Vulnerability Summary for the Week of December 28, 2020

Posted by:

|

On:

|

Original release date: January 4, 2021

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3ds — teamwork_cloud An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment. 2020-12-28 7.2 CVE-2020-25507
MISC
MISC
agentejo — cockpit Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. 2020-12-30 7.5 CVE-2020-35848
MISC
MISC
MISC
MISC
agentejo — cockpit Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. 2020-12-30 7.5 CVE-2020-35847
MISC
MISC
MISC
MISC
agentejo — cockpit Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. 2020-12-30 7.5 CVE-2020-35846
MISC
MISC
MISC
MISC
backblaze — backblaze Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. 2020-12-27 9.3 CVE-2020-8289
FULLDISC
FULLDISC
MISC
MISC
MISC
MISC
deep-set_project — deep-set Prototype pollution vulnerability in ‘deep-set’ versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. 2020-12-29 7.5 CVE-2020-28276
MISC
CONFIRM
dset_project — dset Prototype pollution vulnerability in ‘dset’ versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. 2020-12-29 7.5 CVE-2020-28277
MISC
CONFIRM
esri — arcgis_server Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. 2020-12-26 9.3 CVE-2020-35712
MISC
MISC
flamingo_project — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. 2020-12-26 7.5 CVE-2020-35244
MISC
flamingo_project — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. 2020-12-26 7.5 CVE-2020-35242
MISC
flamingo_project — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. 2020-12-26 7.5 CVE-2020-35243
MISC
flamingo_project — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. 2020-12-26 7.5 CVE-2020-35245
MISC
flattenizer_project — flattenizer Prototype pollution vulnerability in ‘flattenizer’ versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. 2020-12-29 7.5 CVE-2020-28279
MISC
CONFIRM
foscammall — foscam_x1_firmware FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. 2020-12-28 7.2 CVE-2020-28096
MISC
gdatasoftware — g_data An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges. 2020-12-28 7.5 CVE-2020-27172
MISC
getobject_project — getobject Prototype pollution vulnerability in ‘getobject’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. 2020-12-29 7.5 CVE-2020-28282
MISC
CONFIRM
huorong — internet_security Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. 2020-12-26 7.5 CVE-2020-35364
MISC
MISC
jiransecurity — spamsniper Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet. 2020-12-27 7.5 CVE-2020-7845
MISC
MISC
joomla — joomla! An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list. 2020-12-28 7.5 CVE-2020-35613
MISC
klogserver — klog_server KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. 2020-12-27 10 CVE-2020-35729
MISC
MISC
libnested_project — libnested Prototype pollution vulnerability in ‘libnested’ versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution. 2020-12-29 7.5 CVE-2020-28283
MISC
CONFIRM
linksys — re6500_firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. 2020-12-26 10 CVE-2020-35713
MISC
MISC
MISC
linksys — re6500_firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. 2020-12-26 7.8 CVE-2020-35716
MISC
MISC
MISC
linksys — re6500_firmware Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. 2020-12-26 9 CVE-2020-35715
MISC
MISC
MISC
netgear — ac2100_firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34. 2020-12-30 9.7 CVE-2020-35800
MISC
netgear — ac2100_firmware Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RS400 before 1.5.0.48, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34. 2020-12-30 7.5 CVE-2020-35795
MISC
netgear — cbr40_firmware Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before 1.0.0.46, EX6200 before 1.0.3.94, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6250 before 1.0.4.42, R6300v2 before 1.0.4.42, R6400 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6700 before 1.0.2.16, R6900P before 1.3.2.124, R6900 before 1.0.2.16, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.2.102, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V-200 before 1.0.0.46, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3500RP before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. 2020-12-30 10 CVE-2020-35796
MISC
netgear — d3600_firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.74, EX6400 before 1.0.2.140, EX7300 before 1.0.2.140, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7500v2 before 1.0.3.40, R7800 before 1.0.2.62, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.78, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. 2020-12-30 7.5 CVE-2020-35799
MISC
netgear — dgn2200v1_firmware NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. 2020-12-30 7.7 CVE-2020-35777
MISC
netgear — nms300_firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. 2020-12-30 7.5 CVE-2020-35797
MISC
netgear — nms300_firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. 2020-12-30 7.8 CVE-2020-35779
MISC
predefine_project — predefine Prototype pollution vulnerability in ‘predefine’ versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. 2020-12-29 7.5 CVE-2020-28280
MISC
CONFIRM
rusqlite_project — rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free. 2020-12-31 7.5 CVE-2020-35873
MISC
MISC
set-object-value_project — set-object-value Prototype pollution vulnerability in ‘set-object-value’ versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. 2020-12-29 7.5 CVE-2020-28281
MISC
CONFIRM
shvl_project — shvl Prototype pollution vulnerability in ‘shvl’ versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. 2020-12-29 7.5 CVE-2020-28278
MISC
CONFIRM
solarwinds — orion_platform The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. 2020-12-29 7.5 CVE-2020-10148
CERT-VN
CONFIRM
struct2json_project — struct2json struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT. 2020-12-26 7.5 CVE-2020-29203
MISC
tp-link — wa901nd_firmware A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. 2020-12-26 7.5 CVE-2020-35575
MISC
MISC
MISC
webmin — webmin miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. 2020-12-29 7.5 CVE-2020-35769
MISC
MISC
woocommerce — gift_cards Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function “Custom Gift Card Template”, the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server. 2020-12-28 7.5 CVE-2020-35627
MISC
MISC
zammad — zammad An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users. 2020-12-28 7.5 CVE-2020-26030
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
1e — client The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%1EClientTachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges. 2020-12-29 6.5 CVE-2020-27645
CONFIRM
1e — client The %PROGRAMDATA%1EClient directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. 2020-12-29 4 CVE-2020-27643
CONFIRM
1e — client The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%1EClientTachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%Temp. 2020-12-29 6.5 CVE-2020-27644
CONFIRM
1e — client The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. 2020-12-29 6.5 CVE-2020-16268
CONFIRM
apache — accumulo Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the ‘canFlush’ and ‘canPerformSystemActions’ security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties. 2020-12-29 5.5 CVE-2020-17533
MLIST
MISC
MLIST
arc-swap_project — arc-swap An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map. 2020-12-25 5 CVE-2020-35711
MISC
MISC
backblaze — backblaze Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. 2020-12-27 4.6 CVE-2020-8290
MISC
MISC
MISC
bloofoxcms_project — bloofoxcms bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with “Content-Type: application/octet-stream”) to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. 2020-12-25 4 CVE-2020-35709
MISC
crossbar — autobahn Autobahn|Python before 20.12.3 allows redirect header injection. 2020-12-27 5.8 CVE-2020-35678
CONFIRM
MISC
MISC
CONFIRM
CONFIRM
cxuu — cxuucms CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. 2020-12-26 4.3 CVE-2020-35347
MISC
cxuu — cxuucms CXUUCMS V3 allows class=”layui-input” XSS. 2020-12-27 4.3 CVE-2020-29249
MISC
cxuu — cxuucms CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php. 2020-12-27 4.3 CVE-2020-29250
MISC
