Weekly Vulnerabilities Reports > February 8 to 14, 2021

DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade.

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 firmware version 1.04B03 WiFi extenders.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability.

On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic with APM, TMM consumes excessive memory.

Adobe Illustrator version 25.1 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a crafted file.

A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image.

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016.

In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent.

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA Portal (V15, V15.1 and V16).

ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.

LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers.

config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used.

LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp.

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

An issue was discovered in OpenZFS through 2.0.3.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system.

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development.

An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability.

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

A vulnerability was found in openvswitch.

The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.

A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107.

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console.

An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content.

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.

In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.

An issue was discovered in the xcb crate through 2021-02-04 for Rust.

An issue was discovered in the xcb crate through 2021-02-04 for Rust.

An issue was discovered in the xcb crate through 2021-02-04 for Rust.

An issue was discovered in the calamine crate before 0.17.0 for Rust.

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability.

A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive.

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications.

This affects all versions of package macfromip.

This affects all versions of package node-ps.

This affects all versions of package spritesheet-js.

The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.

An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)

PhpOK 5.4.137 contains a SQL injection vulnerability that can inject an attachment data through SQL, and then call the attachment replacement function through api.php to write a PHP file to the target path.

College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.

The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.

In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata.

In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains.

In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free.

In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking.

In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check.

In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check.

In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities.

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability.

A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1).

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function.

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function.

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory.

A flaw was found in podman before 1.7.0.

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting.

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value.

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack.

Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local attacker to perform OS-level privilege escalation via a crafted file.

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.

Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.1.35811.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability.

hyper is an open-source HTTP library for Rust (crates.io).

IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18.

A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856).

An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856).

An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8.

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow.

A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8.

An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8.

An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8.

In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution.

In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow.

A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files.

The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.

This vulnerability allows local attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type-confusion condition in the Omron CX-One Version 4.60 and prior devices.

Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA.

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files.

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files.

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter.

NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter.

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow.

vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.

Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack.

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection.

An issue was discovered in the xcb crate through 2021-02-04 for Rust.

Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code.

Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.

Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.

Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g.

Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g.

A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.

Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors.

Adminer is an open-source database management in a single PHP file.

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.

IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request.

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.

Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service.

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability.

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce).

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction link, after enumerating certain files, at a specific time.

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level.

An issue was discovered in SmartFoxServer 2.17.0.

On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks.

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627.

ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DVA-2800 and DSL-2888A routers.

SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents.

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

ftp-srv is an open-source FTP server designed to be simple yet configurable.

SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.

A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2).

A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2.

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value.

A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface.

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

A stored XSS issue exists in henriquedornas 5.2.17 via online live chat.

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.

Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module.

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user.

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5).

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is granted the admin role.

On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code and a malicious server may cause TMM to restart and generate a core file.

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process.

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x versions, JSON parser function does not protect against out-of-bounds memory accesses or writes.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.

The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.

Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request.

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input.

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack.

A null pointer dereference in Teradici PCoIP Soft Client versions prior to 20.07.3 could allow an attacker to crash the software.

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized activities due to improper encoding of output.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a denial of service due to an invalid cookie value that could prevent future logins.

All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure.

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

An issue was discovered on FiberHome HG6245D devices through RP2613.

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto.

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption.

An integer overflow has been found in the the latest version of Issuer.

An integer underflow has been found in the latest version of ZCFees.

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions.

An issue was discovered in the qwutils crate before 0.3.1 for Rust.

An issue was discovered in the postscript crate before 0.14.0 for Rust.

An issue was discovered in the ms3d crate before 0.1.3 for Rust.

Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs.

Deleting users with certain names caused system files to be deleted.

In util/session/sessionmanager.go in Argo CD before 1.8.4, tokens continue to work even when the user account is disabled.

IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session.

An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability.

Marked is an open-source markdown parser and compiler (npm package "marked").

picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.

httplib2 is a comprehensive HTTP client library for Python.

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module.

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module.

Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module.

Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module.

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user on the system due to incorrectly updating the session identifier.

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1.

For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster.

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability.

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability.

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability.

A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2).

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14.

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system call which is not handled correctly.

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed.

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used).

On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user.

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel (TMM) may restart on the BIG-IP system while passing large bursts of traffic.

Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector.

Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector.

Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector.

Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors.

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL.

Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.

Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL.

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications.

Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability.

Wire is an open-source collaboration platform.

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials.

PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser.

In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free.

Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress.

Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.

Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).

The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints.

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload.

Adminer through 4.7.8 allows XSS via the history parameter to the default URI.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a crafted HTML page.

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.

The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields.

In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter.

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.

Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface.

TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.

NeDi 1.9C allows an authenticated user to perform a SQL Injection in the Monitoring History function on the endpoint /Monitoring-History.php via the det HTTP GET parameter.

A flaw was found in Keycloak 7.0.1.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of SolarWinds Orion Platform 2020.2.1.

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating.

Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled.

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key.

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications.

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user.

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files.

Agents are able to see and link Config Items without permissions, which are defined in General Catalog.

When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information.

In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster.

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2).

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL.

IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques.

A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available.

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter.

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting.

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity.

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting.

An XSS issue was discovered in SmartFoxServer 2.17.0.

When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues.

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php.

A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS.

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e.

Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers.

A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3).

IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable.

Username enumeration in present in Tufin SecureTrack.

Fleet is an open source osquery manager.

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic.

Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA.

An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier in a specific web form, which allowed an attacker with knowledge of both a machineID and user GUID to modify data if a user clicked a malicious link.

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users).

IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key.

Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.

Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.

Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure.

Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.

A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection.

A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key.

Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue.

An issue was discovered in SmartFoxServer 2.17.0.

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1).

A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2).

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2).

IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials.

Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vulnerability that could allow HTTP clients to cache sensitive responses making them accessible to an attacker who has access to the system where the client runs.

Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation.