustion attack. It allows Uncontrolled Resource Consumption. 5 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 9.2 through . Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It allows Uncontrolled Resource Consumption. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues. 5 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. 6.5 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through . GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through . Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_enterprise_and_community_editions
 
An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through . The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control. 4 CVE-
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition 10.6 through . The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control. 5 CVE-
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition through . By using brute-force a user with access to a project, but not it’s repository could create a list of merge requests template names. It has excessive algorithmic complexity. 4 CVE-
MISC
CONFIRM
google — android
 
In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 5 CVE-
MISC
google — android
 
In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.6 CVE-
MISC
google — android
 
In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A- 4.9 CVE-
MISC
google — android
 
In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- 4.9 CVE-
MISC
google — android
 
In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- 5 CVE-
MISC
google — android
 
In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.7 CVE-
MISC
google — android
 
In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 6.9 CVE-
MISC
google — android
 
In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.6 CVE-
MISC
google — android
 
In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in Settings with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.4 CVE-
MISC
google — android
 
In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.6 CVE-
MISC
google — android
 
In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege to activate tethering with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.6 CVE-
MISC
google — android
 
In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.3 CVE-
MISC
google — android
 
In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- 6.9 CVE-
MISC
google — android
 
In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.6 CVE-
MISC
google — android
 
In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- 4.4 CVE-
MISC
google — android
 
In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 4.6 CVE-
MISC
halvotec — raquest
 
An issue was discovered in Halvotec RAQuest . The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password. 5 CVE-
MISC
MISC
ibm — spectrum_scale
 
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: . 5 CVE-
XF
CONFIRM
imagemagick — imagemagick
 
In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in codersheic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image. 4.3 CVE-
MISC
jenkins — jenkins
 
Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. 5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. 5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. 4.3 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. 5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. 5.8 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. 6.5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. 4 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 5.5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 5.5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. 4 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
A cross-site request forgery vulnerability in Jenkins P4 Plugin and earlier allows attackers to trigger builds or add a labels in Perforce. 4.3 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. 4.3 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. 4.3 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. 6.5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins DeployHub Plugin and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. 4 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted constructor calls and crafted constructor bodies. 6.5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
A missing permission check in Jenkins P4 Plugin and earlier allows attackers with Overall/Read permission to trigger builds. 4 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Backlog Plugin 2.4 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. 4 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Quality Gates Plugin 2.5 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. 5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Repository Connector Plugin 1.2.6 and earlier transmits configured credentials in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure. 5 CVE-
MLIST
CONFIRM
joomla! — joomla! JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. 6.5 CVE-
MISC
joomla! — joomla! SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. 6.5 CVE-
MISC
joomla! — joomla!
 
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. 6.5 CVE-
MISC
joomla! — joomla!
 
JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script. 6.5 CVE-
MISC
joomla! — joomla!
 
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. 6.5 CVE-
MISC
lexmark — markvision_enterprises
 
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. 6.8 CVE-
MISC
lexmark — multiple_devices
 
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. 5 CVE-
MISC
lexmark — multiple_devices
 
Lexmark X, W, T, E, and C devices before allow attackers to obtain sensitive information by reading passwords within exported settings. 5 CVE-
MISC
livezilla — live_chat
 
An issue was discovered in chat.php in LiveZilla Live Chat (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters. 4.3 CVE-
MISC
mahara — mahara
 
In Mahara 18.10 before , 19.04 before , and 19.10 before , certain personal information is discoverable inspecting network responses on the ‘Edit access’ screen when sharing portfolios. 4 CVE-
MISC
CONFIRM
mahara — mahara
 
In Mahara 18.10 before , 19.04 before , and 19.10 before , file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore. 4 CVE-
MISC
CONFIRM
metasys — multiple_products
 
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls’ Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C UUKLC 10th Edition Listed) version 8.1. 6.4 CVE-
CONFIRM
CERT
micro_focus — service_manager_release_control
 
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. 4.9 CVE-
CONFIRM
microsoft — application_inspector
 
A remote code execution vulnerability exists in Application Inspector version v or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka ‘Remote Code Execution Vulnerability in Application Inspector’. 6.8 CVE-
MISC
microsoft — windows_10_and_windows_server An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. 5 CVE-
MISC
misp — misp
 
MISP has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sighting_field.ctp. 4.3 CVE-
MISC
misp — misp
 
MISP has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp. 4.3 CVE-
MISC
monstra — monstra_cms
 
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI. 4 CVE-
MISC
MISC
moxa — multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Sensitive information is sent to the web server in cleartext, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server. 5 CVE-
CONFIRM
MISC
moxa — multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access. 5 CVE-
CONFIRM
MISC
moxa — multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. 6.8 CVE-
CONFIRM
MISC
moxa — multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker can access sensitive information (e.g., conduct username disclosure attacks) on the built-in WEB-service without authorization. 5 CVE-
CONFIRM
MISC
moxa — multiple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. The application’s configuration file contains parameters that represent passwords in cleartext. 5 CVE-
CONFIRM
MISC
munkireport — munkireport
 
An issue was discovered in Munkireport before . An unauthenticated actor can send a custom XSS payload through the /report/broken_client endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/views/listings/default.php. 4.3 CVE-
MISC
MISC
munkireport — munkireport
 
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint. 6.5 CVE-
MISC
MISC
nethack — nethack
 
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. 4.6 CVE-
MISC
CONFIRM
nethack — nethack
 
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue. 4.6 CVE-
CONFIRM
networkmanager — networkmanager
 
NetworkManager 0.9 and earlier allows local users to use other users’ certificates or private keys when making a connection via the file path when adding a new connection. 4.9 CVE-
MISC
MISC
MISC
MISC
MISC
MISC
nitro_software — nitro_pro
 
npdf.dll in Nitro Pro before is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. 5.8 CVE-
MISC
MISC
nitro_software — nitro_pro
 
npdf.dll in Nitro Pro before is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. 5.8 CVE-
MISC
MISC
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure. 4.4 CVE-
N/A
openshift — enterprise
 