date-and-time_project — date-and-time date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2. 2020-12-28 5 CVE-2020-26289
MISC
CONFIRM
MISC
dext5 — dext5upload DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). 2020-12-26 5 CVE-2020-35362
MISC
fasterxml — jackson-databind FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). 2020-12-27 6.8 CVE-2020-35728
MISC
MISC
flamingoim_project — flamingoim Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product’s source code is available. 2020-12-26 5 CVE-2020-35284
MISC
freedesktop — poppler ** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects. 2020-12-25 6.8 CVE-2020-35702
MISC
freehtmldesigns — site_offline The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. 2020-12-29 4.3 CVE-2020-35773
MISC
MISC
MISC
MISC
gnome — gdk-pixbuf GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. 2020-12-26 4.3 CVE-2020-29385
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
gnome — gnome_display_manager A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. 2020-12-28 4.4 CVE-2020-27837
MISC
gnu — binutils An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. 2020-12-27 6.8 CVE-2020-35448
MISC
MISC
gobby_project — gobby Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. 2020-12-26 5 CVE-2020-35450
MISC
hcltech — domino HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. 2020-12-28 5 CVE-2020-14273
CONFIRM
hedgedoc — hedgedoc HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should however verify that your uploaded file storage only contains files that are allowed, as uploaded files might still be served. As workaround it’s possible to block the `/uploadimage` endpoint on your instance using your reverse proxy. And/or restrict MIME-types and file names served from your upload file storage. 2020-12-29 5 CVE-2020-26286
MISC
MISC
CONFIRM
hedgedoc — hedgedoc HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an attacker can inject arbitrary `script` tags in HedgeDoc notes using mermaid diagrams. Our content security policy prevents loading scripts from most locations, but `www.google-analytics.com` is allowed. Using Google Tag Manger it is possible to inject arbitrary JavaScript and execute it on page load. Depending on the configuration of the instance, the attacker may not need authentication to create or edit notes. The problem is patched in HedgeDoc 1.7.1. As a workaround one can disallow `www.google-analytics.com` in the `Content-Security-Policy` header. Note that other ways to leverage the `script` tag injection might exist. 2020-12-29 4.3 CVE-2020-26287
MISC
MISC
MISC
MISC
CONFIRM
huawei — cloudengine_12800_firmware There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. 2020-12-29 5 CVE-2020-9124
CONFIRM
huawei — cloudengine_12800_firmware There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. 2020-12-29 5 CVE-2020-9094
CONFIRM
huawei — cloudengine_12800_firmware There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. 2020-12-29 6.8 CVE-2020-9207
CONFIRM
huawei — honor_20_pro_firmware There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of received abnormal messages, remote attackers may exploit this vulnerability to cause a denial of service (DoS) on the specific module. 2020-12-29 5 CVE-2020-9223
CONFIRM
huawei — imanager_neteco_6000 There is an information leak vulnerability in iManager NetEco 6000 versions V600R021C00. A module is lack of authentication. Attackers without access to the module can exploit this vulnerability to obtain extra information, leading to information leak. 2020-12-29 4 CVE-2020-9208
CONFIRM
huawei — mate_30_firmware There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally. 2020-12-29 4.6 CVE-2020-9125
CONFIRM
huawei — taurus-al00a_firmware There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service. 2020-12-29 4.3 CVE-2020-9093
CONFIRM
intelliants — subrion_cms Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. 2020-12-26 4.3 CVE-2020-35437
MISC
joomla — joomla! An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page. 2020-12-28 5 CVE-2020-35614
MISC
joomla — joomla! An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. 2020-12-28 5 CVE-2020-35612
MISC
joomla — joomla! An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values. 2020-12-28 5 CVE-2020-35611
MISC
joomla — joomla! An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms. 2020-12-28 5 CVE-2020-35610
MISC
joomla — joomla! An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations. 2020-12-28 5 CVE-2020-35616
MISC
joomla — joomla! An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability. 2020-12-28 6.8 CVE-2020-35615
MISC
liftoffsoftware — gateone GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. 2020-12-27 5 CVE-2020-35736
MISC
MISC
linksys — re6500_firmware Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. 2020-12-26 6.5 CVE-2020-35714
MISC
MISC
MISC
linuxfoundation — dex Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references). 2020-12-28 6.8 CVE-2020-26290
MISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
litespeedtech — litespeed_cache A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. 2020-12-26 4.3 CVE-2020-29172
CONFIRM
MISC
nchsoftware — express_accounts In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. 2020-12-28 4 CVE-2020-13474
MISC
MISC
netgear — cbr40_firmware Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, and RBS40V before 2.6.1.4. 2020-12-30 5 CVE-2020-35802
MISC
netgear — d3600_firmware Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40. 2020-12-30 5.2 CVE-2020-35787
MISC
netgear — d7800_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. 2020-12-30 4.6 CVE-2020-35793
MISC
netgear — d7800_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26. 2020-12-30 5.2 CVE-2020-35790
MISC
netgear — dgn2200_firmware NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). 2020-12-30 5.8 CVE-2020-35785
MISC
netgear — gs716t_firmware Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36. 2020-12-30 6.8 CVE-2020-35778
MISC
netgear — jgs516pe_firmware Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and GS116Ev2 before 2.6.0.48. 2020-12-30 6.5 CVE-2020-35784
MISC
netgear — jgs516pe_firmware Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. 2020-12-30 5.8 CVE-2020-35783
MISC
netgear — jgs516pe_firmware Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. 2020-12-30 5.8 CVE-2020-35782
MISC
netgear — jgs516pe_firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. 2020-12-30 5.8 CVE-2020-35801
MISC
netgear — nms300_firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. 2020-12-30 6.5 CVE-2020-35789
MISC
netgear — nms300_firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. 2020-12-30 4 CVE-2020-35780
MISC
netgear — nms300_firmware NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. 2020-12-30 4 CVE-2020-35781
MISC
netgear — r7500_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68. 2020-12-30 5.2 CVE-2020-35792
MISC
netgear — r7800_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.68, R8900 before 1.0.5.2, and R9000 before 1.0.5.2. 2020-12-30 4.6 CVE-2020-35791
MISC
netgear — rbs40v_firmware Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS40V before 2.6.1.4, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. 2020-12-30 5.2 CVE-2020-35794
MISC
netgear — wac104_firmware NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. 2020-12-30 5.2 CVE-2020-35788
MISC
opendkim — opendkim The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the “A number of self-test programs are included here for unit-testing the library” situation. 2020-12-28 4.4 CVE-2020-35766
MISC
panasonic — wv-s2231l_firmware Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. 2020-12-28 5 CVE-2020-29194
MISC
MISC
parallels — remote_application_server Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker’s client for use as a “host” value. In other words, after an attacker’s web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like “host”:”192.168.###.###” in the POST data. 2020-12-25 5 CVE-2020-35710
MISC
MISC
phplist — phplist phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the “Config – Import Administrators” page. 2020-12-25 6.5 CVE-2020-35708
MISC
MISC
pureftpd — pure-ftpd Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit. 2020-12-26 5 CVE-2020-35359
MISC
