Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22178 | 1 Gitlab | 1 Gitlab | 2021-03-26 | 4.0 MEDIUM | 5.0 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration. | |||||
| CVE-2021-22176 | 1 Gitlab | 1 Gitlab | 2021-03-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests | |||||
| CVE-2021-22193 | 1 Gitlab | 1 Gitlab | 2021-03-26 | 3.5 LOW | 3.5 LOW |
| An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project. | |||||
| CVE-2021-22192 | 1 Gitlab | 1 Gitlab | 2021-03-26 | 6.5 MEDIUM | 8.8 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | |||||
| CVE-2021-22186 | 1 Gitlab | 1 Gitlab | 2021-03-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners | |||||
| CVE-2020-7853 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2021-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| An outbound read/write vulnerability exists in XPLATFORM that does not check offset input ranges, allowing out-of-range data to be read. An attacker can exploit arbitrary code execution. | |||||
| CVE-2020-27869 | 1 Solarwinds | 1 Network Performance Monitor | 2021-03-26 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804. | |||||
| CVE-2020-27870 | 1 Solarwinds | 1 Orion Platform | 2021-03-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1. Authentication is required to exploit this vulnerability. The specific flaw exists within ExportToPDF.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11917. | |||||
| CVE-2020-10648 | 2 Denx, Opensuse | 2 U-boot, Leap | 2021-03-26 | 6.8 MEDIUM | 7.8 HIGH |
| Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. | |||||
| CVE-2020-17489 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Gnome-shell and 1 more | 2021-03-26 | 1.9 LOW | 4.3 MEDIUM |
| An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | |||||
| CVE-2021-28963 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2021-03-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. | |||||
| CVE-2021-29069 | 1 Netgear | 6 Wnr2000v5, Wnr2000v5 Firmware, Xr450 and 3 more | 2021-03-26 | 5.2 MEDIUM | 8.4 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76. | |||||
| CVE-2021-29076 | 1 Netgear | 10 Rbk852, Rbk852 Firmware, Rbk853 and 7 more | 2021-03-26 | 5.8 MEDIUM | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-28154 | 1 Camunda | 1 Modeler | 2021-03-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it does not allow any remote scripts to be opened, no unsafe scripts to be evaluated, no remote sites to be browsed." | |||||
| CVE-2021-28133 | 1 Zoom | 1 Zoom | 2021-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue. | |||||
| CVE-2020-14516 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2021-03-26 | 7.5 HIGH | 10.0 CRITICAL |
| In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00, there is an issue with the implementation of the SHA-256 hashing algorithm with FactoryTalk Services Platform that prevents the user password from being hashed properly. | |||||
| CVE-2020-7021 | 1 Elastic | 1 Elasticsearch | 2021-03-26 | 4.0 MEDIUM | 4.9 MEDIUM |
| Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details. | |||||
| CVE-2020-27860 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-03-26 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA templates. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11727. | |||||
| CVE-2020-28501 | 1 Crawlerdetect Project | 1 Crawlerdetect | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators. | |||||
| CVE-2020-25645 | 5 Canonical, Debian, Linux and 2 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2021-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-25066 | 1 Treck | 1 Tcp\/ip | 2021-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code. | |||||
| CVE-2021-23360 | 1 Killport Project | 1 Killport | 2021-03-26 | 6.5 MEDIUM | 8.8 HIGH |
| This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | |||||
| CVE-2021-27221 | 1 Mikrotik | 1 Routeros | 2021-03-26 | 8.5 HIGH | 8.1 HIGH |
| ** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc files via the /export command. NOTE: the vendor's position is that this is intended behavior because of how user policies work. | |||||
| CVE-2020-11986 | 1 Apache | 1 Netbeans | 2021-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user. | |||||
| CVE-2020-27764 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-25 | 4.3 MEDIUM | 3.3 LOW |
| In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. | |||||
| CVE-2020-27754 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-25 | 4.3 MEDIUM | 3.3 LOW |
| In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69. | |||||
| CVE-2021-21390 | 1 Minio | 1 Minio | 2021-03-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021-03-17T02-33-02Z. As a workaround one can avoid using "aws-chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS. | |||||