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container. 4.4 CVE-
CONFIRM
otrs — open_ticket_request_system
 
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their “company” tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on. 4 CVE-
CONFIRM
MISC
palo_alto_networks — pan-os
 
A format string vulnerability in the PAN-OS log daemon (logd) on Panorama allows a local authenticated user to execute arbitrary code, bypassing the restricted shell and escalating privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS on Panorama. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS and all later PAN-OS 8.1 versions. 4.6 CVE-
CONFIRM
paseto_toolkit — jpaseto
 
JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. 5 CVE-
CONFIRM
phpbb — phpbb
 
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments. 4.3 CVE-
MISC
CONFIRM
python — python
 
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. 5 CVE-
CONFIRM
qemu — qemu
 
hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient PCI config space allocation, leading to a buffer overflow involving the PCIe extended config space. 4.6 CVE-
MISC
red_hat — jboss_as
 
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. 5 CVE-
MISC
MISC
sap — business_objects_business_intelligence_platform
 
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. 4.6 CVE-
MISC
MISC
MISC
sap — businessobjects_mobile
 
SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service. 5 CVE-
MISC
MISC
sap — cloud_platform_integration_for_data_services
 
SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted by external attackers, leading to Cross Site Request Forgery. 4.3 CVE-
MISC
MISC
sap — commerce
 
The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to which certain GET URL parameters are reflected in the HTTP responses without escaping/sanitization, leading to Reflected Cross Site Scripting. 4.3 CVE-
MISC
MISC
sap — disclosure_management
 
SAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to administration accounts by a user with no roles, leading to Missing Authorization Check. 6.5 CVE-
MISC
MISC
sap — enable_now
 
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure. 5.5 CVE-
MISC
MISC
sap — fiori_launchpad
 
SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting (XSS) vulnerability. 4.3 CVE-
MISC
MISC
sap — multiple_products
 
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check. 5.5 CVE-
MISC
MISC
sap — netweaver_application
 
nwbc_ext2int in SAP NetWeaver Application Server before Security Note allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. 4 CVE-
MISC
sap — netweaver_application_server_java
 
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. 6.5 CVE-
MISC
MISC
sap — netweaver_as_abap_business_server_pages
 
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability. 4.3 CVE-
MISC
MISC
sap — netweaver_uddi_server
 
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs, leading to Path Traversal. 6.4 CVE-
MISC
MISC
sap — treasury_and_risk_management
 
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check. 4 CVE-
MISC
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The DOWNLOADS section in the web interface of the SiNVR 3 Central Control Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed. 4 CVE-
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log. 4 CVE-
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiNVR 3 Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled. 4.9 CVE-
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server applies weak cryptography when exposing device (camera) passwords. This could allow an unauthenticated remote attacker to read and decrypt the passwords and conduct further attacks. 5 CVE-
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The SiNVR 3 Central Control Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands. 6.5 CVE-
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requeats. 5 CVE-
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface. 4.3 CVE-
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The streaming service (default port 5410/tcp) of the SiNVR 3 Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from the server. 5 CVE-
MISC
siemens — siport_mp
 
A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts (“service users”) with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area. 5.5 CVE-
MISC
siemens — spectrum_power_5
 
A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If deployed according to recommended system configuration, Siemens consideres the environmental vector as CR:L/IR:M/AR:H/MAV:A (4.1). 4.3 CVE-
MISC
sleuthkit — sleuthkit
 
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c. 6.4 CVE-
MISC
twisted — twisted
 
Twisted before does not attempt to address RFC 3875 section namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue. 5 CVE-
CONFIRM
CONFIRM
CONFIRM
MISC
usrsctp — usrsctp
 
usrsctp before has out-of-bounds reads in sctp_load_addresses_from_init. 4.3 CVE-
SUSE
MISC
MISC
MLIST
GENTOO
GENTOO
DEBIAN
utilitify — utilitify
 
utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype. 6.5 CVE-
MISC
MISC
vega-util — vega-util
 
vega-util prior to allows manipulation of object prototype. The ‘vega.mergeConfig’ method within vega-util could be tricked into adding or modifying properties of the Object.prototype. 4 CVE-
MISC
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version ). An attacker can send a specially crafted XML cache file At 0x1e8a8 the extracted domainname value from the xml file is used as an argument to /etc/config-tools/edit_dns_server domain-name=<contents of domainname node> using sprintf().This command is later executed via a call to system(). 6.8 CVE-
MISC
wago — e!cockpit
 
A cleartext transmission vulnerability exists in the network communication functionality of WAGO e!Cockpit version . An attacker with access to network traffic can easily intercept, interpret, and manipulate data coming from, or destined for e!Cockpit. This includes passwords, configurations, and binaries being transferred to endpoints. 5 CVE-
MISC
wago — pfc_devices
 
The WBM web application on firmwares prior to and on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server. This affects WAGO PFC200 Firmware version ) and version ), and WAGO PFC100 Firmware version ) and version ). 5 CVE-
MISC
wago — pfc200_devices
 
An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions ), ), and ). A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An attacker can send an authenticated HTTPS POST request to direct the Cloud Connectivity software to connect to an attacker controlled Azure IoT Hub node. 6.5 CVE-
MISC
western_digital — multiple_sandisk_devices
 
Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices. 6.3 CVE-
MISC
MISC
MISC
western_digital — sandisk_x600_devices
 
Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials. 4.3 CVE-
MISC
MISC
MISC

wftpserver — wing_ftp_server

An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel. 6.9 CVE-
MISC
wordpress — wordpress
 
An issue was discovered in the RegistrationMagic plugin for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. 5.5 CVE-
MISC
MISC
MISC
wordpress — wordpress
 
