Vulnerability Summary for the Week of December 28, 2020

Released
Jan 04, 2021
Document ID
SB21-004

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3ds -- teamwork_cloudAn incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment.2020-12-287.2CVE-2020-25507
MISC
MISC
agentejo -- cockpitAgentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.2020-12-307.5CVE-2020-35848
MISC
MISC
MISC
MISC
agentejo -- cockpitAgentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.2020-12-307.5CVE-2020-35847
MISC
MISC
MISC
MISC
agentejo -- cockpitAgentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.2020-12-307.5CVE-2020-35846
MISC
MISC
MISC
MISC
backblaze -- backblazeBackblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.2020-12-279.3CVE-2020-8289
FULLDISC
FULLDISC
MISC
MISC
MISC
MISC
deep-set_project -- deep-setPrototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.2020-12-297.5CVE-2020-28276
MISC
CONFIRM
dset_project -- dsetPrototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.2020-12-297.5CVE-2020-28277
MISC
CONFIRM
esri -- arcgis_serverEsri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.2020-12-269.3CVE-2020-35712
MISC
MISC
flamingo_project -- flamingoFlamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.2020-12-267.5CVE-2020-35244
MISC
flamingo_project -- flamingoFlamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.2020-12-267.5CVE-2020-35242
MISC
flamingo_project -- flamingoFlamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.2020-12-267.5CVE-2020-35243
MISC
flamingo_project -- flamingoFlamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser.2020-12-267.5CVE-2020-35245
MISC
flattenizer_project -- flattenizerPrototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.2020-12-297.5CVE-2020-28279
MISC
CONFIRM
foscammall -- foscam_x1_firmwareFOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password.2020-12-287.2CVE-2020-28096
MISC
gdatasoftware -- g_dataAn issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges.2020-12-287.5CVE-2020-27172
MISC
getobject_project -- getobjectPrototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.2020-12-297.5CVE-2020-28282
MISC
CONFIRM
huorong -- internet_securityBeijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot.2020-12-267.5CVE-2020-35364
MISC
MISC
jiransecurity -- spamsniperSpamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet.2020-12-277.5CVE-2020-7845
MISC
MISC
joomla -- joomla\!An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.2020-12-287.5CVE-2020-35613
MISC
klogserver -- klog_serverKLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.2020-12-2710CVE-2020-35729
MISC
MISC
libnested_project -- libnestedPrototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution.2020-12-297.5CVE-2020-28283
MISC
CONFIRM
linksys -- re6500_firmwareBelkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.2020-12-2610CVE-2020-35713
MISC
MISC
MISC
linksys -- re6500_firmwareBelkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter.2020-12-267.8CVE-2020-35716
MISC
MISC
MISC
linksys -- re6500_firmwareBelkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page.2020-12-269CVE-2020-35715
MISC
MISC
MISC
netgear -- ac2100_firmwareCertain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.2020-12-309.7CVE-2020-35800
MISC
netgear -- ac2100_firmwareCertain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34.2020-12-307.5CVE-2020-35795
MISC
netgear -- cbr40_firmwareCertain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.2020-12-3010CVE-2020-35796
MISC
netgear -- d3600_firmwareCertain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.74, EX6400 before 1.0.2.140, EX7300 before 1.0.2.140, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7500v2 before 1.0.3.40, R7800 before 1.0.2.62, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.78, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.2020-12-307.5CVE-2020-35799
MISC
netgear -- dgn2200v1_firmwareNETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.2020-12-307.7CVE-2020-35777
MISC
netgear -- nms300_firmwareNETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker.2020-12-307.5CVE-2020-35797
MISC
netgear -- nms300_firmwareNETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.2020-12-307.8CVE-2020-35779
MISC
predefine_project -- predefinePrototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.2020-12-297.5CVE-2020-28280
MISC
CONFIRM
rusqlite_project -- rusqliteAn issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.2020-12-317.5CVE-2020-35873
MISC
MISC
set-object-value_project -- set-object-valuePrototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.2020-12-297.5CVE-2020-28281
MISC
CONFIRM
shvl_project -- shvlPrototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.2020-12-297.5CVE-2020-28278
MISC
CONFIRM
solarwinds -- orion_platformThe SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.2020-12-297.5CVE-2020-10148
CERT-VN
CONFIRM
struct2json_project -- struct2jsonstruct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT.2020-12-267.5CVE-2020-29203
MISC
tp-link -- wa901nd_firmwareA password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.2020-12-267.5CVE-2020-35575
MISC
MISC
MISC
webmin -- webminminiserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.2020-12-297.5CVE-2020-35769
MISC
MISC
woocommerce -- gift_cardsUltimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.2020-12-287.5CVE-2020-35627
MISC
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.2020-12-287.5CVE-2020-26030
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1e -- clientThe Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.2020-12-296.5CVE-2020-27645
CONFIRM
1e -- clientThe %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation.2020-12-294CVE-2020-27643
CONFIRM
1e -- clientThe Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\.2020-12-296.5CVE-2020-27644
CONFIRM
1e -- clientThe MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user.2020-12-296.5CVE-2020-16268
CONFIRM
apache -- accumuloApache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.2020-12-295.5CVE-2020-17533
MLIST
MISC
MLIST
arc-swap_project -- arc-swapAn issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.2020-12-255CVE-2020-35711
MISC
MISC
backblaze -- backblazeBackblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.2020-12-274.6CVE-2020-8290
MISC
MISC
MISC
bloofoxcms_project -- bloofoxcmsbloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.2020-12-254CVE-2020-35709
MISC
crossbar -- autobahnAutobahn|Python before 20.12.3 allows redirect header injection.2020-12-275.8CVE-2020-35678
CONFIRM
MISC
MISC
CONFIRM
CONFIRM
cxuu -- cxuucmsCXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add.2020-12-264.3CVE-2020-35347
MISC
cxuu -- cxuucmsCXUUCMS V3 allows class="layui-input" XSS.2020-12-274.3CVE-2020-29249
MISC
cxuu -- cxuucmsCXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.2020-12-274.3CVE-2020-29250
MISC
date-and-time_project -- date-and-timedate-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.2020-12-285CVE-2020-26289
MISC
CONFIRM
MISC
dext5 -- dext5uploadDEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value).2020-12-265CVE-2020-35362
MISC
fasterxml -- jackson-databindFasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).2020-12-276.8CVE-2020-35728
