Weekly Vulnerabilities Reports > May 10 to 16, 2021

Overview

479 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 51 high severity vulnerabilities. This weekly summary report vulnerabilities in 371 products from 141 vendors including Google, Microsoft, Jetbrains, Fedoraproject, and IBM. Vulnerabilities are notably categorized as "Cross-site Scripting", "Divide By Zero", "Information Exposure", "Out-of-bounds Write", and "Out-of-bounds Read".

  • 301 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 114 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 378 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 108 reported vulnerabilities.
  • ARM has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-05-12 CVE-2020-13873 Codologic SQL Injection vulnerability in Codologic Codoforum

A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin.

10.0
2021-05-11 CVE-2021-31214 Microsoft Command Injection vulnerability in Microsoft Visual Studio Code

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31211.

9.3
2021-05-13 CVE-2020-12967 AMD Command Injection vulnerability in AMD products

The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

9.0
2021-05-13 CVE-2021-26311 AMD Command Injection vulnerability in AMD products

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

9.0
2021-05-10 CVE-2021-28663 ARM USE After Free vulnerability in ARM products

The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU memory operations are mishandled, leading to a use-after-free.

9.0
2021-05-10 CVE-2021-28664 ARM Improper Privilege Management vulnerability in ARM products

The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages.

9.0
2021-05-10 CVE-2021-24011 Fortinet Improper Privilege Management vulnerability in Fortinet Fortinac

A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges.

9.0

51 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-05-10 CVE-2021-25847 Moxa Out-Of-Bounds Read vulnerability in Moxa products

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to controllable loop counter variable via a crafted lldp packet.

8.5
2021-05-10 CVE-2021-25848 Moxa Out-Of-Bounds Read vulnerability in Moxa products

Improper validation of the length field of LLDP-MED TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows information disclosure to attackers due to using fixed loop counter variable without checking the actual available length via a crafted lldp packet.

8.5
2021-05-13 CVE-2021-32920 Prosody
Debian
Fedoraproject
Resource Exhaustion vulnerability in multiple products

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.

7.8
2021-05-12 CVE-2020-25242 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl.

7.8
2021-05-11 CVE-2021-20309 Imagemagick Divide BY Zero vulnerability in Imagemagick

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick.

7.8
2021-05-11 CVE-2021-20310 Imagemagick Divide BY Zero vulnerability in Imagemagick

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick.

7.8
2021-05-11 CVE-2021-20311 Imagemagick Divide BY Zero vulnerability in Imagemagick

A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick.

7.8
2021-05-11 CVE-2021-20312 Imagemagick Integer Overflow OR Wraparound vulnerability in Imagemagick

A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick.

7.8
2021-05-10 CVE-2021-25846 Moxa Integer Underflow (Wrap OR Wraparound) vulnerability in Moxa products

Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet.

7.8
2021-05-10 CVE-2021-25849 Moxa Integer Underflow (Wrap OR Wraparound) vulnerability in Moxa products

An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet.

7.8
2021-05-11 CVE-2021-26419 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 11/9

Scripting Engine Memory Corruption Vulnerability

7.6
2021-05-16 CVE-2021-22668 Deltaww Out-Of-Bounds Read vulnerability in Deltaww Cncsoft Screeneditor

Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.

7.5
2021-05-14 CVE-2020-23691 Yfcmf Unspecified vulnerability in Yfcmf 2.3.1

YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php.

7.5
2021-05-14 CVE-2020-18166 Laobancms Unrestricted Upload of File With Dangerous Type vulnerability in Laobancms 2.0

Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".

7.5
2021-05-14 CVE-2021-25941 Deep Override Project Unspecified vulnerability in Deep-Override Project Deep-Override 1.0.0/1.0.1

Prototype pollution vulnerability in 'deep-override' versions 1.0.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.

7.5
2021-05-14 CVE-2021-25943 101 Project Unspecified vulnerability in 101 Project 101

Prototype pollution vulnerability in '101' versions 1.0.0 through 1.6.3 allows an attacker to cause a denial of service and may lead to remote code execution.

7.5
2021-05-14 CVE-2021-24284 Kaswara Project Unrestricted Upload of File With Dangerous Type vulnerability in Kaswara Project Kaswara 3.0.1

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action.

7.5
2021-05-14 CVE-2021-24285 Cars Seller Auto Classifieds Script Project SQL Injection vulnerability in Cars-Seller-Auto-Classifieds-Script Project Cars-Seller-Auto-Classifieds-Script 2.1.0

The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL Injection issue.

7.5
2021-05-13 CVE-2021-32615 Piwigo SQL Injection vulnerability in Piwigo 11.4.0

Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.

7.5
2021-05-13 CVE-2021-33026 Flask Caching Project Improper Privilege Management vulnerability in Flask-Caching Project Flask-Caching

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation.

7.5
2021-05-13 CVE-2021-23907 Mercedes Benz Unspecified vulnerability in Mercedes-Benz User Experience 2021

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021.