XSS was discovered in the RegistrationMagic plugin for WordPress via the rm_form_id, rm_tr, or form_name parameter. 4.3 CVE-
MISC
MISC
MISC
xiaomi — mi_user_interface_operating_system
 
An issue was discovered on Xiaomi MIUI V.QFAEUXM devices. In the Web resources of GetApps(com.xiaomi.mipicks), the parameters passed in are read and executed. After reading the resource files, relevant components open the link of the incoming URL. Although the URL is safe and can pass security detection, the data carried in the parameters are loaded and executed. An attacker can use NFC tools to get close enough to a user’s unlocked phone to cause apps to be installed and information to be leaked. This is fixed on version: . 4.3 CVE-
MISC
MISC
MISC
xiaomi — mi_user_interface_operating_system
 
An issue was discovered on Xiaomi MIUI V.QFAEUXM devices. The export component of GetApps(com.xiaomi.mipicks) mishandles the functionality of opening other components. Attackers need to induce users to open specific web pages in a specific network environment. By jumping to the WebView component of Messaging(com.android.MMS) and loading malicious web pages, information leakage can occur. This is fixed on version: ; . 4.3 CVE-
MISC
MISC
zoho — password_manager_pro
 
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build ), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. 4 CVE-
MISC
MISC
CONFIRM
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-glossary.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-user.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-template.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-subscriber.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-news.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/sitemap-generator.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-discussed.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-csv.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-subscribers.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/optimize-database.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-printed.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-profile.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC

chadha — phpkb_standard_multi-language

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-field.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-group.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC

chadha — phpkb_standard_multi-language

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-glossary.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/email-harvester.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/import-html.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-category.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index-attachments.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-drafts.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-language.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-traffic.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-comment.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-articles.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/index.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/kb-backup.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-categories.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/trash-box.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-field.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-attachments.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-glossary.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-rated.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-user.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-search.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-failed-login.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-category.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-referrers.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-departments.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-user.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/search-users.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-news.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/save-article.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-article.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/article-collaboration.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-article.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-feedbacks.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-template.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-fields.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-mailed.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-monthly.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/edit-group.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-groups.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-languages.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-settings.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-comments.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-templates.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-news.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-tickets.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-users.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/my-languages.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article-popular.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/report-article.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/reply-ticket.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/translate.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/manage-versions.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
chadha — phpkb_standard_multi-language
 
Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter p. 3.5 CVE-
MISC

chadha — phpkb_standard_multi-language  

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS (injecting arbitrary web script or HTML) in admin/add-category.php by adding a question mark (?) followed by the payload. 3.5 CVE-
MISC
froxlor — froxlor
 
An issue was discovered in Froxlor through . The installer wrote configuration parameters including passwords into files in /tmp, setting proper permissions only after writing the sensitive data. A local attacker could have disclosed the information if he read the file at the right time, because of _createUserdataConf in install/lib/class.FroxlorInstall.php. 2.1 CVE-
MISC
froxlor — froxlor
 
An issue was discovered in Froxlor before . It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php. 3.6 CVE-
MISC
MISC
MISC
gitlab — gitlab_community_and_enterprise_editions
 
An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. 3.5 CVE-
MISC
CONFIRM
google — android
 
In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
google — android
 
In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 1.9 CVE-
MISC
google — android
 
In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
google — android
 
In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. This could lead to local escalation of privilege on the lock screen with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 1.9 CVE-
MISC
google — android
 
In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
google — android
 
In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
google — android
 
In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
google — android
 
In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
google — android
 
In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
google — android
 
In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- 2.1 CVE-
MISC
google — android
 
In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- 2.1 CVE-
MISC
google — android
 
In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A- 2.1 CVE-
MISC
google — android
 
In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
google — android
 
In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A- 2.1 CVE-
MISC
hcl — connections
 
HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 3.5 CVE-
CONFIRM
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: . 3.5 CVE-
XF
CONFIRM
ibm — tivoli_workload_scheduler
 
IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: . 3.5 CVE-
XF
CONFIRM
jenkins — jenkins
 
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. 3.5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Timestamper Plugin and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission. 3.5 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system. 2.1 CVE-
MLIST
CONFIRM
jenkins — jenkins
 
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. 2.1 CVE-
MLIST
CONFIRM
joomla! — joomla!
 
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. 3.5 CVE-
MISC
joomla! — joomla!
 
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]. 3.5 CVE-
MISC
lexmark — multiple_devices
 
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. 3.5 CVE-
CONFIRM
lexmark — multiple_devices
 
Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US. 3.5 CVE-
CONFIRM
munkireport — munkireport
 
An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS payload through the /module/comment/save endpoint. The payload will be executed by any authenticated users browsing the application. This concerns app/controllers/client.php:detail. 3.5 CVE-
MISC
MISC
ramp — altitudecdn_altimeter
 
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI. 3.5 CVE-
MISC
sap — commerce
 
The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811, is vulnerable to client-side angularjs template injection, a variant of Cross-Site-Scripting (XSS) that exploits the templating facilities of the angular framework. 3.5 CVE-
MISC
MISC
sap — enable_now
 
SAP Enable Now, before version 1908, does not invalidate session tokens in a timely manner. The Insufficient Session Expiration may allow attackers with local access, for instance, to still download the portables. 2.1 CVE-
MISC
MISC
siemens — sinvr_3_central_control_server_and_video_server
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The FTP service of the SiNVR 3 Central Control Server (CCS) maintains a log file that stores login credentials in cleartext. In configurations where the FTP service is enabled, authenticated remote attackers could extract login credentials of other users of the service. 3.5 CVE-
MISC
siemens — sinvr_3_central_control_server_and_video_serverN/A
 
A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The web interface of the SiNVR 3 Central Control Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content. 3.5 CVE-
MISC
wago — pfc200_devies
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version ). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash. 2.1 CVE-
MISC
western_digital — sandisk _devices
 
Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. 2.1 CVE-
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abacus — oauth_login
 
oauth/oauth2/v1/saml/ in Abacus OAuth Login 00 before prior to R4 ( Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message. not yet calculated CVE-
MISC
MISC
administrate_gem_for_ruby_on_rails — administrate_gem_for_ruby_on_rails
 
In Administrate (rubygem) before version , when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter and bypass ActiveRecord SQL protections. Whilst this does have a high-impact, to exploit this you need access to the Administrate dashboards, which we would expect to be behind authentication. This is patched in wersion . not yet calculated CVE-
MISC
CONFIRM
ansible — ansible
 
A flaw was found in Ansible and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument “password” of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. not yet calculated CVE-
CONFIRM
MISC
FEDORA
FEDORA
anttix_linux_and_mx_linux — anttix_linux_and_mx_linux antiX and MX Linux allow local users to achieve root access via “persist-config –command /bin/sh” because of the Sudo configuration. not yet calculated CVE-
MISC
MISC
apache — commons_configuration
 
Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application. not yet calculated CVE-
MISC
MLIST
beckhoff — bk9000_devices
 
A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device’s functionality can be restored by rebooting. not yet calculated CVE-
MISC
bitcoin — bitcoind_and_bitcoin-qt bitcoind and Bitcoin-Qt prior to allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an “Easy” attack. not yet calculated CVE-
MISC
bitcoin — bitcoind_and_bitcoin-qt bitcoind and Bitcoin-Qt prior to have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name. not yet calculated CVE-
MISC
MISC
bitcoin — bitcoind_and_bitcoin-qt bitcoind and Bitcoin-Qt prior to allow injection of arbitrary data into the debug log via an RPC call. not yet calculated CVE-
MISC
blamer — blamer
 
Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer. not yet calculated CVE-
MISC
MISC
brother — multiple_printers Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL. not yet calculated CVE-
MISC
MISC
MISC
brother — multiple_printers
 
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device. not yet calculated CVE-
MISC
MISC
MISC
brother — multiple_printers
 
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device. not yet calculated CVE-
MISC
MISC
MISC
chadha — phpkb_standard_multi-language admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. not yet calculated CVE-
MISC
chadha — phpkb_standard_multi-language Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort. not yet calculated CVE-
MISC
chadha — phpkb_standard_multi-language
 
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings. not yet calculated CVE-
MISC
dell — emc_xtremio_xms_devices Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. not yet calculated CVE-
MISC
dell — emc_xtremio_xms_devices
 
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. not yet calculated CVE-
MISC
dell — emc_xtremio_xms_devices
 
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access. not yet calculated CVE-
MISC
dell — wyse_management_suite
 
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. not yet calculated CVE-
MISC
dell — wyse_management_suite
 
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. not yet calculated CVE-
MISC
devome — grr
 
An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query. not yet calculated CVE-
MISC
MISC
devome — grr
 
An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads. not yet calculated CVE-
MISC
MISC
fortinet — fortiadc
 
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. not yet calculated CVE-
CONFIRM
fortinet — fortisiem
 
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user’s session by persuading the victim to follow a malicious link. not yet calculated CVE-
CONFIRM
fortinet — fortisolator
 
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). not yet calculated CVE-
CONFIRM
fortinet — fortitray
 
An unquoted service path vulnerability in the FortiClient FortiTray component of FortiClientWindows v6.2.2 and prior allow an attacker to gain elevated privileges via the FortiClientConsole executable service path. not yet calculated CVE-
CONFIRM
fortinet — fortiweb
 
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. not yet calculated CVE-
CONFIRM
fortinet — fortiweb
 
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). not yet calculated CVE-
CONFIRM
freebsd — bhyve
 
grub2-bhyve, as used in FreeBSD bhyve before revision , does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS. not yet calculated CVE-
MISC
freebsd — bhyve
 
grub2-bhyve, as used in FreeBSD bhyve before revision , mishandles font loading by a guest through a grub2.cfg file, leading to a buffer overflow. not yet calculated CVE-
MISC
freedesktop — systemd systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). not yet calculated CVE-
MISC
MISC
MISC
CONFIRM
gitlab — gitlab GitLab 12.2 through allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab GitLab 12.1 through allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab GitLab 12.1 through allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 8.3 through allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab before allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 12.5 through has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 8.11 through allows a Denial of Service when using several features to recursively request eachother, not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 11.7 through allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 12.7 through has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 9.3 through allows XSS. A cross-site scripting vulnerability was found when viewing particular file types. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 7.10 through has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab before has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 10.4 through allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab through allows Information Disclosure. A particular view was exposing merge private merge request titles. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 12.1 through allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 12.8.x before , when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. not yet calculated CVE-
MISC
gitlab — gitlab
 
GitLab 12.5 through allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab
 
GitLab 10.1 through has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 3.0 through allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk. not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE 11.6 through allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace not yet calculated CVE-
MISC
CONFIRM
gitlab — gitlab_enterprise_edition
 
GitLab EE through allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. not yet calculated CVE-
MISC
CONFIRM
halvotec — raquest
 
An issue was discovered in Halvotec RaQuest . One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. not yet calculated CVE-
MISC
hotels.com — styx Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header. not yet calculated CVE-
MISC
MISC
huawei — honor_v30_smartphone
 
Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A ) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. not yet calculated CVE-
CONFIRM
huawei — usg6000v_virtual_service_gateway
 
Huawei USG6000V with versions V, V, and V have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products. not yet calculated CVE-
CONFIRM
intel — bluez
 
Improper access control in subsystem for BlueZ before version 5.53 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access. not yet calculated CVE-
CONFIRM
intel — fpga_programmable_acceleration_card_n3000
 
Improper access control in PCIe function for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. not yet calculated CVE-
CONFIRM
intel — fpga_programmable_acceleration_card_n3000
 