MISC
MISC
flamingoim_project -- flamingoimFlamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available.2020-12-265CVE-2020-35284
MISC
freedesktop -- poppler** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects.2020-12-256.8CVE-2020-35702
MISC
freehtmldesigns -- site_offlineThe site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF.2020-12-294.3CVE-2020-35773
MISC
MISC
MISC
MISC
gnome -- gdk-pixbufGNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.2020-12-264.3CVE-2020-29385
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
gnome -- gnome_display_managerA flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.2020-12-284.4CVE-2020-27837
MISC
gnu -- binutilsAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.2020-12-276.8CVE-2020-35448
MISC
MISC
gobby_project -- gobbyGobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.2020-12-265CVE-2020-35450
MISC
hcltech -- dominoHCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server.2020-12-285CVE-2020-14273
CONFIRM
hedgedoc -- hedgedocHedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should however verify that your uploaded file storage only contains files that are allowed, as uploaded files might still be served. As workaround it's possible to block the `/uploadimage` endpoint on your instance using your reverse proxy. And/or restrict MIME-types and file names served from your upload file storage.2020-12-295CVE-2020-26286
MISC
MISC
CONFIRM
hedgedoc -- hedgedocHedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but `www.google-analytics.com` is allowed. Using Google Tag Manger it is possible to inject arbitrary JavaScript and execute it on page load. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.1. As a workaround one can disallow `www.google-analytics.com` in the `Content-Security-Policy` header. Note that other ways to leverage the `script` tag injection might exist.2020-12-294.3CVE-2020-26287
MISC
MISC
MISC
MISC
CONFIRM
huawei -- cloudengine_12800_firmwareThere is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.2020-12-295CVE-2020-9124
CONFIRM
huawei -- cloudengine_12800_firmwareThere is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service.2020-12-295CVE-2020-9094
CONFIRM
huawei -- cloudengine_12800_firmwareThere is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service.2020-12-296.8CVE-2020-9207
CONFIRM
huawei -- honor_20_pro_firmwareThere is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module.2020-12-295CVE-2020-9223
CONFIRM
huawei -- imanager_neteco_6000There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak.2020-12-294CVE-2020-9208
CONFIRM
huawei -- mate_30_firmwareThere is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally.2020-12-294.6CVE-2020-9125
CONFIRM
huawei -- taurus-al00a_firmwareThere is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service.2020-12-294.3CVE-2020-9093
CONFIRM
intelliants -- subrion_cmsSubrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.2020-12-264.3CVE-2020-35437
MISC
joomla -- joomla\!An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.2020-12-285CVE-2020-35614
MISC
joomla -- joomla\!An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.2020-12-285CVE-2020-35612
MISC
joomla -- joomla\!An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.2020-12-285CVE-2020-35611
MISC
joomla -- joomla\!An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.2020-12-285CVE-2020-35610
MISC
joomla -- joomla\!An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.2020-12-285CVE-2020-35616
MISC
joomla -- joomla\!An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.2020-12-286.8CVE-2020-35615
MISC
liftoffsoftware -- gateoneGateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.2020-12-275CVE-2020-35736
MISC
MISC
linksys -- re6500_firmwareBelkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program.2020-12-266.5CVE-2020-35714
MISC
MISC
MISC
linuxfoundation -- dexDex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references).2020-12-286.8CVE-2020-26290
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
litespeedtech -- litespeed_cacheA cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting.2020-12-264.3CVE-2020-29172
CONFIRM
MISC
nchsoftware -- express_accountsIn NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users.2020-12-284CVE-2020-13474
MISC
MISC
netgear -- cbr40_firmwareCertain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, and RBS40V before 2.6.1.4.2020-12-305CVE-2020-35802
MISC
netgear -- d3600_firmwareCertain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.2020-12-305.2CVE-2020-35787
MISC
netgear -- d7800_firmwareCertain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.2020-12-304.6CVE-2020-35793
MISC
netgear -- d7800_firmwareCertain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.2020-12-305.2CVE-2020-35790
MISC
netgear -- dgn2200_firmwareNETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365).2020-12-305.8CVE-2020-35785
MISC
netgear -- gs716t_firmwareCertain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.2020-12-306.8CVE-2020-35778
MISC
netgear -- jgs516pe_firmwareCertain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48.2020-12-306.5CVE-2020-35784
MISC
netgear -- jgs516pe_firmwareCertain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48.2020-12-305.8CVE-2020-35783
MISC
netgear -- jgs516pe_firmwareCertain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48.2020-12-305.8CVE-2020-35782
MISC
netgear -- jgs516pe_firmwareCertain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48.2020-12-305.8CVE-2020-35801
MISC
netgear -- nms300_firmwareNETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user.2020-12-306.5CVE-2020-35789
MISC
netgear -- nms300_firmwareNETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.2020-12-304CVE-2020-35780
MISC
netgear -- nms300_firmwareNETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.2020-12-304CVE-2020-35781
MISC
netgear -- r7500_firmwareCertain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68.2020-12-305.2CVE-2020-35792
MISC
netgear -- r7800_firmwareCertain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.2020-12-304.6CVE-2020-35791
MISC
netgear -- rbs40v_firmwareCertain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-12-305.2CVE-2020-35794
MISC
netgear -- wac104_firmwareNETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user.2020-12-305.2CVE-2020-35788
MISC
opendkim -- opendkimThe test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.2020-12-284.4CVE-2020-35766
MISC
panasonic -- wv-s2231l_firmwarePanasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.2020-12-285CVE-2020-29194
MISC
MISC
parallels -- remote_application_serverParallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like "host":"192.168.###.###" in the POST data.2020-12-255CVE-2020-35710
MISC
MISC
phplist -- phplistphpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.2020-12-256.5CVE-2020-35708
MISC
MISC
pureftpd -- pure-ftpdPure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit.2020-12-265CVE-2020-35359
MISC
qnap -- qtsThis command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.2020-12-296.5CVE-2020-25847
CONFIRM
rockoa -- xinhurainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true.2020-12-265CVE-2020-35388
MISC