qnap — qts This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. 2020-12-29 6.5 CVE-2020-25847
CONFIRM
rockoa — xinhu rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. 2020-12-26 5 CVE-2020-35388
MISC
rockwellautomation — factorytalk_diagnostics An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected. 2020-12-29 5 CVE-2020-5807
CONFIRM
rockwellautomation — factorytalk_linx An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. 2020-12-29 5 CVE-2020-5802
CONFIRM
rockwellautomation — factorytalk_linx An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. 2020-12-29 5 CVE-2020-5801
CONFIRM
roundcube — roundcube An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. 2020-12-28 4.3 CVE-2020-35730
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
stepmania — stepmania lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. 2020-12-26 4.3 CVE-2020-20412
MISC
stratodesk — notouch_center Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with “helpdesk” privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page. 2020-12-26 6.5 CVE-2020-25917
MISC
tag_project — tag dhowden tag before 2020-11-19 allows “panic: runtime error: index out of range” via readAPICFrame. 2020-12-28 4.3 CVE-2020-29243
MISC
tag_project — tag dhowden tag before 2020-11-19 allows “panic: runtime error: slice bounds out of range” via readAtomData. 2020-12-28 4.3 CVE-2020-29245
MISC
tag_project — tag dhowden tag before 2020-11-19 allows “panic: runtime error: index out of range” via readPICFrame. 2020-12-28 4.3 CVE-2020-29242
MISC
tag_project — tag dhowden tag before 2020-11-19 allows “panic: runtime error: slice bounds out of range” via readTextWithDescrFrame. 2020-12-28 4.3 CVE-2020-29244
MISC
techkshetrainfo — savsoft_quiz A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. 2020-12-26 4.3 CVE-2020-27515
MISC
MISC
MISC
tendacn — ac1200_firmware On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. 2020-12-28 5 CVE-2020-28094
MISC
tendacn — ac1200_firmware On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. 2020-12-28 6.5 CVE-2020-28093
MISC
tengine_project — tengine ** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated “I don’t think there is an proof of overflow so far.” 2020-12-26 4.3 CVE-2020-28759
MISC
twitter — twitter-server server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint. 2020-12-29 4.3 CVE-2020-35774
MISC
MISC
user_registration_&_login_and_user_management_system_with_admin_panel_project — user_registration_&_login_and_user_management_system_with_admin_panel A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. 2020-12-26 6.8 CVE-2020-26766
MISC
wavpack — wavpack WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later “unofficial” releases through 5.3.2, which are also affected. 2020-12-28 4.3 CVE-2020-35738
MISC
woocommerce — woocommerce The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. 2020-12-27 5 CVE-2020-29156
MISC
MISC
xpdfreader — xpdf Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. 2020-12-26 5 CVE-2020-35376
MISC
xuxueli — xxl-job XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. 2020-12-27 4.3 CVE-2020-29204
MISC
zammad — zammad An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing. 2020-12-28 5 CVE-2020-29160
MISC
MISC
zammad — zammad An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended. 2020-12-28 4 CVE-2020-29159
MISC
MISC
zammad — zammad An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). 2020-12-28 4 CVE-2020-26031
MISC
zammad — zammad An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view. 2020-12-28 4 CVE-2020-29158
MISC
MISC
zammad — zammad An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user. 2020-12-28 4 CVE-2020-26034
MISC
zammad — zammad An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header. 2020-12-28 4 CVE-2020-26029
MISC
zammad — zammad An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets. 2020-12-28 4 CVE-2020-26028
MISC
zammad — zammad An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems. 2020-12-28 5 CVE-2020-26032
MISC
zammad — zammad An issue was discovered in Zammad before 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check. 2020-12-28 5.8 CVE-2020-26033
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cxuu — cxuucms CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. 2020-12-26 3.5 CVE-2020-35346
MISC
daybydaycrm — daybyday Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. 2020-12-25 3.5 CVE-2020-35706
MISC
MISC
daybydaycrm — daybyday Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. 2020-12-25 3.5 CVE-2020-35704
MISC
MISC
daybydaycrm — daybyday Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. 2020-12-25 3.5 CVE-2020-35707
MISC
MISC
daybydaycrm — daybyday Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. 2020-12-25 3.5 CVE-2020-35705
MISC
MISC
flatpress — flatpress FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload. 2020-12-30 3.5 CVE-2020-35241
MISC
MISC
fluxbb — fluxbb FluxBB 1.5.11 is affected by cross-site scripting (XSS in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in “Blog Content” and each time any user will visit the blog, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. 2020-12-30 3.5 CVE-2020-35240
MISC
MISC
huawei — jackman-al00d There is a resource management error vulnerability in Jackman-AL00D versions 8.2.0.185(C00R2P1). Local attackers construct malicious application files, causing system applications to run abnormally. 2020-12-29 2.1 CVE-2020-1848
CONFIRM
nchsoftware — express_accounts NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file. 2020-12-28 2.1 CVE-2020-13473
MISC
MISC
nchsoftware — express_invoice NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module. 2020-12-28 3.5 CVE-2020-13476
MISC
netgear — d6200_devices Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. 2020-12-30 3.5 CVE-2020-35842
MISC
netgear — d6200_devices Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. 2020-12-30 3.5 CVE-2020-35840
MISC
netgear — d7800_devices NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. 2020-12-30 2.7 CVE-2020-35786
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35824
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7800 before 1.0.1.58, R7800 before 1.0.2.74, R8900 before 1.0.5.18, R9000 before 1.0.5.18, and XR700 before 1.0.1.34. 2020-12-30 2.1 CVE-2020-35804
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35838
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35837
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35835
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35830
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78. 2020-12-30 3.5 CVE-2020-35827
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35826
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35825
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35820
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35823
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35822
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35821
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35819
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35817
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35816
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35815
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35809
MISC
netgear — d7800_devices Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 3.5 CVE-2020-35805
MISC
nopcommerce — store nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload. 2020-12-29 3.5 CVE-2020-29475
MISC
opencart — opencart OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger. 2020-12-29 3.5 CVE-2020-29471
MISC
opencart — opencart OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. 2020-12-29 3.5 CVE-2020-29470
MISC
panasonic — wv-s2231l Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order). 2020-12-28 2.1 CVE-2020-29193
MISC
MISC
rockwellautomation — factorytalk_linx An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. 2020-12-29 2.1 CVE-2020-5806
CONFIRM
techkshetrainfo — savsoft_quiz Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). 2020-12-26 3.5 CVE-2020-35349
MISC
zammad — zammad An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket. 2020-12-28 3.5 CVE-2020-26035
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aminocom — cpe_wan_management_protocol
 