7.5
2021-05-13 CVE-2021-23908 Mercedes Benz Type Confusion vulnerability in Mercedes-Benz User Experience 2021

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021.

7.5
2021-05-13 CVE-2021-23909 Mercedes Benz Out-Of-Bounds Write vulnerability in Mercedes-Benz Hermes 2.1

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021.

7.5
2021-05-13 CVE-2021-23910 Mercedes Benz Out-Of-Bounds Write vulnerability in Mercedes-Benz Hermes 2.1

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021.

7.5
2021-05-13 CVE-2020-20092 Articlecms Project Unrestricted Upload of File With Dangerous Type vulnerability in Articlecms Project Articlecms 1.0

File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.

7.5
2021-05-13 CVE-2020-28063 Articlecms Project Unrestricted Upload of File With Dangerous Type vulnerability in Articlecms Project Articlecms

A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell.

7.5
2021-05-13 CVE-2021-20998 Wago Missing Authentication for Critical Function vulnerability in Wago products

In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users.

7.5
2021-05-13 CVE-2021-20999 Weidmueller Exposure of Resource TO Wrong Sphere vulnerability in Weidmueller products

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces.

7.5
2021-05-13 CVE-2021-28799 Qnap Incorrect Authorization vulnerability in Qnap Hybrid Backup Sync 16.0.0415/3.0.210411/3.0.210412

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync.

7.5
2021-05-12 CVE-2020-23790 Golo City Guide Laravel Theme Project Unrestricted Upload of File With Dangerous Type vulnerability in Golo-City-Guide-Laravel-Theme Project Golo-City-Guide-Laravel-Theme 1.1.5

An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.

7.5
2021-05-12 CVE-2021-32607 Smartstore Unspecified vulnerability in Smartstore

An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1.

7.5
2021-05-12 CVE-2021-32608 Smartstore Unspecified vulnerability in Smartstore

An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1.

7.5
2021-05-12 CVE-2021-27384 Siemens Access of Memory Location After END of Buffer vulnerability in Siemens products

SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler represented by a binary data stream on client side, which could result in code execution on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl.

7.5
2021-05-12 CVE-2020-35198 Windriver Integer Overflow OR Wraparound vulnerability in Windriver Vxworks

An issue was discovered in Wind River VxWorks 7.

7.5
2021-05-11 CVE-2021-32605 Zzzcms OS Command Injection vulnerability in Zzzcms Zzzphp

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.

7.5
2021-05-11 CVE-2021-32089 Zebra Unrestricted Upload of File With Dangerous Type vulnerability in Zebra Fx9500 Firmware

** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices.

7.5
2021-05-11 CVE-2021-31166 Microsoft USE After Free vulnerability in Microsoft Windows 10 and Windows Server 2016

HTTP Protocol Stack Remote Code Execution Vulnerability

7.5
2021-05-11 CVE-2021-31897 Jetbrains Unspecified vulnerability in Jetbrains Webstorm

In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.

7.5
2021-05-11 CVE-2021-31914 Jetbrains Unspecified vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

7.5
2021-05-11 CVE-2021-31915 Jetbrains OS Command Injection vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

7.5
2021-05-11 CVE-2021-31909 Jetbrains Argument Injection OR Modification vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

7.5
2021-05-11 CVE-2021-32563 Xfce Improper Control of Dynamically-Managed Code Resources vulnerability in Xfce Thunar

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2.

7.5
2021-05-10 CVE-2021-23008 F5 Improper Authentication vulnerability in F5 Big-Ip Access Policy Manager

On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker.

7.5
2021-05-10 CVE-2021-26583 HP Unspecified vulnerability in HP ILO Amplifier Pack 1.70

A potential security vulnerability was identified in HPE iLO Amplifier Pack.

7.5
2021-05-14 CVE-2019-25044 Linux USE After Free vulnerability in Linux Kernel

The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9.

7.2
2021-05-11 CVE-2021-32606 Linux
Fedoraproject
USE After Free vulnerability in multiple products

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free.

7.2
2021-05-11 CVE-2021-31187 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10

Windows WalletService Elevation of Privilege Vulnerability

7.2
2021-05-11 CVE-2021-27616 SAP Incorrect Authorization vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.

7.2
2021-05-10 CVE-2021-23012 F5 Command Injection vulnerability in F5 products

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP.

7.2
2021-05-10 CVE-2021-32471 MIT Improper Input Validation vulnerability in MIT Universal Turing Machine

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data.

7.2
2021-05-12 CVE-2020-28393 Siemens Incorrect Calculation vulnerability in Siemens products

An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets.

7.1

301 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-05-13 CVE-2021-20181 Qemu
Debian
Time-Of-Check Time-Of-Use (Toctou) Race Condition vulnerability in multiple products

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0.

6.9
2021-05-13 CVE-2021-20025 Sonicwall USE of Hard-Coded Credentials vulnerability in Sonicwall Email Security Virtual Appliance

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup.