rockwellautomation -- factorytalk_diagnosticsAn unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected.2020-12-295CVE-2020-5807
CONFIRM
rockwellautomation -- factorytalk_linxAn attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.2020-12-295CVE-2020-5802
CONFIRM
rockwellautomation -- factorytalk_linxAn attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.2020-12-295CVE-2020-5801
CONFIRM
roundcube -- roundcubeAn XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php.2020-12-284.3CVE-2020-35730
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
stepmania -- stepmanialib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file.2020-12-264.3CVE-2020-20412
MISC
stratodesk -- notouch_centerStratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page.2020-12-266.5CVE-2020-25917
MISC
tag_project -- tagdhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.2020-12-284.3CVE-2020-29243
MISC
tag_project -- tagdhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData.2020-12-284.3CVE-2020-29245
MISC
tag_project -- tagdhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.2020-12-284.3CVE-2020-29242
MISC
tag_project -- tagdhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame.2020-12-284.3CVE-2020-29244
MISC
techkshetrainfo -- savsoft_quizA Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.2020-12-264.3CVE-2020-27515
MISC
MISC
MISC
tendacn -- ac1200_firmwareOn Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning.2020-12-285CVE-2020-28094
MISC
tendacn -- ac1200_firmwareOn Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234.2020-12-286.5CVE-2020-28093
MISC
tengine_project -- tengine** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far."2020-12-264.3CVE-2020-28759
MISC
twitter -- twitter-serverserver/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.2020-12-294.3CVE-2020-35774
MISC
MISC
user_registration_\&_login_and_user_management_system_with_admin_panel_project -- user_registration_\&_login_and_user_management_system_with_admin_panelA Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.2020-12-266.8CVE-2020-26766
MISC
wavpack -- wavpackWavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.2020-12-284.3CVE-2020-35738
MISC
woocommerce -- woocommerceThe WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.2020-12-275CVE-2020-29156
MISC
MISC
xpdfreader -- xpdfXpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.2020-12-265CVE-2020-35376
MISC
xuxueli -- xxl-jobXXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.2020-12-274.3CVE-2020-29204
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.2020-12-285CVE-2020-29160
MISC
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.2020-12-284CVE-2020-29159
MISC
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).2020-12-284CVE-2020-26031
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.2020-12-284CVE-2020-29158
MISC
MISC
zammad -- zammadAn account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user.2020-12-284CVE-2020-26034
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.2020-12-284CVE-2020-26029
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.2020-12-284CVE-2020-26028
MISC
zammad -- zammadAn SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.2020-12-285CVE-2020-26032
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.2020-12-285.8CVE-2020-26033
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cxuu -- cxuucmsCXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add.2020-12-263.5CVE-2020-35346
MISC
daybydaycrm -- daybydayDaybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen.2020-12-253.5CVE-2020-35706
MISC
MISC
daybydaycrm -- daybydayDaybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen.2020-12-253.5CVE-2020-35704
MISC
MISC
daybydaycrm -- daybydayDaybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen.2020-12-253.5CVE-2020-35707
MISC
MISC
daybydaycrm -- daybydayDaybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.2020-12-253.5CVE-2020-35705
MISC
MISC
flatpress -- flatpressFlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload.2020-12-303.5CVE-2020-35241
MISC
MISC
fluxbb -- fluxbbFluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in "Blog Content" and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.2020-12-303.5CVE-2020-35240
MISC
MISC
huawei -- jackman-al00dThere is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally.2020-12-292.1CVE-2020-1848
CONFIRM
nchsoftware -- express_accountsNCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.2020-12-282.1CVE-2020-13473
MISC
MISC
nchsoftware -- express_invoiceNCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.2020-12-283.5CVE-2020-13476
MISC
netgear -- d6200_devicesCertain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.2020-12-303.5CVE-2020-35842
MISC
netgear -- d6200_devicesCertain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.2020-12-303.5CVE-2020-35840
MISC
netgear -- d7800_devicesNETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user.2020-12-302.7CVE-2020-35786
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35824
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by disclosure of sensitive information. This affects D7800 before 1.0.1.58, R7800 before 1.0.2.74, R8900 before 1.0.5.18, R9000 before 1.0.5.18, and XR700 before 1.0.1.34.2020-12-302.1CVE-2020-35804
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35838
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35837
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35835
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35830
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.2020-12-303.5CVE-2020-35827
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35826
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35825
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35820
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35823
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35822
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35821
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35819
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35817
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35816
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35815
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35809
MISC
netgear -- d7800_devicesCertain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-303.5CVE-2020-35805
MISC
nopcommerce -- storenopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.2020-12-293.5CVE-2020-29475
MISC
opencart -- opencartOpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.2020-12-293.5CVE-2020-29471
MISC
opencart -- opencartOpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.2020-12-293.5CVE-2020-29470
MISC
panasonic -- wv-s2231lPanasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).2020-12-282.1CVE-2020-29193
MISC
MISC
rockwellautomation -- factorytalk_linxAn attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.2020-12-292.1CVE-2020-5806
CONFIRM
techkshetrainfo -- savsoft_quizSavsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).2020-12-263.5CVE-2020-35349
MISC
zammad -- zammadAn issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.2020-12-283.5CVE-2020-26035
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aminocom -- cpe_wan_management_protocol
 