Improper access control in on-card storage for the Intel® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable denial of service via local access. not yet calculated CVE-
CONFIRM

intel — graphics_drivers

Uncontrolled search path in Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable escalation of privilege via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Buffer overflow in Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable a denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Unquoted service path in Intel(R) Graphics Drivers before versions , , , , and may allow an authenticated user to potentially enable denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions , , , , and may allow an authenticated user to potentially enable escalation of privilege via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Uncaught exception in system driver for Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable a denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Improper initialization in Intel(R) Graphics Drivers before versions , , and may allow a privileged user to potentially enable a denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Improper conditions check in Intel(R) Graphics Drivers before versions , , , , and may allow an authenticated user to potentially enable information disclosure and denial of service via local not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Buffer overflow in Intel(R) Graphics Drivers before versions , , and may allow an authenticated user to potentially enable a denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Improper access control in Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Improper access control in Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable information disclosure via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Improper access control in Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable escalation of privilege via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Improper default permissions in the installer for Intel(R) Graphics Drivers before versions and may allow an authenticated user to potentially enable escalation of privilege via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions , , , , and may allow an authenticated user to potentially enable escalation of privilege via local access not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Improper access control for Intel(R) Graphics Drivers before versions and may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Out-of-bounds write in Intel(R) Graphics Drivers before version may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions , , and may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. not yet calculated CVE-
CONFIRM
intel — graphics_drivers
 
Improper input validation in Intel(R) Graphics Drivers before version may allow an authenticated user to enable denial of service via local access. not yet calculated CVE-
CONFIRM
intel — max_10_fpga
 
Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable information disclosure via physical access. not yet calculated CVE-
CONFIRM
intel — multiple_processors
 
Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html not yet calculated CVE-
CONFIRM
intel — multiple_processors
 
Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html not yet calculated CVE-
CONFIRM
intel — nuc
 
Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html not yet calculated CVE-
CONFIRM
intel — nuc
 
Improper buffer restrictions in firmware for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html not yet calculated CVE-
CONFIRM

intel — optane_dc_persistent_memory_module_management_software

Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Module Management Software before version may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access. not yet calculated CVE-
CONFIRM
intel — smart_sound_technology
 
Improper access control in the subsystem for Intel(R) Smart Sound Technology may allow an authenticated user to potentially enable escalation of privilege via local access. This affects Intel® Smart Sound Technology before versions: 10th Generation Intel® Core™ i7 Processors, version 3431 and 8th Generation Intel® Core™ Processors, version 3349. not yet calculated CVE-
CONFIRM
invision_power_services — invision_power_board Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. not yet calculated CVE-
MISC
MISC
MISC
MISC
kde — applications messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before does not properly restrict the handling of an http-equiv=”REFRESH” value. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers Some Kyocera printers (such as the ECOSYS M5526cdw ) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw ) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw ) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw ) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw ) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
The web application of several Kyocera printers (such as the ECOSYS M5526cdw ) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
The web application of some Kyocera printers (such as the ECOSYS M5526cdw ) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
The web application of several Kyocera printers (such as the ECOSYS M5526cdw ) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw ) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw ) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
Some Kyocera printers (such as the ECOSYS M5526cdw ) were affected by multiple buffer overflow vulnerabilities in the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS), and potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
kyocera — ecosys_m5526cdw_printers
 
All configuration parameters of certain Kyocera printers (such as the ECOSYS M5526cdw ) were accessible by unauthenticated users. This information was only presented in the menus when authenticated, and the pages that loaded this information were also protected. However, all files that contained the configuration parameters were accessible. These files contained sensitive information, such as users, community strings, and other passwords configured in the printer. not yet calculated CVE-
MISC
lag_digital — wagtail-2fa In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1. not yet calculated CVE-
MISC
CONFIRM
lenovo — xclarity_administrator
 
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. not yet calculated CVE-
CONFIRM
lexmark — multiple_devices
 
Certain older Lexmark devices (C, M, X, and 6500e before ) contain a directory traversal vulnerability in the embedded web server. not yet calculated CVE-
MISC
CONFIRM
mcafee — advanced_threat_defense Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. not yet calculated CVE-
CONFIRM
mcafee — mcafee_agent
 
Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. not yet calculated CVE-
CONFIRM
mediawiki — mediawiki In the GlobalBlocking extension before for MediaWiki through , an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled. not yet calculated CVE-
MISC
MISC
meetecho — janus An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. not yet calculated CVE-
MISC
meetecho — janus
 
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn’t actually exist during a “query_logger” Admin API request, because of a typo in the JSON validation. not yet calculated CVE-
MISC
meetecho — janus
 
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times. not yet calculated CVE-
MISC
meetecho — janus
 
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash. not yet calculated CVE-
MISC
meetecho — janus
 
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions. not yet calculated CVE-
MISC

microsoft — azure_devop_server_2019_and_team_foundation_server_

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka ‘Azure DevOps Server Cross-site Scripting Vulnerability’. not yet calculated CVE-
MISC

microsoft — azure_devop_server_2019_and_team_foundation_server_

An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka ‘Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — azure_devops_server_2019 An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens, aka ‘Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC

microsoft — business_productivity_servers_and_sharepoint_enterprise_server_2016_and_sharepoint_foundation_2013

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka ‘Microsoft SharePoint Reflective XSS Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC

microsoft — chakracore_and_internet_explorer_11_and_microsoft_edge

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka ‘Scripting Engine Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — chakracore_and_microsoft_edge
 
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC

microsoft — chakracore_and_microsoft_edge_and_internet_explorer_11

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — exchange_server_
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka ‘Microsoft Exchange Server Spoofing Vulnerability’. not yet calculated CVE-
MISC
microsoft — internet_explorer_11
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka ‘Internet Explorer Memory Corruption Vulnerability’. not yet calculated CVE-
MISC
microsoft — internet_explorer_11
 