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges. 2020-12-30 not yet calculated CVE-2020-10209
MISC
aminocom — entonewebengine Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges. 2020-12-30 not yet calculated CVE-2020-10208
MISC
aminocom — entonewebengine
 
Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings. 2020-12-29 not yet calculated CVE-2020-10207
MISC
aminocom — ssh_keys
 
Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH. 2020-12-29 not yet calculated CVE-2020-10210
MISC
aminocom — vncserver
 
Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device. 2020-12-30 not yet calculated CVE-2020-10206
MISC
arista — eos
 
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train. 2020-12-28 not yet calculated CVE-2020-24360
CONFIRM
arista — eos
 
In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train. 2020-12-28 not yet calculated CVE-2020-26569
CONFIRM
arista — eos
 
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train. 2020-12-28 not yet calculated CVE-2020-15898
CONFIRM
bolt — bolt
 
Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the “How to Harden Your PHP for Better Security” guidance. 2020-12-30 not yet calculated CVE-2020-28925
MISC
MISC
cbor — cbor
 
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. 2020-12-31 not yet calculated CVE-2019-25001
MISC
charging_limit_current_write  — charging_limit_current_write
 
In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability. 2020-12-31 not yet calculated CVE-2020-11832
MISC
cockpit-project.org — cockpit_234
 
** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states “I don’t think [it] is a big real-life issue.” 2020-12-30 not yet calculated CVE-2020-35850
MISC
MISC
d-link — dap-1650_devices
 
An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing. 2020-12-30 not yet calculated CVE-2019-12768
MISC
dotcms — dotcms
 
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user must be an authenticated manager in the dotCMS system to exploit this vulnerability. 2020-12-30 not yet calculated CVE-2020-27848
CONFIRM
MISC
draytek — vigot2960
 
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. 2020-12-31 not yet calculated CVE-2020-19664
MISC
MISC
dropbear — dropbear
 
Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. 2020-12-30 not yet calculated CVE-2019-12953
MISC
drupal — aes_encryption
 
The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2017-20001
MISC
drupal — kcfinder_integration
 
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2018-25002
MISC
MISC
MISC
drupal — rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2016-20002
MISC
drupal — rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2016-20001
MISC
drupal — rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2016-20008
MISC
drupal — rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2016-20003
MISC
drupal — rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2016-20004
MISC
drupal — rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2016-20005
MISC
drupal — rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2016-20006
MISC
drupal — rest/json
 
