Weekly Vulnerabilities Reports > March 29 to April 4, 2021

A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrator user to browse a URL controlled by an attacker.

A memory corruption issue was addressed with improved validation.

An out-of-bounds read was addressed with improved bounds checking.

A type confusion issue was addressed with improved state handling.

A use after free issue was addressed with improved memory management.

A validation issue was addressed with improved input sanitization.

An authentication issue was addressed with improved state management.

A use after free issue was addressed with improved memory management.

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25.

In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint.

A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own.

On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page.

The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted workspace folder.

This affects the package portprocesses before 1.0.5.

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.

Mozilla developers reported memory safety bugs present in Firefox 86.

Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8.

An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8.

An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8.

Potential for arbitrary code execution in npm package @thi.ng/egf `#gpg`-tagged property values (only if `decrypt: true` option is enabled).

This affects the package kill-by-port before 0.0.2.

A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and earlier allows attackers to build a project with attacker-specified parameters.

Apache Druid allows users to read data from other database systems using JDBC.

An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B.

Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B, via all fields to WebUI.

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26.

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919.

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers.

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below.

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26.

The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with the ring 0 privilege) to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM (issue 3 of 3).

An issue was discovered in Devolutions Server before 2020.3.

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp.

A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash.

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below.

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers.

An out-of-bounds write was addressed with improved input validation.

A logic issue was addressed with improved state management.

This issue was addressed with improved checks.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved bounds checking.

Multiple issues were addressed with improved logic.

An out-of-bounds read was addressed with improved input validation.

An access issue was addressed with improved memory management.

A logic error in kext loading was addressed with improved state handling.

This issue was addressed with improved checks.

An out-of-bounds write issue was addressed with improved bounds checking.

This issue was addressed by removing the vulnerable code.

This issue was addressed with improved checks.

A stack overflow was addressed with improved input validation.

An out-of-bounds read was addressed with improved bounds checking.

This issue was addressed with improved checks.

A buffer overflow was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved bounds checking.

This issue was addressed with improved checks.

A logic issue was addressed with improved state management.

Multiple issues were addressed with improved logic.

An out-of-bounds write was addressed with improved input validation.

This issue was addressed with improved checks.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds write was addressed with improved input validation.

An out-of-bounds read was addressed with improved bounds checking.

This issue was addressed with improved checks.

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds write was addressed with improved input validation.

An out-of-bounds write was addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

A use after free issue was addressed with improved memory management.

A logic issue was addressed with improved validation.

Multiple memory corruption issues were addressed with improved input validation.

A buffer overflow was addressed with improved size validation.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds write issue was addressed with improved bounds checking.

A use after free issue was addressed with improved memory management.

This issue was addressed with improved checks.

A memory corruption issue existed in the processing of font files.

This issue was addressed with improved entitlements.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

A memory corruption issue was addressed with improved input validation.

This issue was addressed with improved checks.

An out-of-bounds write issue was addressed with improved bounds checking.

An out-of-bounds write issue was addressed with improved bounds checking.

An out-of-bounds write was addressed with improved input validation.

This issue was addressed with improved checks.

An out-of-bounds write issue was addressed with improved bounds checking.

A memory corruption issue was addressed with improved input validation.

An integer overflow was addressed with improved input validation.

A memory corruption issue existed in the processing of font files.

A memory corruption issue existed in the processing of font files.

A validation issue was addressed with improved logic.

This issue was addressed with improved checks.

A logic issue was addressed with improved state management.

A memory corruption issue was addressed with improved input validation.

A memory corruption issue existed in the processing of font files.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds write was addressed with improved input validation.

A logic issue was addressed with improved state management.

An out-of-bounds write was addressed with improved input validation.

A memory corruption issue was addressed with improved input validation.

A memory corruption issue was addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

A memory corruption issue was addressed with improved memory handling.

A use after free issue was addressed with improved memory management.

An out-of-bounds write issue was addressed with improved bounds checking.

An out-of-bounds write issue was addressed with improved bounds checking.

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.

vscode-stripe is an extension for Visual Studio Code.

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system

A memory buffer error vulnerability exists in a component interface of Huawei Smartphone.

An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8.

Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1.

NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method.

This issue was addressed with improved checks.

A use after free issue was addressed with improved memory management.

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6.

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.

An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices.

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)).

An issue was discovered in Devolutions Server before 2020.3.

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503.

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust.

An issue was discovered in the insert_many crate through 2021-01-26 for Rust.

An issue was discovered in the parse_duration crate through 2021-03-18 for Rust.

An issue was discovered in the arenavec crate through 2021-01-12 for Rust.

An issue was discovered in the arenavec crate through 2021-01-12 for Rust.

An issue was discovered in the endian_trait crate through 2021-01-04 for Rust.

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile.

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the Traffic Management Microkernel (TMM) process may produce a core file when undisclosed MPTCP traffic passes through a standard virtual server.

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart.

On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers.

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted.

On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort.

Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.

On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon.

PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account.

An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B.

A flaw was found in knot-resolver before version 2.3.0.

Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.

The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron).

A ZTE product has a DoS vulnerability.

The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) contains the administrator account password in plaintext.

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request.

TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the "It is only available on the local network" documentation.

An issue was discovered in the reorder crate through 2021-02-24 for Rust.

An issue was discovered in the reorder crate through 2021-02-24 for Rust.

An issue was discovered in the stackvector crate through 2021-02-19 for Rust.

