Weekly Vulnerabilities Reports > January 18 to 24, 2021

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.

Hyweb HyCMS-J1's API fail to filter POST request parameters.

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device.

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system.

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system.

A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device.

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system.

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack.

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent.

This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1.

IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection.

This affects the package @graphql-tools/git-loader before 6.2.6.

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification.

OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.

Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.

This affects the package fastify-csrf before 3.0.0.

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.

HGiga EIP product contains SQL Injection vulnerability.

A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product.

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery.

D-Link DCS-5220 devices have a buffer overflow.

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.

A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system.

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device.

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.

A flaw was found in the X.Org Server before version 1.20.10.

IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands.

IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability.

SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file.

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11.

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11.

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11.

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11.

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12.

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12.

IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources.

Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side.

Divide by zero issue can happen while updating delta extension header due to improper validation of master SN and extension header SN in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Out of bound memory access while processing frames due to lack of check of invalid frames received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device.

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5.

Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication.

Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile.

The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function.

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices.

A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack.

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

OpenMage is a community-driven alternative to Magento CE.

OpenMage is a community-driven alternative to Magento CE.

OpenMage is a community-driven alternative to Magento CE.

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device.

Arbitrary read and write to kernel addresses by temporarily overwriting ring buffer pointer and creating a race condition.

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.

A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Out of bound access due to usage of an out-of-range pointer offset in the camera driver.

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass.

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets.

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.

PySAML2 is a pure python implementation of SAML Version 2 Standard.

IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system.

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices.

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system.

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server.

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy.

Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could allow an authenticated but unauthorized attacker to overwrite arbitrary data when VMware vStorage support is enabled.

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups).

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS.

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature.

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

HedgeDoc is open source software which lets you create real-time collaborative markdown notes.

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface.

Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS.

Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.

Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage() event is not validated.

MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.

MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp.

MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.

Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.

OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation.

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924).

Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26.

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.

SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).

OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent.

Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system.

A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted.

IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory.

IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system.

Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files.

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting

Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini.

Hyweb HyCMS-J1 backend editing function does not filter special characters.

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface.

A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page.

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface.

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field.

Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers.

SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.

OnlineVotingSystem is an open source project hosted on GitHub.

A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service.

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device.

Laravel is a web application framework.

IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy.

An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT.

Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory.

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device.

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form.

Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS.

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device.

IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies.

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access.

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility.

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration.

A flaw was found in dnsmasq before version 2.83.