The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2016-20007
MISC
drupal — webform_report
 
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal’s security advisory policy. 2021-01-01 not yet calculated CVE-2019-25012
MISC
egavilanmedia — egavilanmedia EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Panel – Manage User tab using the Full Name of the user. This vulnerability can result in the attacker injecting the XSS payload in the User Registration section and each time admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie according to the crafted payload. 2020-12-30 not yet calculated CVE-2020-29230
MISC
MISC
egavilanmedia — egavilanmedia EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scripting (XSS) in the Admin Profile Page. This vulnerability can result in the attacker injecting the XSS payload in Admin Full Name and each time admin visits the Profile page from the admin panel, the XSS triggers. 2020-12-30 not yet calculated CVE-2020-29231
MISC
MISC
egavilanmedia — egavilanmedia
 
EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. 2020-12-30 not yet calculated CVE-2020-29228
MISC
MISC
electron — zonote
 
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). 2021-01-01 not yet calculated CVE-2020-35717
MISC
MISC
MISC
exponentcms — exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. 2020-12-31 not yet calculated CVE-2016-9023
MISC
MISC
exponentcms — exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in storeController.php. 2020-12-31 not yet calculated CVE-2016-9021
MISC
MISC
exponentcms — exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in usersController.php. 2020-12-31 not yet calculated CVE-2016-9022
MISC
MISC
exponentcms — exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. 2020-12-31 not yet calculated CVE-2016-9025
MISC
MISC
exponentcms — exponent_cms
 
Exponent CMS before 2.6.0 has improper input validation in fileController.php. 2020-12-31 not yet calculated CVE-2016-9026
MISC
MISC
foxitsoftware — foxit_reader
 
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update. 2020-12-31 not yet calculated CVE-2020-35931
MISC
golang — docker_engine
 
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. 2020-12-30 not yet calculated CVE-2020-27534
MISC
MISC
MISC
MISC
MISC
golang — go
 
In x/text in Go 1.15.4, an “index out of range” panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) 2021-01-02 not yet calculated CVE-2020-28851
MISC
golang — go
 
In x/text in Go 1.15.4, a “slice bounds out of range” panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) 2021-01-02 not yet calculated CVE-2020-28852
MISC
google — flatbuffers
 
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. 2020-12-31 not yet calculated CVE-2019-25004
MISC
google — flatbuffers
 
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks. 2020-12-31 not yet calculated CVE-2020-35864
MISC
green_packet — wimax_dv-360_devices
 
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980. 2020-12-31 not yet calculated CVE-2018-14067
MISC
gssproxy — gssproxy
 
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. 2020-12-31 not yet calculated CVE-2020-12658
MISC
MISC
MISC
hgiga — mailsherlock The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files. 2020-12-31 not yet calculated CVE-2020-25850
MISC
hgiga — mailsherlock
 
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. 2020-12-31 not yet calculated CVE-2020-35740
MISC
hgiga — mailsherlock
 
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. 2020-12-31 not yet calculated CVE-2020-35743
MISC
hgiga — mailsherlock
 
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. 2020-12-31 not yet calculated CVE-2020-35742
MISC
hgiga — mailsherlock
 
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks. 2020-12-31 not yet calculated CVE-2020-35741
MISC
hgiga — mailsherlock
 
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system. 2020-12-31 not yet calculated CVE-2020-35851
MISC
hgiga — mailsherlock
 
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. 2020-12-31 not yet calculated CVE-2020-25848
MISC
hyperium — http
 
An issue was discovered in the http crate before 0.1.20 for Rust. HeaderMap::reserve() has an integer overflow that allows attackers to cause a denial of service. 2020-12-31 not yet calculated CVE-2019-25008
MISC
hyperium — hyper
 
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface. 2020-12-31 not yet calculated CVE-2020-35863
MISC
invision_community — invision_community
 
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. 2020-12-30 not yet calculated CVE-2020-29477
MISC
MISC
italoantunes — vidyo
 
Vidyo 02-09-/D allows clickjacking via the portal/ URI. 2020-12-29 not yet calculated CVE-2020-35735
MISC
MISC
jira — xwiki
 
XWiki Platform before 12.8 mishandles escaping in the property displayer. 2020-12-31 not yet calculated CVE-2020-13654
MISC
CONFIRM
MISC
libsecp256k1 — libsecp256k1
 
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information. 2020-12-31 not yet calculated CVE-2019-25003
MISC
limesurvey — limesurvey LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. 2020-12-31 not yet calculated CVE-2020-25799
MISC
MISC
limesurvey — limesurvey
 
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser. 2020-12-31 not yet calculated CVE-2020-25797
MISC
MISC
linbit — csync2
 
An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. 2020-12-30 not yet calculated CVE-2019-15523
MISC
mantisbt — mantisbt
 
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter. 2020-12-30 not yet calculated CVE-2020-35849
MISC
mantisbt — mantisbt
 
In MantisBT 2.24.3, SQL Injection can occur in the parameter “access” of the mc_project_get_users function through the API SOAP. 2020-12-30 not yet calculated CVE-2020-28413
MISC
matrixssl — matrixssl
 
In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431. 2020-12-30 not yet calculated CVE-2019-16747
CONFIRM
MISC
CONFIRM
nayutaco — ptarmigan
 
Ptarmigan before 0.2.3 lacks API token validation, e.g., an “if (token === apiToken) {return true;} return false;” code block. 2020-12-30 not yet calculated CVE-2019-16281
MISC
MISC
MISC
netbox_community — netbox
 