An issue was discovered in the rocket crate before 0.4.7 for Rust.

An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust.

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.

Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below.

A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below.

Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as root in its administrative web interface.

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read issue existed that led to the disclosure of kernel memory.

IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26.

This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26.

A race condition was addressed with additional validation.

A race condition was addressed with improved locking.

A race condition was addressed with improved state handling.

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below.

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query.

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed access tokens generated from a GitHub App's web authentication flow to read private repository metadata via the REST API without having been granted the appropriate permissions.

An issue existed in screen sharing.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9.

wire-webapp is an open-source front end for Wire, a secure collaboration platform.

node-etsy-client is a NodeJs Etsy ReST API Client.

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature.

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature.

A potential security vulnerability has been identified in HPE Superdome Flex server.

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check.

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp.

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies).

Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server.

Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system.

A malicious extension with the 'search' permission could have installed a new search engine whose favicon referenced a cross-origin URL.

If an attacker is able to alter specific about:config values (for example malware running on the user's computer), the Devtools remote debugging feature could have been enabled in a way that was unnoticable to the user.

A malicious extension could have opened a popup window lacking an address bar.

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash.

Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections.

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919.

An issue was discovered in PortSwigger Burp Suite before 2021.2.

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.

Multiple issues were addressed with improved logic.

A logic issue was addressed with improved restrictions.

An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists.

An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B.

docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character.

Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376.

This issue was addressed by improved management of object lifetimes.

An issue existed in the parsing of URLs.

Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process

Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).

DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php).

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.

An issue was discovered in Devolutions Server before 2020.3.

A potential security vulnerability has been identified in HPE iLO Amplifier Pack.

Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727.

An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.

On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability.

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role.

Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page.

A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below.

This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561).

Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature.

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.

A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.1g, 6.4 up to 6.4.1c and 6.5.1 through 6.5.1b.

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below.

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability.

Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup->Users->Username editbox.

A path handling issue was addressed with improved validation.

The issue was addressed with improved permissions logic.

An issue was discovered in WiZ Colors A60 1.14.0.

An issue was discovered in WiZ Colors A60 1.14.0.

An out-of-bounds read issue existed that led to the disclosure of kernel memory.

A logic issue was addressed with improved state management.

A privacy issue existed in the handling of Contact cards.

An out-of-bounds read issue existed in the curl.

A logic issue was addressed with improved state management.

A logic issue was addressed with improved validation.

This issue was addressed with improved checks.

A memory corruption issue was addressed with improved state management.

An out-of-bounds read was addressed with improved input validation.

This issue was addressed with improved checks.

An out-of-bounds read was addressed with improved input validation.

A logic issue was addressed with improved state management.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved bounds checking.

This issue was addressed with improved checks to prevent unauthorized actions.

An information disclosure issue was addressed with improved state management.

A logic issue was addressed with improved state management.

A logic issue was addressed with improved restrictions.

An input validation issue was addressed with improved memory handling.

KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.

An application error verification vulnerability exists in a component interface of Huawei Smartphone.

An application bypass mechanism vulnerability exists in a component interface of Huawei Smartphone.

A memory buffer error vulnerability exists in a component interface of Huawei Smartphone.

A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25.

An issue was discovered in the Linux kernel before 5.11.11.

An issue was discovered in the Linux kernel before 5.11.11.

An issue was discovered in the Linux kernel before 5.11.11.

A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product).

IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user.

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user.

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4.

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12.

Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields.

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile.

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing.

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile.

Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing.

ps_emailsubscription is a newsletter subscription module for the PrestaShop platform.

IBM Jazz Foundation Products are vulnerable to cross-site scripting.

IBM Jazz Foundation Products are vulnerable to cross-site scripting.

IBM Jazz Foundation Products are vulnerable to cross-site scripting.

IBM Jazz Foundation Products are vulnerable to cross-site scripting.

IBM Jazz Foundation Products are vulnerable to cross-site scripting.

IBM Jazz Foundation Products are vulnerable to cross-site scripting.

IBM Jazz Foundation Products are vulnerable to cross-site scripting.

PrestaShop is a fully scalable open source e-commerce solution.

IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to.

Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php.

CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.

Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1, via the 'method' parameter to 'seeyon/hrSalary.do'.

An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.

Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's possible to request any internal page if you use a https request.

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.

In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header.

The membersOf JQL search function in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a group exists & members of groups if they are assigned to publicly visible issue field.

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check.

An issue was discovered in PRTG Network Monitor before 21.1.66.1623.

On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic.

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners.

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash.

GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens.

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9.

A vulnerability was found in Braces versions prior to 2.3.1.

It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format.

MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and nonexistent user accounts by observing the number of failed login attempts needed to produce a Lockout error message

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.

An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices.

CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS).

This issue was addressed with improved setting propagation.

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system.

A memory initialization issue was addressed with improved memory handling.

Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that would have normally access to the same subset of job details

Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.

An issue has been discovered in GitLab CE/EE affecting all previous versions.

An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects.

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other

An issue was discovered in WiZ Colors A60 1.14.0.

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command.

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint.

A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages.

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets.

The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability.

The issue was addressed with improved permissions logic.

This issue was addressed with improved checks.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.1.0.37527.

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

django-registration is a user registration package for Django.

A lock screen issue allowed access to contacts on a locked device.

A lock screen issue allowed access to contacts on a locked device.