Weekly Vulnerabilities Reports > June 15 to 21, 2020

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.

An issue was discovered in adns before 1.5.2.

A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device.

A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3.

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable.

Certain NETGEAR devices are affected by command injection by an authenticated user.

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system.

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request.

A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.

An issue was discovered in Mattermost Server before 3.6.2.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.

An issue was discovered in Mattermost Server before 3.0.0.

An issue was discovered in Mattermost Desktop App before 3.4.0.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

An issue was discovered in Mattermost Server before 5.8.0.

An issue was discovered in Mattermost Server before 5.2 and 5.1.1.

An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS.

An issue was discovered in Mattermost Packages before 5.16.3.

An issue was discovered in Mattermost Desktop App before 4.4.0.

In mversion before 2.0.0, there is a command injection vulnerability.

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.

An issue was discovered in adns before 1.5.2.

An issue was discovered in adns before 1.5.2.

An issue was discovered in adns before 1.5.2.

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory.

An issue was discovered in LibVNCServer before 0.9.13.

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

An issue was discovered in LibVNCServer before 0.9.13.

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.

The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.

A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions).

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts.

In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr".

Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it.

This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable.

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0.

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0.

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page.

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked.

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.

Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files.

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter.

I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory.

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions.

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming.

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10.

An issue was discovered in Mattermost Desktop App before 4.2.2.

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7.

Certain NETGEAR devices are affected by CSRF.

In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability.

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP.

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file.

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430.

The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2.

An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2.

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7.

A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

An exposure of sensitive information flaw was found in Ansible version 3.7.0.

A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.

By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx.

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

An issue was discovered in Mattermost Server before 3.0.2.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider.

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.

A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.

Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3.

An issue was discovered in LibVNCServer before 0.9.13.

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.

Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent.

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server.

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system.

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).

An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0.

Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information.

Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt.

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 .

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server.

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3.

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

An issue was discovered in Mattermost Desktop App before 4.4.0.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.

The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions.

A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability.

In OMERO before 5.6.1, group owners can access members' data in other groups.

An issue was discovered in LibVNCServer before 0.9.13.

An issue was discovered in LibVNCServer before 0.9.13.

An issue was discovered in LibVNCServer before 0.9.13.

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable.

GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash).

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0.

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0.

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4.

In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin.

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection.

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Certain NETGEAR devices are affected by command injection by an authenticated user.

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification

An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.

An issue was discovered in Mattermost Server before 3.0.0.

An issue was discovered in Mattermost Server before 3.0.0.

An issue was discovered in Mattermost Server before 3.2.0.

An issue was discovered in Mattermost Server before 3.2.0.

An issue was discovered in Mattermost Server before 3.2.0.

An issue was discovered in Mattermost Server before 3.2.0.

An issue was discovered in Mattermost Server before 3.5.1.

An issue was discovered in Mattermost Server before 1.2.0.

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3.

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5.

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5.

An issue was discovered in Mattermost Server before 5.8.0.

An issue was discovered in Mattermost Server before 5.8.0.

An issue was discovered in Mattermost Server before 5.8.0.

An issue was discovered in Mattermost Server before 5.8.0.

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

An issue was discovered in Mattermost Desktop App before 4.0.0.

An issue was discovered in Mattermost Server before 4.7.3.

An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2.

An issue was discovered in Mattermost Server before 5.1.

An issue was discovered in Mattermost Server before 5.1.

An issue was discovered in Mattermost Server before 5.4.0.

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9.

An issue was discovered in Mattermost Server before 5.11.0.

An issue was discovered in Mattermost Server before 5.11.0.

An issue was discovered in Mattermost Server before 5.12.0.

An issue was discovered in Mattermost Plugins before 5.13.0.

An issue was discovered in Mattermost Server before 5.13.0.

An issue was discovered in Mattermost Server before 5.13.0.

An issue was discovered in Mattermost Server before 5.15.0.

An issue was discovered in Mattermost Server before 5.15.0.