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. 2020-12-31 not yet calculated CVE-2019-25011
MISC
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7960P before 1.4.1.50, R8000 before 1.0.4.52, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.1.12, RAX45 before 1.0.2.66, RAX50 before 1.0.2.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RS400 before 1.5.0.48, and XR300 before 1.0.3.50. 2020-12-30 not yet calculated CVE-2020-35798
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78. 2020-12-30 not yet calculated CVE-2020-35839
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35829
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35814
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35831
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35832
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35833
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, XR700 before 1.0.1.10, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, and RAX120 before 1.0.0.78. 2020-12-30 not yet calculated CVE-2020-35813
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JNR1010v2 before 1.1.0.62, JR6150 before 1.0.1.24, JWNR2010v5 before 1.1.0.62, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, WNR1000v4 before 1.1.0.62, WNR2020 before 1.1.0.62, and WNR2050 before 1.1.0.62. 2020-12-30 not yet calculated CVE-2020-35841
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35812
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.46, R6080 before 1.0.0.46, R6120 before 1.0.0.72, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6700v2 before 1.2.0.74, R6800 before 1.2.0.74, R6900v2 before 1.2.0.74, R7450 before 1.2.0.74, AC2100 before 1.2.0.74, AC2400 before 1.2.0.74, and AC2600 before 1.2.0.74. 2020-12-30 not yet calculated CVE-2020-35803
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35834
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35810
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.63, DM200 before 1.0.0.61, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.68, and WNR2000v5 before 1.0.0.66. 2020-12-30 not yet calculated CVE-2020-35808
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, and RAX120 before 1.0.0.78. 2020-12-30 not yet calculated CVE-2020-35836
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78. 2020-12-30 not yet calculated CVE-2020-35807
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, XR500 before 2.3.2.56, XR700 before 1.0.1.10, RAX120 before 1.0.0.78, and R7500v2 before 1.0.3.46. 2020-12-30 not yet calculated CVE-2020-35828
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, RAX120 before 1.0.0.78, RBK22 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and WN3000RPv2 before 1.0.0.78. 2020-12-30 not yet calculated CVE-2020-35806
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35818
MISC
netgear — multiple_devices
 
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. 2020-12-30 not yet calculated CVE-2020-35811
MISC
newgen — egov
 
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users’ profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference. 2020-12-30 not yet calculated CVE-2020-35737
MISC
nhiservisignadapter — nhiservisignadapter NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege. 2020-12-31 not yet calculated CVE-2020-25843
MISC
nhiservisignadapter — nhiservisignadapter The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege. 2020-12-31 not yet calculated CVE-2020-25844
MISC
nhiservisignadapter — nhiservisignadapter Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user’s credential. 2020-12-31 not yet calculated CVE-2020-25845
MISC
nhiservisignadapter — nhiservisignadapter The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user’s credential. 2020-12-31 not yet calculated CVE-2020-25846
MISC
nhiservisignadapter — nhiservisignadapter
 
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege. 2020-12-31 not yet calculated CVE-2020-25842
MISC
nokogiri — nokogiri
 
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4. 2020-12-30 not yet calculated CVE-2020-26247
MISC
MISC
CONFIRM
MISC
MISC
npmjs — parse_server
 
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package “parse-server”. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage. 2020-12-30 not yet calculated CVE-2020-26288
MISC
MISC
CONFIRM
MISC
npmjs — uri.js
 
URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (“) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example the URL `https://expected-example.com@observed-example.com` will incorrectly return `observed-example.com` if using an affected version. Patched versions correctly return `expected-example.com`. Patched versions match the behavior of other parsers which implement the WHATWG URL specification, including web browsers and Node’s built-in URL class. Version 1.19.4 is patched against all known payload variants. Version 1.19.3 has a partial patch but is still vulnerable to a payload variant.] 2020-12-31 not yet calculated CVE-2020-26291
MISC
MISC
CONFIRM
MISC
npmjs — vega
 
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim’s machine. This is fixed in version 5.17.3 2020-12-30 not yet calculated CVE-2020-26296
MISC
MISC
MISC
CONFIRM
MISC
nukeviet — nukeviet modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent). 2020-12-31 not yet calculated CVE-2019-7726
MISC
MISC
CONFIRM
MISC
nukeviet — nukeviet
 
includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP’s serialization format when JSON can be used to eliminate the risk). 2020-12-31 not yet calculated CVE-2019-7725
MISC
MISC
CONFIRM
CONFIRM
openemr — openemr
 
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. 2020-12-31 not yet calculated CVE-2018-16795
MISC
MISC
oppo_charger — sm8250_q_master
 
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. 2020-12-31 not yet calculated CVE-2020-11835
MISC
oppo_charger — sm8250_q_master
 
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. 2020-12-31 not yet calculated CVE-2020-11834
MISC
oppo_charger — sm8250_q_master
 
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability. 2020-12-31 not yet calculated CVE-2020-11833
MISC
plone — plone
 
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). 2020-12-30 not yet calculated CVE-2020-28735
CONFIRM
MISC
MISC
plone — plone
 
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. 2020-12-30 not yet calculated CVE-2020-28734
CONFIRM
MISC
MISC
plone — plone
 
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). 2020-12-30 not yet calculated CVE-2020-28736
CONFIRM
MISC
MISC
qdpm — qdpm
 
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. 2020-12-31 not yet calculated CVE-2020-26165
MISC
MISC
FULLDISC
qemu — qemu
 
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. 2020-12-31 not yet calculated CVE-2020-11947
MISC
qemu — qemu
 
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. 2020-12-31 not yet calculated CVE-2019-20808
MISC
MISC
qnap — qts
 
A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-available tools. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.1.1456 build 20201015 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.2.1379 build 20200730 (and later) 2020-12-31 not yet calculated CVE-2018-19941
MISC
qnap — qts
 
A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive information. QNAP have already fixed this vulnerability in the following versions: QTS 4.4.3.1354 build 20200702 (and later) 2020-12-31 not yet calculated CVE-2018-19944
MISC
qnap — qts
 