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges.2020-12-30not yet calculatedCVE-2020-10209
MISC
aminocom -- entonewebengineCommand Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.2020-12-30not yet calculatedCVE-2020-10208
MISC
aminocom -- entonewebengine
 
Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.2020-12-29not yet calculatedCVE-2020-10207
MISC
aminocom -- ssh_keys
 
Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.2020-12-29not yet calculatedCVE-2020-10210
MISC
aminocom -- vncserver
 
Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device.2020-12-30not yet calculatedCVE-2020-10206
MISC
arista -- eos
 
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.2020-12-28not yet calculatedCVE-2020-24360
CONFIRM
arista -- eos
 
In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train.2020-12-28not yet calculatedCVE-2020-26569
CONFIRM
arista -- eos
 
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.2020-12-28not yet calculatedCVE-2020-15898
CONFIRM
bolt -- bolt
 
Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.2020-12-30not yet calculatedCVE-2020-28925
MISC
MISC
cbor -- cbor
 
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags.2020-12-31not yet calculatedCVE-2019-25001
MISC
charging_limit_current_write  -- charging_limit_current_write
 
In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability.2020-12-31not yet calculatedCVE-2020-11832
MISC
cockpit-project.org -- cockpit_234
 
** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue."2020-12-30not yet calculatedCVE-2020-35850
MISC
MISC
d-link -- dap-1650_devices
 
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.2020-12-30not yet calculatedCVE-2019-12768
MISC
dotcms -- dotcms
 
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability.2020-12-30not yet calculatedCVE-2020-27848
CONFIRM
MISC
draytek -- vigot2960
 
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.2020-12-31not yet calculatedCVE-2020-19664
MISC
MISC
dropbear -- dropbear
 
Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.2020-12-30not yet calculatedCVE-2019-12953
MISC
drupal -- aes_encryption
 
The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2017-20001
MISC
drupal -- kcfinder_integration
 
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2018-25002
MISC
MISC
MISC
drupal -- rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2016-20002
MISC
drupal -- rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2016-20001
MISC
drupal -- rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2016-20008
MISC
drupal -- rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2016-20003
MISC
drupal -- rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2016-20004
MISC
drupal -- rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2016-20005
MISC
drupal -- rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2016-20006
MISC
drupal -- rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2016-20007
MISC
drupal -- webform_report
 
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy.2021-01-01not yet calculatedCVE-2019-25012
MISC
egavilanmedia -- egavilanmediaEGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel - Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload.2020-12-30not yet calculatedCVE-2020-29230
MISC
MISC
egavilanmedia -- egavilanmediaEGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers.2020-12-30not yet calculatedCVE-2020-29231
MISC
MISC
egavilanmedia -- egavilanmedia
 