| CVE-2021-26069 | 1 Atlassian | 2 Data Center, Jira | 2021-03-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary files and enumerate project keys via an Information Disclosure vulnerability in the /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | |||||
| CVE-2019-3867 | 1 Redhat | 1 Quay | 2021-03-25 | 4.4 MEDIUM | 4.1 MEDIUM |
| A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue. | |||||
| CVE-2021-21437 | 1 Otrs | 2 Itsmconfigurationmanagement, Otrscisincustomerfrontend | 2021-03-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Agents are able to see linked Config Items without permissions, which are defined in General Catalog. This issue affects: OTRSCIsInCustomerFrontend 7.0.15 and prior versions, ITSMConfigurationManagement 7.0.24 and prior versions | |||||
| CVE-2019-14851 | 1 Nbdkit Project | 1 Nbdkit | 2021-03-25 | 3.5 LOW | 6.5 MEDIUM |
| A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1. | |||||
| CVE-2021-21438 | 1 Otrs | 2 Faq, Otrs | 2021-03-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions. | |||||
| CVE-2020-27768 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-25 | 4.3 MEDIUM | 3.3 LOW |
| In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2021-21387 | 1 Wrongthink | 1 Wrongthink | 2021-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key was disclosed by the fingerprint used for connection. Additionally, the safety number was improperly calculated. It was computed using part of one of the public identity keys instead of being derived from both public identity keys. This caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0. | |||||
| CVE-2011-1829 | 2 Canonical, Debian | 2 Ubuntu Linux, Advanced Package Tool | 2021-03-25 | 4.3 MEDIUM | N/A |
| APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message. | |||||
| CVE-2020-17457 | 1 Fujitsu | 1 Serverview Remote Management | 2021-03-25 | 3.5 LOW | 5.4 MEDIUM |
| Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages. | |||||
| CVE-2021-26578 | 1 Hpe | 1 Network Orchestrator | 2021-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in HPE Network Orchestrator (NetO) version(s): Prior to 2.5. The vulnerability could be remotely exploited with SQL injection. | |||||
| CVE-2019-10196 | 3 Fedoraproject, Http-proxy-agent Project, Redhat | 4 Fedora, Http-proxy-agent, Enterprise Linux and 1 more | 2021-03-25 | 9.0 HIGH | 9.8 CRITICAL |
| A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. | |||||
| CVE-2020-27864 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2021-03-25 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the Authorization request header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10880. | |||||
| CVE-2020-27865 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2021-03-25 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uhttpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the device. Was ZDI-CAN-10894. | |||||
| CVE-2021-3327 | 1 Ovation | 1 Dynamic Content | 2021-03-25 | 3.5 LOW | 5.4 MEDIUM |
| Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. | |||||
| CVE-2021-3410 | 2 Debian, Libcaca Project | 2 Debian Linux, Libcaca | 2021-03-25 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | |||||
| CVE-2020-7200 | 1 Hp | 1 Systems Insight Manager | 2021-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. | |||||
| CVE-2021-20246 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 4 Debian Linux, Fedora, Imagemagick and 1 more | 2021-03-25 | 7.1 HIGH | 5.5 MEDIUM |
| A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20244 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 4 Debian Linux, Fedora, Imagemagick and 1 more | 2021-03-25 | 7.1 HIGH | 5.5 MEDIUM |
| A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-20218 | 1 Redhat | 9 A-mq Online, Build Of Quarkus, Codeready Studio and 6 more | 2021-03-25 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 | |||||
| CVE-2021-22665 | 1 Rockwellautomation | 2 Drivetools Add-on Profiles, Drivetools Sp | 2021-03-25 | 7.2 HIGH | 7.8 HIGH |
| Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vulnerability that a local attacker with limited privileges may be able to exploit resulting in privilege escalation and complete control of the system. | |||||
| CVE-2021-21315 | 2 Apache, Systeminformation | 2 Cordova, Systeminformation | 2021-03-25 | 4.6 MEDIUM | 7.8 HIGH |
| The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected. | |||||
| CVE-2021-20241 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2021-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-27530 | 1 Dynpg | 1 Dynpg | 2021-03-25 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. | |||||