A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. 2020-12-31 not yet calculated CVE-2018-19945
MISC
rocket_chat — rocket_chat
 
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. 2020-12-30 not yet calculated CVE-2020-29594
MISC
MISC
rusqlite — rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module. 2020-12-31 not yet calculated CVE-2020-35867
MISC
MISC
rusqlite — rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification. 2020-12-31 not yet calculated CVE-2020-35868
MISC
MISC
rusqlite — rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. 2020-12-31 not yet calculated CVE-2020-35869
MISC
MISC
rusqlite — rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free. 2020-12-31 not yet calculated CVE-2020-35870
MISC
MISC
rusqlite — rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race. 2020-12-31 not yet calculated CVE-2020-35871
MISC
MISC
rusqlite — rusqlite An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type. 2020-12-31 not yet calculated CVE-2020-35872
MISC
MISC
rusqlite — rusqlite
 
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor. 2020-12-31 not yet calculated CVE-2020-35866
MISC
MISC
rust — http
 
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness. 2020-12-31 not yet calculated CVE-2019-25009
MISC
rust — rust An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. 2020-12-31 not yet calculated CVE-2020-35927
MISC
rust — rust
 
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question. 2020-12-31 not yet calculated CVE-2020-35903
MISC
rust — rust
 
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. 2020-12-31 not yet calculated CVE-2020-35904
MISC
rust — rust
 
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. 2020-12-31 not yet calculated CVE-2020-35922
MISC
rust — rust
 
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed. 2020-12-31 not yet calculated CVE-2020-35902
MISC
rust — rust
 
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream. 2020-12-31 not yet calculated CVE-2020-35901
MISC
rust — rust
 
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. 2020-12-31 not yet calculated CVE-2020-35899
MISC
rust — rust
 
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. 2020-12-31 not yet calculated CVE-2020-35898
MISC
rust — rust
 
An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race. 2020-12-31 not yet calculated CVE-2020-35897
MISC
rust — rust
 
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack. 2020-12-31 not yet calculated CVE-2020-35896
MISC
rust — rust
 
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync. 2020-12-31 not yet calculated CVE-2020-35928
MISC
rust — rust
 
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion. 2020-12-31 not yet calculated CVE-2020-35895
MISC
rust — rust
 
An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur. 2020-12-31 not yet calculated CVE-2020-35894
MISC
rust — rust
 
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. 2020-12-31 not yet calculated CVE-2020-35893
MISC
rust — rust
 
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. 2020-12-31 not yet calculated CVE-2020-35892
MISC
rust — rust
 
An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free. 2020-12-31 not yet calculated CVE-2020-35900
MISC
rust — rust
 
An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation. 2020-12-31 not yet calculated CVE-2020-35906
MISC
rust — rust
 
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code). 2020-12-31 not yet calculated CVE-2020-35905
MISC
rust — rust
 
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.) 2020-12-31 not yet calculated CVE-2020-35916
MISC
rust — rust
 
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type. 2020-12-31 not yet calculated CVE-2020-35924
MISC
rust — rust
 
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. 2020-12-31 not yet calculated CVE-2020-35925
MISC
rust — rust
 
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. 2020-12-31 not yet calculated CVE-2020-35921
MISC
rust — rust
 
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. 2020-12-31 not yet calculated CVE-2020-35926
MISC
rust — rust
 
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. 2020-12-31 not yet calculated CVE-2020-35920
MISC
rust — rust
 
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. 2020-12-31 not yet calculated CVE-2020-35919
MISC
rust — rust
 
An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic. 2020-12-31 not yet calculated CVE-2020-35918
MISC
MISC
rust — rust
 
An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. 2020-12-31 not yet calculated CVE-2020-35917
MISC
rust — rust
 
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. 2020-12-31 not yet calculated CVE-2020-35890
MISC
rust — rust
 
An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. 2020-12-31 not yet calculated CVE-2020-35923
MISC
rust — rust
 
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. 2020-12-31 not yet calculated CVE-2020-35915
MISC
rust — rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness. 2020-12-31 not yet calculated CVE-2020-35914
MISC
rust — rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness. 2020-12-31 not yet calculated CVE-2020-35913
MISC
rust — rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness. 2020-12-31 not yet calculated CVE-2020-35912
MISC
rust — rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness. 2020-12-31 not yet calculated CVE-2020-35911
MISC
rust — rust
 
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. 2020-12-31 not yet calculated CVE-2020-35910
MISC
rust — rust
 
An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server. 2020-12-31 not yet calculated CVE-2020-35909
MISC
rust — rust
 
An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled. 2020-12-31 not yet calculated CVE-2020-35908
MISC
rust — rust
 
An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference. 2020-12-31 not yet calculated CVE-2020-35907
MISC
rust — rust
 
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free. 2020-12-31 not yet calculated CVE-2020-35891
MISC
rust — rust
 
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. 2020-12-31 not yet calculated CVE-2020-35883
MISC
rust — rust
 
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike. 2020-12-31 not yet calculated CVE-2020-35889
MISC
rust — rust
 
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly. 2020-12-31 not yet calculated CVE-2020-35875
MISC
rust — rust
 
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. 2020-12-31 not yet calculated CVE-2020-35888
MISC
rust — rust
 
An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free. 2020-12-31 not yet calculated CVE-2018-25001
MISC
rust — rust
 
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption. 2020-12-31 not yet calculated CVE-2020-35857
MISC
rust — rust
 
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM). 2020-12-31 not yet calculated CVE-2020-35858
MISC
rust — rust
 
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. 2020-12-31 not yet calculated CVE-2020-35859
MISC
rust — rust
 
An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code. 2020-12-31 not yet calculated CVE-2020-35860
MISC
rust — rust
 
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys. 2020-12-31 not yet calculated CVE-2020-35861
MISC
rust — rust
 