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page.2020-12-30not yet calculatedCVE-2020-29228
MISC
MISC
electron -- zonote
 
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true).2021-01-01not yet calculatedCVE-2020-35717
MISC
MISC
MISC
exponentcms -- exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.2020-12-31not yet calculatedCVE-2016-9023
MISC
MISC
exponentcms -- exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in storeController.php.2020-12-31not yet calculatedCVE-2016-9021
MISC
MISC
exponentcms -- exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in usersController.php.2020-12-31not yet calculatedCVE-2016-9022
MISC
MISC
exponentcms -- exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.2020-12-31not yet calculatedCVE-2016-9025
MISC
MISC
exponentcms -- exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in fileController.php.2020-12-31not yet calculatedCVE-2016-9026
MISC
MISC
foxitsoftware -- foxit_reader
 
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.2020-12-31not yet calculatedCVE-2020-35931
MISC
golang -- docker_engine
 
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.2020-12-30not yet calculatedCVE-2020-27534
MISC
MISC
MISC
MISC
MISC
golang -- go
 
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)2021-01-02not yet calculatedCVE-2020-28851
MISC
golang -- go
 
In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)2021-01-02not yet calculatedCVE-2020-28852
MISC
google -- flatbuffers
 
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.2020-12-31not yet calculatedCVE-2019-25004
MISC
google -- flatbuffers
 
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks.2020-12-31not yet calculatedCVE-2020-35864
MISC
green_packet -- wimax_dv-360_devices
 
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980.2020-12-31not yet calculatedCVE-2018-14067
MISC
gssproxy -- gssproxy
 
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c.2020-12-31not yet calculatedCVE-2020-12658
MISC
MISC
MISC
hgiga -- mailsherlockThe function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.2020-12-31not yet calculatedCVE-2020-25850
MISC
hgiga -- mailsherlock
 
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.2020-12-31not yet calculatedCVE-2020-35740
MISC
hgiga -- mailsherlock
 
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.2020-12-31not yet calculatedCVE-2020-35743
MISC
hgiga -- mailsherlock
 
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.2020-12-31not yet calculatedCVE-2020-35742
MISC
hgiga -- mailsherlock
 
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.2020-12-31not yet calculatedCVE-2020-35741
MISC
hgiga -- mailsherlock
 
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.2020-12-31not yet calculatedCVE-2020-35851
MISC
hgiga -- mailsherlock
 
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.2020-12-31not yet calculatedCVE-2020-25848
MISC
hyperium -- http
 
An issue was discovered in the http crate before 0.1.20 for Rust. HeaderMap::reserve() has an integer overflow that allows attackers to cause a denial of service.2020-12-31not yet calculatedCVE-2019-25008
MISC
hyperium -- hyper
 
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.2020-12-31not yet calculatedCVE-2020-35863
MISC
invision_community -- invision_community
 
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.2020-12-30not yet calculatedCVE-2020-29477
MISC
MISC
italoantunes -- vidyo
 
Vidyo 02-09-/D allows clickjacking via the portal/ URI.2020-12-29not yet calculatedCVE-2020-35735
MISC
MISC
jira -- xwiki
 
XWiki Platform before 12.8 mishandles escaping in the property displayer.2020-12-31not yet calculatedCVE-2020-13654
MISC
CONFIRM
MISC
libsecp256k1 -- libsecp256k1
 
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information.2020-12-31not yet calculatedCVE-2019-25003
MISC
limesurvey -- limesurveyLimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.2020-12-31not yet calculatedCVE-2020-25799
MISC
MISC
limesurvey -- limesurvey
 
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.2020-12-31not yet calculatedCVE-2020-25797
MISC
MISC
linbit -- csync2
 
An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API.2020-12-30not yet calculatedCVE-2019-15523
MISC
mantisbt -- mantisbt
 
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter.2020-12-30not yet calculatedCVE-2020-35849
MISC
mantisbt -- mantisbt
 
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.2020-12-30not yet calculatedCVE-2020-28413
MISC
matrixssl -- matrixssl
 
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431.2020-12-30not yet calculatedCVE-2019-16747
CONFIRM
MISC
CONFIRM
nayutaco -- ptarmigan
 
Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block.2020-12-30not yet calculatedCVE-2019-16281
MISC
MISC
MISC
netbox_community -- netbox
 
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.2020-12-31not yet calculatedCVE-2019-25011
MISC
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50.2020-12-30not yet calculatedCVE-2020-35798
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.2020-12-30not yet calculatedCVE-2020-35839
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35829
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35814
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35831
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35832
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35833
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, XR700 before 1.0.1.10, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, and RAX120 before 1.0.0.78.2020-12-30not yet calculatedCVE-2020-35813
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62.2020-12-30not yet calculatedCVE-2020-35841
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35812
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74.2020-12-30not yet calculatedCVE-2020-35803
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35834
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35810
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66.2020-12-30not yet calculatedCVE-2020-35808
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78.2020-12-30not yet calculatedCVE-2020-35836
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.2020-12-30not yet calculatedCVE-2020-35807
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, RAX120 before 1.0.0.78, and R7500v2 before 1.0.3.46.2020-12-30not yet calculatedCVE-2020-35828
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78.2020-12-30not yet calculatedCVE-2020-35806
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35818
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.2020-12-30not yet calculatedCVE-2020-35811
MISC
newgen -- egov
 