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — internet_explorer_ A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. not yet calculated CVE-
MISC
microsoft — internet_explorer_ A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — microsoft_edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka ‘Microsoft Edge Memory Corruption Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_products An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka ‘Dynamics Business Central Remote Code Execution Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_products An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka ‘Windows Imaging Component Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_products An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_products An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows ActiveX Installer Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_products An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka ‘Windows Modules Installer Service Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_products An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka ‘Windows Search Indexer Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_products
 
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_products
 
An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_products
 
An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka ‘Windows Hard Link Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka ‘Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system.An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.The update addresses the vulnerability by not permitting Diagnostics Hub Standard Collector or the Visual Studio Standard Collector to create files in arbitrary locations., aka ‘Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_sharepoint_products
 
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka ‘Microsoft SharePoint Reflective XSS Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC

microsoft — multiple_windows_products

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows ActiveX Installer Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Error Reporting Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka ‘Windows Network List Service Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows CSC Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Device Setup Manager improperly handles file operations, aka ‘Windows Device Setup Manager Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka ‘Windows User Profile Service Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka ‘DirectX Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka ‘Media Foundation Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows CSC Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows Graphics Component Information Disclosure Vulnerability’. not yet calculated CVE-
MISC

microsoft — multiple_windows_products

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka ‘Windows Language Pack Installer Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka ‘LNK Remote Code Execution Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka ‘Windows UPnP Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka ‘Windows Hard Link Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka ‘Windows Hard Link Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka ‘Microsoft IIS Server Tampering Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links, aka ‘Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows ActiveX Installer Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka ‘Windows UPnP Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka ‘Windows Installer Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka ‘Windows Network Connections Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka ‘Windows ALPC Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka ‘Windows Hard Link Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka ‘Windows Error Reporting Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka ‘Windows Network Connections Service Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka ‘Windows Update Orchestrator Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka ‘Windows Update Orchestrator Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka ‘Windows Work Folder Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — multiple_windows_products
 
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka ‘GDI+ Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — office__and_office_365_proplus
 
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC

microsoft — office_20165_proplus

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka ‘Microsoft Word Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-, CVE-. not yet calculated CVE-
MISC
microsoft — remote_desktop_connection_manager
 
An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity, aka ‘Remote Desktop Connection Manager Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — service_fabric An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka ‘Service Fabric Elevation of Privilege’. not yet calculated CVE-
MISC

microsoft — sharepoint_enterprise_server__and_sharepointserver_2019

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — visual_studio_ A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka ‘Microsoft Visual Studio Spoofing Vulnerability’. not yet calculated CVE-
MISC
microsoft — visual_studio_2019 A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links, aka ‘Visual Studio Extension Installer Service Denial of Service Vulnerability’. not yet calculated CVE-
MISC
microsoft — windows_10_and_windows_server An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka ‘Connected User Experiences and Telemetry Service Information Disclosure Vulnerability’. not yet calculated CVE-
MISC
microsoft — windows_10_and_windows_server An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Windows Defender Security Center Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — windows_10_and_windows_server_2016
 
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka ‘Windows Graphics Component Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC
microsoft — windows_10_and_windows_server_2016
 
A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka ‘Windows Tile Object Service Denial of Service Vulnerability’. not yet calculated CVE-
MISC

microsoft — windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka ‘Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC

microsoft — windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when Windows Defender Security Center handles certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Windows Defender Security Center Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-. not yet calculated CVE-
MISC

microsoft — windows_10_and_windows_server_and_windows_server_2019

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka ‘Media Foundation Memory Corruption Vulnerability’. This CVE ID is unique from CVE-, CVE-, CVE-. not yet calculated CVE-
MISC

microsoft — windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists in the way the Provisioning Runtime validates certain file operations, aka ‘Provisioning Runtime Elevation of Privilege Vulnerability’. not yet calculated CVE-
MISC
micrsoft — windows_10_and_windows_server
 
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Remote Code Execution Vulnerability’. not yet calculated CVE-
MISC
MISC
MISC
moxa — mulitple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. Insufficient password requirements for the MGate web application may allow an attacker to gain access by brute-forcing account passwords. not yet calculated CVE-
CONFIRM
MISC
moxa — mulitple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code (issue 1 of 2). not yet calculated CVE-
CONFIRM
MISC
moxa — mulitple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A high rate of transit traffic may cause a low-memory condition and a denial of service. not yet calculated CVE-
CONFIRM
MISC
moxa — mulitple_mgate_devices
 
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. not yet calculated CVE-
CONFIRM
MISC

multiple_vendors — multiple_dynamic_random_access_memory_chips

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers. not yet calculated CVE-
MISC
MISC
MISC
MISC
MISC
MISC
multiple_vendors — multiple_products
 
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. not yet calculated CVE-
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
netapp — storagegride
 
StorageGRID (formerly StorageGRID Webscale) versions through 11.3 prior to and are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). not yet calculated CVE-
CONFIRM
netgear — cg3700b_voo_device The Voo branded NETGEAR CG3700b custom firmware V uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase. not yet calculated CVE-
MISC
netgear — cg3700b_voo_device The Voo branded NETGEAR CG3700b custom firmware V uses HTTP Basic Authentication over cleartext HTTP. not yet calculated CVE-
MISC
netgear — cg3700b_voo_device The Voo branded NETGEAR CG3700b custom firmware V allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file. not yet calculated CVE-
MISC
nvidia — vgpu_graphics_driver NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service. not yet calculated CVE-
N/A
nvidia — virtual_gpu_manager
 
NVIDIA Virtual GPU Manager contains a vulnerability in the kernel module (nvidia.ko), where a null pointer dereference may occur, which may lead to denial of service. not yet calculated CVE-
N/A
nvidia — virtual_gpu_manager
 
NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service. not yet calculated CVE-
N/A
openstack — manila
 
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks. not yet calculated CVE-
MLIST
MISC
CONFIRM
opera_software — opera_for_android
 
Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the “first strong character” concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL. not yet calculated CVE-
MISC
MISC
osquery — osquery Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. not yet calculated CVE-
CONFIRM
CONFIRM
otrs — open_ticket_request_system An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-. not yet calculated CVE-
MISC
CONFIRM
phoenix_contact — multiple_tc_products
 
PHOENIX CONTACT TC ROUTER G through , TC ROUTER G through , TC ROUTER G VZW through , TC ROUTER G ATT through , TC CLOUD CLIENT G through , and TC CLOUD CLIENT 1002-TXTX through devices allow authenticated users to inject system commands through a modified POST request to a specific URL. not yet calculated CVE-
MISC
FULLDISC
MISC
MISC
phoenix_contact — multiple_tc_products
 
PHOENIX CONTACT TC ROUTER G through , TC ROUTER G through , TC ROUTER G VZW through , TC ROUTER G ATT through , TC CLOUD CLIENT G through , and TC CLOUD CLIENT 1002-TXTX through devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation. not yet calculated CVE-
MISC
FULLDISC
MISC
MISC
poly — hdx_series_devices
 
An issue was discovered in Poly (formerly Polycom) HDX . A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator’s page. The value received from the user is the factor value of a shell script on the equipment. By entering a special character (such as a single quote) in a CN or other CSR field, one can insert a command into a factor value. A system command can be executed as root. not yet calculated CVE-
MISC
primetek — primefaces
 
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces . In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation. not yet calculated CVE-
MISC
psd-tools — psd-tools
 
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data. not yet calculated CVE-
MISC
MISC
puppet — puppet_server_and_puppetdb
 
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE & , Puppet Server 6.9.1 & , and PuppetDB 6.9.1 & disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects Puppet Enterprise .x stream prior to , and prior to ; Puppet Server prior to 6.9.1, and prior to ; PuppetDB prior to 6.9.1, and prior to . not yet calculated CVE-
CONFIRM
qcms — qcms An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. not yet calculated CVE-
MISC
querymen — querymen
 
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks. not yet calculated CVE-
MISC
MISC
responsive_filemanager — responsive_filemanager
 
An issue was discovered in Responsive Filemanager through . In the ajax_calls.php file in the save_img action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF data, and the .php extension is used in the name parameter. (A potential fast patch is to disable the save_img action in the config file.) not yet calculated CVE-
MISC
ricoh — sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. not yet calculated CVE-
MISC
MISC
ricoh — sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. not yet calculated CVE-
MISC
MISC
ricoh — sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). Some Ricoh printers were affected by a wrong LPD service implementation that lead to a denial of service vulnerability. not yet calculated CVE-
MISC
MISC
ricoh — sp_c250dn_devices
 
Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets not yet calculated CVE-
MISC
MISC
safescan — timemoto
 
Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. not yet calculated CVE-
MISC
MISC
MISC
MISC
sapplica — sentrifugo
 
A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function. not yet calculated CVE-
MISC
EXPLOIT-DB
siemens — multiple_products A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC NET PC Software (All versions < V16 update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V (All versions), SIMATIC WinCC (TIA Portal) V15.1 (All versions), SIMATIC WinCC (TIA Portal) V16 (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5.1 Upd1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction. not yet calculated CVE-
MISC
siemens — s_600_series_devices
 
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0), SCALANCE S612 (All versions >= V3.0), SCALANCE S623 (All versions >= V3.0), SCALANCE S627-2M (All versions >= V3.0). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it. not yet calculated CVE-
MISC
technicolor — tc7337net_devices
 
Technicolor TC7337NET devices allow remote attackers to discover passwords by sniffing the network for an “Authorization: Basic” HTTP header. not yet calculated CVE-
MISC
torpeodquery — torpeodquery
 
Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBuilder.java, LikeCondition.java, and NotLikeCondition.java. not yet calculated CVE-
MISC
MISC
trendmicro — password_manager_for_windows
 
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. not yet calculated CVE-
N/A

unicode — international_components_for_unicode_for_c/c++

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. not yet calculated CVE-
REDHAT
MISC
MISC
MISC
MISC
MISC
GENTOO
MISC
untis — webuntis
 
Untis WebUntis before allows CSRF for certain combinations of rights and modules. not yet calculated CVE-
MISC
vesta — vesta_control_panel
 
Vesta Control Panel (VestaCP) 0.9.7 through is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. This function comes from the PHP library directly and its description is as follows: “escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument.” It means that if you give Username, it will have ‘Username’ as a replacement. This works well and protects users from exploiting this potentially dangerous exec function. Unfortunately, VestaCP uses this escapeshellarg function incorrectly in several places. not yet calculated CVE-
MISC
wago — e!cockpit
 
A hard-coded encryption key vulnerability exists in the authentication functionality of WAGO e!Cockpit version . An attacker with access to communications between e!Cockpit and CoDeSyS Gateway can trivially recover the password of any user attempting to log in, in plain text. not yet calculated CVE-
MISC
wago — e!cockpit
 
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. not yet calculated CVE-
MISC
wago — e!cockpit
 
An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability. not yet calculated CVE-
MISC
wago — pfc_devices
 