An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. 2020-12-31 not yet calculated CVE-2020-35862
MISC
rust — rust
 
An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. It has false expectations about char::from_u32_unchecked behavior. 2020-12-31 not yet calculated CVE-2020-35865
MISC
rust — rust
 
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free. 2020-12-31 not yet calculated CVE-2020-35874
MISC
rust — rust
 
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden. 2020-12-31 not yet calculated CVE-2019-25010
MISC
MISC
rust — rust
 
An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race. 2020-12-31 not yet calculated CVE-2020-35876
MISC
rust — rust
 
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. 2020-12-31 not yet calculated CVE-2020-35878
MISC
rust — rust
 
An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. 2020-12-31 not yet calculated CVE-2020-35879
MISC
rust — rust
 
An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation. 2020-12-31 not yet calculated CVE-2020-35880
MISC
rust — rust
 
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x. 2020-12-31 not yet calculated CVE-2020-35881
MISC
rust — rust
 
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race. 2020-12-31 not yet calculated CVE-2020-35882
MISC
rust — rust
 
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. 2020-12-31 not yet calculated CVE-2020-35884
MISC
rust — rust
 
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. 2020-12-31 not yet calculated CVE-2020-35885
MISC
rust — rust
 
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. 2020-12-31 not yet calculated CVE-2020-35886
MISC
rust — rust
 
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access. 2020-12-31 not yet calculated CVE-2020-35877
MISC
rust — rust
 
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut. 2020-12-31 not yet calculated CVE-2020-35887
MISC
rustcrypto — chacha20
 
An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext. 2020-12-31 not yet calculated CVE-2019-25005
MISC
rustcrypto — hashes
 
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic. 2020-12-31 not yet calculated CVE-2019-25007
MISC
rustcrypto — hashes
 
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer. 2020-12-31 not yet calculated CVE-2019-25006
MISC
sentrifugo — sentrifugo
 
** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2020-12-30 not yet calculated CVE-2020-28365
MISC
MISC
seopanel — seopanel
 
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. 2020-12-31 not yet calculated CVE-2020-35930
MISC
seopanel — seopanel
 
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. 2021-01-01 not yet calculated CVE-2021-3002
MISC
MISC
smsecgroup — sm-vul
 
An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack. 2020-12-30 not yet calculated CVE-2019-15080
MISC
MISC
smsecgroup — sm-vul
 
A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free. 2020-12-30 not yet calculated CVE-2019-15079
MISC
smsecgroup — sm-vul
 
An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free. 2020-12-30 not yet calculated CVE-2019-15078
MISC
sodiumoxide — sodiumoxide
 
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties. 2020-12-31 not yet calculated CVE-2019-25002
MISC
sysdream — usvn
 
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069. 2020-12-31 not yet calculated CVE-2020-17363
MISC
team_amaze — amaze_file_manager
 
The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). 2020-12-30 not yet calculated CVE-2020-35173
MISC
CONFIRM
MISC
tenda — ac1200
 
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. 2020-12-30 not yet calculated CVE-2020-28095
MISC
tenda — n300
 
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device’s HTTP response behavior. 2021-01-01 not yet calculated CVE-2020-35391
MISC
umbraco — umbraco A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload. 2020-12-30 not yet calculated CVE-2020-5810
MISC
umbraco — umbraco A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS. 2020-12-30 not yet calculated CVE-2020-5809
MISC
umbraco — umbraco
 
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. 2020-12-30 not yet calculated CVE-2020-5811
MISC
webswing — jslink
 
JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. 2020-12-30 not yet calculated CVE-2020-11103
CONFIRM
CONFIRM
wondercms — wondercms
 
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vulnerability can allow an attacker to inject the XSS payload in the Page description and each time any user will visits the website, the XSS triggers and attacker can steal the cookie according to the crafted payload. 2020-12-30 not yet calculated CVE-2020-29233
MISC
wondercms — wondercms
 
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting – Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the crafted payload. 2020-12-30 not yet calculated CVE-2020-29469
MISC
wordpress — wordpress The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin). 2021-01-01 not yet calculated CVE-2020-35934
MISC
wordpress — wordpress The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) 2021-01-01 not yet calculated CVE-2020-35935
MISC
wordpress — wordpress An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). 2021-01-01 not yet calculated CVE-2020-35951
MISC
MISC
wordpress — wordpress An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). 2021-01-01 not yet calculated CVE-2020-35950
MISC
MISC
wordpress — wordpress An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file. 2021-01-01 not yet calculated CVE-2020-35949
MISC
MISC
wordpress — wordpress An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump. 2021-01-01 not yet calculated CVE-2020-35948
MISC
MISC
wordpress — wordpress An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur. 2021-01-01 not yet calculated CVE-2020-35947
MISC
MISC
wordpress — wordpress An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS. 2021-01-01 not yet calculated CVE-2020-35946
MISC
MISC
wordpress — wordpress An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side. 2021-01-01 not yet calculated CVE-2020-35945
MISC
MISC
wordpress — wordpress An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. 2021-01-01 not yet calculated CVE-2020-35944
MISC
MISC
wordpress — wordpress PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. 2021-01-01 not yet calculated CVE-2020-35939
MISC
wordpress — wordpress PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. 2021-01-01 not yet calculated CVE-2020-35938
MISC
wordpress — wordpress Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to team_import_xml_layouts. 2021-01-01 not yet calculated CVE-2020-35937
MISC
wordpress — wordpress Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. 2021-01-01 not yet calculated CVE-2020-35936
MISC
wordpress — wordpress
 
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes. 2021-01-01 not yet calculated CVE-2020-35932
MISC
wordpress — wordpress
 
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. 2021-01-01 not yet calculated CVE-2020-35933
MISC
zyxel — zyxel
 
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4. 2020-12-27 not yet calculated CVE-2020-29299
MISC
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Posted by

in