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.2020-12-30not yet calculatedCVE-2020-35737
MISC
nhiservisignadapter -- nhiservisignadapterNHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.2020-12-31not yet calculatedCVE-2020-25843
MISC
nhiservisignadapter -- nhiservisignadapterThe digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.2020-12-31not yet calculatedCVE-2020-25844
MISC
nhiservisignadapter -- nhiservisignadapterMultiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.2020-12-31not yet calculatedCVE-2020-25845
MISC
nhiservisignadapter -- nhiservisignadapterThe digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.2020-12-31not yet calculatedCVE-2020-25846
MISC
nhiservisignadapter -- nhiservisignadapter
 
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.2020-12-31not yet calculatedCVE-2020-25842
MISC
nokogiri -- nokogiri
 
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.2020-12-30not yet calculatedCVE-2020-26247
MISC
MISC
CONFIRM
MISC
MISC
npmjs -- parse_server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.2020-12-30not yet calculatedCVE-2020-26288
MISC
MISC
CONFIRM
MISC
npmjs -- uri.js
 
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example the URL `https://expected-example.com\@observed-example.com` will incorrectly return `observed-example.com` if using an affected version. Patched versions correctly return `expected-example.com`. Patched versions match the behavior of other parsers which implement the WHATWG URL specification, including web browsers and Node's built-in URL class. Version 1.19.4 is patched against all known payload variants. Version 1.19.3 has a partial patch but is still vulnerable to a payload variant.]2020-12-31not yet calculatedCVE-2020-26291
MISC
MISC
CONFIRM
MISC
npmjs -- vega
 
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim's machine. This is fixed in version 5.17.32020-12-30not yet calculatedCVE-2020-26296
MISC
MISC
MISC
CONFIRM
MISC
nukeviet -- nukevietmodules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).2020-12-31not yet calculatedCVE-2019-7726
MISC
MISC
CONFIRM
MISC
nukeviet -- nukeviet
 
includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).2020-12-31not yet calculatedCVE-2019-7725
MISC
MISC
CONFIRM
CONFIRM
openemr -- openemr
 
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.2020-12-31not yet calculatedCVE-2018-16795
MISC
MISC
oppo_charger -- sm8250_q_master
 
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.2020-12-31not yet calculatedCVE-2020-11835
MISC
oppo_charger -- sm8250_q_master
 
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability.2020-12-31not yet calculatedCVE-2020-11834
MISC
oppo_charger -- sm8250_q_master
 
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability.2020-12-31not yet calculatedCVE-2020-11833
MISC
plone -- plone
 
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).2020-12-30not yet calculatedCVE-2020-28735
CONFIRM
MISC
MISC
plone -- plone
 
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.2020-12-30not yet calculatedCVE-2020-28734
CONFIRM
MISC
MISC
plone -- plone
 
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).2020-12-30not yet calculatedCVE-2020-28736
CONFIRM
MISC
MISC
qdpm -- qdpm
 
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used.2020-12-31not yet calculatedCVE-2020-26165
MISC
MISC
FULLDISC
qemu -- qemu
 
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.2020-12-31not yet calculatedCVE-2020-11947
MISC
qemu -- qemu
 
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.2020-12-31not yet calculatedCVE-2019-20808
MISC
MISC
qnap -- qts
 
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later)2020-12-31not yet calculatedCVE-2018-19941
MISC
qnap -- qts
 
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later)2020-12-31not yet calculatedCVE-2018-19944
MISC
qnap -- qts
 
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x.2020-12-31not yet calculatedCVE-2018-19945
MISC
rocket_chat -- rocket_chat
 
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.2020-12-30not yet calculatedCVE-2020-29594
MISC
MISC
rusqlite -- rusqliteAn issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module.2020-12-31not yet calculatedCVE-2020-35867
MISC
MISC
rusqlite -- rusqliteAn issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.2020-12-31not yet calculatedCVE-2020-35868
MISC
MISC
rusqlite -- rusqliteAn issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.2020-12-31not yet calculatedCVE-2020-35869
MISC
MISC
rusqlite -- rusqliteAn issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free.2020-12-31not yet calculatedCVE-2020-35870
MISC
MISC
rusqlite -- rusqliteAn issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.2020-12-31not yet calculatedCVE-2020-35871
MISC
MISC
rusqlite -- rusqliteAn issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.2020-12-31not yet calculatedCVE-2020-35872
MISC
MISC
rusqlite -- rusqlite
 
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor.2020-12-31not yet calculatedCVE-2020-35866
MISC
MISC
rust -- http
 
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.2020-12-31not yet calculatedCVE-2019-25009
MISC
rust -- rustAn issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types.2020-12-31not yet calculatedCVE-2020-35927
MISC
rust -- rust
 
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question.2020-12-31not yet calculatedCVE-2020-35903
MISC
rust -- rust
 