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials. This affects WAGO PFC200 Firmware version ) and version ), and WAGO PFC100 Firmware version ). not yet calculated CVE-
MISC
wago — pfc200_devices An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version ). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e9fc the extracted subnetmask value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=<contents of subnetmask node> using sprintf(). This command is later executed via a call to system(). not yet calculated CVE-
MISC
wago — pfc200_devices An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version ). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e9fc the extracted state value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=<contents of state node> using sprintf(). This command is later executed via a call to system(). not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version ). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1e87c the extracted hostname value from the xml file is used as an argument to /etc/config-tools/change_hostname hostname=<contents of hostname node> using sprintf(). This command is later executed via a call to system(). not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions ) and ), and WAGO PFC100 version ). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version ). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file.At 0x1ea28 the extracted type value from the xml file is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled config-type=<contents of type node> using sprintf(). This command is later executed via a call to system(). not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the cloud connectivity functionality of WAGO PFC200 versions ), ), and ). An attacker can inject operating system commands into the TimeoutPrepared parameter value contained in the firmware update command. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions ), ), and ). An attacker can inject OS commands into the TimeoutUnconfirmed parameter value contained in the Firmware Update command. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version ). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version ). A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e900 the extracted gateway value from the xml file is used as an argument to /etc/config-tools/config_default_gateway number=0 state=enabled value=<contents of gateway node> using sprintf(). This command is later executed via a call to system(). not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version ). An attacker can send specially crafted packet at 0x1ea48 to the extracted hostname value from the xml file that is used as an argument to /etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=<contents of ip node> using sprintf(). not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version ). A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any subnetmask values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled subnet-mask=‘) in length. A subnetmask value of length 0x3d9 will cause the service to crash. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version ). An attacker can send a specially crafted packet to trigger the parsing of this cache file. At 0x1e840 the extracted ntp value from the xml file is used as an argument to /etc/config-tools/config_sntp time-server-%d=<contents of ntp node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many ntp entries will be parsed from the xml file. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version ). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version ). An attacker can send a specially crafted packet to trigger the parsing of this cache file. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version ). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any hostname values that are greater than 1024-len(‘/etc/config-tools/change_hostname hostname=‘) in length. A hostname value of length 0x3fd will cause the service to crash. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version ). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=‘) in length. A ip value of length 0x3da will cause the service to crash. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version ). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled config-type=‘) in length. A type value of length 0x3d9 will cause the service to crash. not yet calculated CVE-
MISC
wago — pfc200_devices
 
An exploitable command injection vulnerability exists in the cloud connectivity feature of WAGO PFC200. An attacker can inject operating system commands into any of the parameter values contained in the firmware update command. This affects WAGO PFC200 Firmware version ), version ), and version ) not yet calculated CVE-
MISC
watchguard — fireware The AD Helper component in WatchGuard Fireware before allows remote attackers to discover cleartext passwords via the /domains/list URI. not yet calculated CVE-
MISC
MISC
wordpress — wordpress controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the ‘answer’ and ‘answers’ parameters. not yet calculated CVE-
MISC
MISC
wordpress — wordpress The sitepress-multilingual-cms (WPML) plugin before for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings. not yet calculated CVE-
MISC
MISC
wordpress — wordpress The popup-builder plugin before for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin’s settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info. not yet calculated CVE-
MISC
MISC
wordpress — wordpress
 
An XSS vulnerability in the popup-builder plugin before for WordPress allows remote attackers to inject arbitrary JavaScript into existing popups via an unsecured ajax action in com/classes/Ajax.php. It is possible for an unauthenticated attacker to insert malicious JavaScript in several of the popup’s fields by sending a request to wp-admin/admin-ajax.php with the POST action parameter of sgpb_autosave and including additional data in an allPopupData parameter, including the popup’s ID (which is visible in the source of the page in which the popup is inserted) and arbitrary JavaScript which will then be executed in the browsers of visitors to that page. Because the plugin functionality automatically adds script tags to data entered into these fields, this injection will typically bypass most WAF applications. not yet calculated CVE-
MISC
MISC
wordpress — wordpress
 
An issue was discovered in the File Upload plugin before for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call. not yet calculated CVE-
MISC
MISC
MISC
xerox — phaser_3320_printers Some Xerox printers (such as the Phaser 3320 V) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. not yet calculated CVE-
MISC
MISC
xerox — phaser_3320_printers Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V and other printers. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. not yet calculated CVE-
MISC
MISC
xerox — phaser_3320_printers Some Xerox printers (such as the Phaser 3320 V) were affected by a buffer overflow vulnerability in the Content-Type HTTP Header of the web application that would allow an attacker to execute arbitrary code on the device. not yet calculated CVE-
MISC
MISC
xerox — phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V) were affected by a buffer overflow vulnerability in the Authentication Cookie of the web application that would allow an attacker to execute arbitrary code on the device. not yet calculated CVE-
MISC
MISC
xerox — phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. not yet calculated CVE-
MISC
MISC
xerox — phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
MISC
xerox — phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V) did not implement any mechanism to avoid CSRF attacks. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. not yet calculated CVE-
MISC
MISC
xerox — phaser_3320_printers
 
Some Xerox printers (such as the Phaser 3320 V) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. not yet calculated CVE-
MISC
MISC
yii2cmf — yii2cmf yidashi yii2cmf 2.0 has XSS via the /search q parameter. not yet calculated CVE-
MISC
MISC
zoho — managenegine_opmanager
 
Zoho ManageEngine OpManager before allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in . not yet calculated CVE-
MISC
zoho — managengine_applications_manager
 
Zoho ManageEngine Applications Manager 14590 and before allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet not yet calculated CVE-
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Fonte/Source: https://www.us-cert.gov/ncas/bulletins/sb20-076

Related posts

130 EXPOSANTS PRéSENTS ET PLUS DE 1000 VISITEURS LORS DE LA 3èME éDITION DU SALON IDDEBA

Redazione

BATANES PLGU ENSURES ENOUGH SUPPLY OF RICE AMID COVID-19 SCARE

Redazione

DO YOUR SHARE OF AVOIDING GETTING INFECTED BY STAYING HOME, CORDS-8 TELLS EASTERN VISAYANS

Redazione

SEGURIDAD SA MISOR HOSPITALS, MAS GIHUGTAN PA

Redazione

COMUNICATO_STAMPA_MISUERE_ECONOMICHE_SETTORE_AGRICOLO_UDICON

Redazione

DTI 2 OFFERS TEMPORARY SHELTER FOR CVMC NURSES, OTHER FRONTLINERS

Redazione

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More