An issue was discovered in Mattermost Server before 5.16.0.

An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6.

An issue was discovered in Mattermost Server before 5.17.0.

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

An issue was discovered in Mattermost Server before 5.19.0.

An issue was discovered in Mattermost Server before 5.19.0.

An issue was discovered in Mattermost Server before 5.20.0.

An issue was discovered in Mattermost Server before 5.21.0.

An issue was discovered in Mattermost Server before 5.21.0.

An issue was discovered in Mattermost Mobile Apps before 1.29.0.

An issue was discovered in Mattermost Server before 5.22.0.

An issue was discovered in Mattermost Server before 5.23.0.

An issue was discovered in Mattermost Server before 5.23.0.

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

An issue was discovered in Mattermost Server before 5.18.0.

An issue was discovered in Mattermost Server before 5.18.0.

An issue was discovered in Mattermost Server before 5.18.0.

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7.

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5.

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm.

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device.

A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface.

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device.

A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts.

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device.

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms.

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions.

In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.

OMERO before 5.6.1 makes the details of each user available to all users.

An issue was discovered in LibVNCServer before 0.9.13.

An issue was discovered in LibVNCServer before 0.9.13.

An issue was discovered in LibVNCServer before 0.9.13.

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.

The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.

A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.

A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.

A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.

A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.

A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller.

OX App Suite through 7.10.3 has Improper Input Validation.

IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic.

Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality.

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0.

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable.

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210.

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /..

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources.

Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used.

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered.

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens).

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824.

A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device.

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability.

ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check.

On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow.

VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries.

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.

HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability.

Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.

Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.

Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464.

An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.

An issue was discovered in Mattermost Server before 2.1.0.

An issue was discovered in Mattermost Server before 2.2.0.

An issue was discovered in Mattermost Server before 2.2.0.

An issue was discovered in Mattermost Server before 3.0.0.

An issue was discovered in Mattermost Server before 3.0.0.

An issue was discovered in Mattermost Server before 3.1.0.

An issue was discovered in Mattermost Server before 3.5.1.

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used.

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4.

An issue was discovered in Mattermost Server before 5.3.0.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4.

An issue was discovered in Mattermost Desktop App before 4.4.0.

An issue was discovered in Mattermost Mobile Apps before 1.30.0.

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7.

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

An issue was discovered in Agentejo Cockpit 0.10.2.

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection.

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee.

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4.

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4.

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507.

OX Guard 2.10.3 and earlier allows XSS.

The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition.

In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5.

An issue was discovered in Mattermost Server before 2.2.0.

An issue was discovered in Mattermost Server before 3.0.0.

An issue was discovered in Mattermost Server before 3.0.0.

An issue was discovered in Mattermost Server before 3.0.0.

An issue was discovered in Mattermost Server before 3.3.0.

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

An issue was discovered in Mattermost Server before 5.1.

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3.

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation.

An issue was discovered in Mattermost Server before 5.7.

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6.

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3.

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3.

An issue was discovered in Mattermost Server before 5.1.

An issue was discovered in Mattermost Server before 5.1.

An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used.

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used.

In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

An issue was discovered in Mattermost Server before 5.10.0.

An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8.

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device.

An issue was discovered in LibVNCServer before 0.9.13.

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.

OX App Suite through 7.10.3 allows SSRF.

OX App Suite through 7.10.3 allows XXE attacks.

IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting.

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability.

OX Guard 2.10.3 and earlier allows SSRF.

Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification.

FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability.

A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3.

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system.

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.

Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.

An issue was discovered in Mattermost Server before 3.1.0.

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3.

Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.

An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only.

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4.

IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting.

IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting.

IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting.

CALDERA 2.7.0 allows XSS via the Operation Name box.

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.

OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters.

OX App Suite through 7.10.3 allows XSS.

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim.

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO.

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

Certain NETGEAR devices are affected by disclosure of administrative credentials.

HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability.

The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.

The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.

The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.

The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.

The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.

VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation.

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability.

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system.

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.

Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.