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.2020-12-31not yet calculatedCVE-2020-35904
MISC
rust -- rust
 
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.2020-12-31not yet calculatedCVE-2020-35922
MISC
rust -- rust
 
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed.2020-12-31not yet calculatedCVE-2020-35902
MISC
rust -- rust
 
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream.2020-12-31not yet calculatedCVE-2020-35901
MISC
rust -- rust
 
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.2020-12-31not yet calculatedCVE-2020-35899
MISC
rust -- rust
 
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.2020-12-31not yet calculatedCVE-2020-35898
MISC
rust -- rust
 
An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race.2020-12-31not yet calculatedCVE-2020-35897
MISC
rust -- rust
 
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.2020-12-31not yet calculatedCVE-2020-35896
MISC
rust -- rust
 
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.2020-12-31not yet calculatedCVE-2020-35928
MISC
rust -- rust
 
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.2020-12-31not yet calculatedCVE-2020-35895
MISC
rust -- rust
 
An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.2020-12-31not yet calculatedCVE-2020-35894
MISC
rust -- rust
 
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory.2020-12-31not yet calculatedCVE-2020-35893
MISC
rust -- rust
 
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.2020-12-31not yet calculatedCVE-2020-35892
MISC
rust -- rust
 
An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free.2020-12-31not yet calculatedCVE-2020-35900
MISC
rust -- rust
 
An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation.2020-12-31not yet calculatedCVE-2020-35906
MISC
rust -- rust
 
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).2020-12-31not yet calculatedCVE-2020-35905
MISC
rust -- rust
 
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)2020-12-31not yet calculatedCVE-2020-35916
MISC
rust -- rust
 
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type.2020-12-31not yet calculatedCVE-2020-35924
MISC
rust -- rust
 
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type.2020-12-31not yet calculatedCVE-2020-35925
MISC
rust -- rust
 
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.2020-12-31not yet calculatedCVE-2020-35921
MISC
rust -- rust
 
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.2020-12-31not yet calculatedCVE-2020-35926
MISC
rust -- rust
 
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.2020-12-31not yet calculatedCVE-2020-35920
MISC
rust -- rust
 
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation.2020-12-31not yet calculatedCVE-2020-35919
MISC
rust -- rust
 
An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic.2020-12-31not yet calculatedCVE-2020-35918
MISC
MISC
rust -- rust
 
An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>.2020-12-31not yet calculatedCVE-2020-35917
MISC
rust -- rust
 
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity.2020-12-31not yet calculatedCVE-2020-35890
MISC
rust -- rust
 
An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN.2020-12-31not yet calculatedCVE-2020-35923
MISC
rust -- rust
 
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types.2020-12-31not yet calculatedCVE-2020-35915
MISC
rust -- rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness.2020-12-31not yet calculatedCVE-2020-35914
MISC
rust -- rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness.2020-12-31not yet calculatedCVE-2020-35913
MISC
rust -- rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness.2020-12-31not yet calculatedCVE-2020-35912
MISC
rust -- rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness.2020-12-31not yet calculatedCVE-2020-35911
MISC
rust -- rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.2020-12-31not yet calculatedCVE-2020-35910
MISC
rust -- rust
 
An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server.2020-12-31not yet calculatedCVE-2020-35909
MISC
rust -- rust
 
An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled.2020-12-31not yet calculatedCVE-2020-35908
MISC
rust -- rust
 
An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference.2020-12-31not yet calculatedCVE-2020-35907
MISC
rust -- rust
 
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free.2020-12-31not yet calculatedCVE-2020-35891
MISC
rust -- rust
 
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.2020-12-31not yet calculatedCVE-2020-35883
MISC
rust -- rust
 
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike.2020-12-31not yet calculatedCVE-2020-35889
MISC
rust -- rust
 
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly.2020-12-31not yet calculatedCVE-2020-35875
MISC
rust -- rust
 
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.2020-12-31not yet calculatedCVE-2020-35888
MISC
rust -- rust
 
An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free.2020-12-31not yet calculatedCVE-2018-25001
MISC
rust -- rust
 
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.2020-12-31not yet calculatedCVE-2020-35857
MISC
rust -- rust
 
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).2020-12-31not yet calculatedCVE-2020-35858
MISC
rust -- rust
 
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption.2020-12-31not yet calculatedCVE-2020-35859
MISC
rust -- rust
 
An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code.2020-12-31not yet calculatedCVE-2020-35860
MISC
rust -- rust
 
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.2020-12-31not yet calculatedCVE-2020-35861
MISC
rust -- rust
 
An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.2020-12-31not yet calculatedCVE-2020-35862
MISC
rust -- rust
 
An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. It has false expectations about char::from_u32_unchecked behavior.2020-12-31not yet calculatedCVE-2020-35865
MISC
rust -- rust
 
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free.2020-12-31not yet calculatedCVE-2020-35874
MISC
rust -- rust
 
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.2020-12-31not yet calculatedCVE-2019-25010
MISC
MISC
rust -- rust
 
An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race.2020-12-31not yet calculatedCVE-2020-35876
MISC
rust -- rust
 
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory.2020-12-31not yet calculatedCVE-2020-35878
MISC
rust -- rust
 
An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut.2020-12-31not yet calculatedCVE-2020-35879
MISC
rust -- rust
 
An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation.2020-12-31not yet calculatedCVE-2020-35880
MISC
rust -- rust
 
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.2020-12-31not yet calculatedCVE-2020-35881
MISC
rust -- rust
 
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race.2020-12-31not yet calculatedCVE-2020-35882
MISC
rust -- rust
 
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.2020-12-31not yet calculatedCVE-2020-35884
MISC
rust -- rust
 
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.2020-12-31not yet calculatedCVE-2020-35885
MISC
rust -- rust
 
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race.2020-12-31not yet calculatedCVE-2020-35886
MISC
rust -- rust
 
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access.2020-12-31not yet calculatedCVE-2020-35877
MISC
rust -- rust
 
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut.2020-12-31not yet calculatedCVE-2020-35887
MISC
rustcrypto -- chacha20
 
An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext.2020-12-31not yet calculatedCVE-2019-25005
MISC
rustcrypto -- hashes
 
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic.2020-12-31not yet calculatedCVE-2019-25007
MISC
rustcrypto -- hashes
 
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer.2020-12-31not yet calculatedCVE-2019-25006
MISC
sentrifugo -- sentrifugo
 
** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2020-12-30not yet calculatedCVE-2020-28365
MISC
MISC
seopanel -- seopanel
 
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.2020-12-31not yet calculatedCVE-2020-35930
MISC
seopanel -- seopanel
 
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.2021-01-01not yet calculatedCVE-2021-3002
MISC
MISC
smsecgroup -- sm-vul
 
An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack.2020-12-30not yet calculatedCVE-2019-15080
MISC
MISC
smsecgroup -- sm-vul
 
A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free.2020-12-30not yet calculatedCVE-2019-15079
MISC
smsecgroup -- sm-vul
 
An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free.2020-12-30not yet calculatedCVE-2019-15078
MISC
sodiumoxide -- sodiumoxide
 
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.2020-12-31not yet calculatedCVE-2019-25002
MISC
sysdream -- usvn
 
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.2020-12-31not yet calculatedCVE-2020-17363
MISC
team_amaze -- amaze_file_manager
 
The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).2020-12-30not yet calculatedCVE-2020-35173
MISC
CONFIRM
MISC
tenda -- ac1200
 
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.2020-12-30not yet calculatedCVE-2020-28095
MISC
tenda -- n300
 
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.2021-01-01not yet calculatedCVE-2020-35391
MISC
umbraco -- umbracoA stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.2020-12-30not yet calculatedCVE-2020-5810
MISC
umbraco -- umbracoA stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.2020-12-30not yet calculatedCVE-2020-5809
MISC
umbraco -- umbraco
 
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.2020-12-30not yet calculatedCVE-2020-5811
MISC
webswing -- jslink
 
JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.2020-12-30not yet calculatedCVE-2020-11103
CONFIRM
CONFIRM
wondercms -- wondercms
 
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload.2020-12-30not yet calculatedCVE-2020-29233
MISC
wondercms -- wondercms
 
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload.2020-12-30not yet calculatedCVE-2020-29469
MISC
wordpress -- wordpressThe Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin).2021-01-01not yet calculatedCVE-2020-35934
MISC
wordpress -- wordpressThe Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)2021-01-01not yet calculatedCVE-2020-35935
MISC
wordpress -- wordpressAn issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).2021-01-01not yet calculatedCVE-2020-35951
MISC
MISC
wordpress -- wordpressAn issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).2021-01-01not yet calculatedCVE-2020-35950
MISC
MISC
wordpress -- wordpressAn issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.2021-01-01not yet calculatedCVE-2020-35949
MISC
MISC
wordpress -- wordpressAn issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.2021-01-01not yet calculatedCVE-2020-35948
MISC
MISC
wordpress -- wordpressAn issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur.2021-01-01not yet calculatedCVE-2020-35947
MISC
MISC
wordpress -- wordpressAn issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.2021-01-01not yet calculatedCVE-2020-35946
MISC
MISC
wordpress -- wordpressAn issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.2021-01-01not yet calculatedCVE-2020-35945
MISC
MISC
wordpress -- wordpressAn issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS.2021-01-01not yet calculatedCVE-2020-35944
MISC
MISC
wordpress -- wordpressPHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.2021-01-01not yet calculatedCVE-2020-35939
MISC
wordpress -- wordpressPHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.2021-01-01not yet calculatedCVE-2020-35938
MISC
wordpress -- wordpressStored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts.2021-01-01not yet calculatedCVE-2020-35937
MISC
wordpress -- wordpressStored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.2021-01-01not yet calculatedCVE-2020-35936
MISC
wordpress -- wordpress
 
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes.2021-01-01not yet calculatedCVE-2020-35932
MISC
wordpress -- wordpress
 
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.2021-01-01not yet calculatedCVE-2020-35933
MISC
zyxel -- zyxel
 
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.2020-12-27not yet calculatedCVE-2020-29299
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.