6.9
2021-05-12 CVE-2021-23892 Mcafee Race Condition vulnerability in Mcafee Endpoint Security for Linux Threat Prevention

By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.

6.9
2021-05-15 CVE-2021-32073 Dedecms Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7

DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.

6.8
2021-05-14 CVE-2021-22866 Github Improper Restriction of Rendered UI Layers OR Frames vulnerability in Github Enterprise Server

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval.

6.8
2021-05-14 CVE-2021-32819 Squirrelly Unspecified vulnerability in Squirrelly 8.0.8

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS.

6.8
2021-05-13 CVE-2021-27413 Omron Out-Of-Bounds Write vulnerability in Omron Cx-One and Cx-Server

Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.

6.8
2021-05-13 CVE-2020-27823 Uclouvain
Fedoraproject
Debian
Classic Buffer Overflow vulnerability in multiple products

A flaw was found in OpenJPEG’s encoder.

6.8
2021-05-12 CVE-2021-27396 Siemens Stack-Based Buffer Overflow vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5).

6.8
2021-05-12 CVE-2021-27397 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5).

6.8
2021-05-12 CVE-2021-27398 Siemens Stack-Based Buffer Overflow vulnerability in Siemens Tecnomatix Plant Simulation

A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5).

6.8
2021-05-11 CVE-2020-18964 Forestblog Project Cross-Site Request Forgery (CSRF) vulnerability in Forestblog Project Forestblog 20190404

Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest version via the website Management background, which could let a remote malicious gain privileges.

6.8
2021-05-11 CVE-2021-28465 Microsoft Command Injection vulnerability in Microsoft web Media Extensions

Web Media Extensions Remote Code Execution Vulnerability

6.8
2021-05-11 CVE-2021-31175 Microsoft USE After Free vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31176, CVE-2021-31177, CVE-2021-31179.

6.8
2021-05-11 CVE-2021-31176 Microsoft USE After Free vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31177, CVE-2021-31179.

6.8
2021-05-11 CVE-2021-31177 Microsoft USE After Free vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31179.

6.8
2021-05-11 CVE-2021-31179 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31175, CVE-2021-31176, CVE-2021-31177.

6.8
2021-05-11 CVE-2021-31180 Microsoft Unspecified vulnerability in Microsoft 365 Apps, Office and Word

Microsoft Office Graphics Remote Code Execution Vulnerability

6.8
2021-05-11 CVE-2021-31192 Microsoft Unspecified vulnerability in Microsoft Windows 10 2004/20H2

Windows Media Foundation Core Remote Code Execution Vulnerability

6.8
2021-05-11 CVE-2021-31195 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31198.

6.8
2021-05-11 CVE-2021-31198 Microsoft Command Injection vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31195.

6.8
2021-05-11 CVE-2021-31211 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31214.

6.8
2021-05-11 CVE-2021-31213 Microsoft Unspecified vulnerability in Microsoft Remote

Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability

6.8
2021-05-11 CVE-2021-31912 Jetbrains Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.

6.8
2021-05-10 CVE-2020-28600 Openscad Out-Of-Bounds Write vulnerability in Openscad 2020.12

An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2.

6.8
2021-05-10 CVE-2020-19199 Phpok Cross-Site Request Forgery (CSRF) vulnerability in PHPok 5.2.060

A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2.060 via admin.php?c=admin&f=save, which could let a remote malicious user execute arbitrary code.

6.8
2021-05-10 CVE-2021-21822 Foxitsoftware USE After Free vulnerability in Foxitsoftware Foxit Reader 10.1.3.37598

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598.

6.8
2021-05-10 CVE-2021-22672 Deltaww Out-Of-Bounds Write vulnerability in Deltaww Cncsoft Screeneditor

Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of data, a denial-of-service condition, or code execution.

6.8
2021-05-10 CVE-2021-31520 Trendmicro Improper Authentication vulnerability in Trendmicro IM Security 1.6/1.6.5

A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface.

6.8
2021-05-14 CVE-2021-24188 WP BUY Improper Authorization vulnerability in Wp-Buy WP Content Copy Protection & NO Right Click

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

6.5
2021-05-14 CVE-2021-24189 WP BUY Unspecified vulnerability in Wp-Buy Captchinoo

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

6.5
2021-05-14 CVE-2021-24190 WP BUY Improper Authorization vulnerability in Wp-Buy Conditional Marketing Mailer

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

6.5
2021-05-14 CVE-2021-24191 Wpshopmart Improper Authorization vulnerability in Wpshopmart Coming Soon Page & Maintenance Mode

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

6.5
2021-05-14 CVE-2021-24192 Sitemap Project Improper Authorization vulnerability in Sitemap Project Sitemap

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

6.5
2021-05-14 CVE-2021-24193 WP BUY Improper Authorization vulnerability in Wp-Buy Visitor Traffic Real Time Statistics

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

6.5
2021-05-14 CVE-2021-24194 WP BUY Improper Authorization vulnerability in Wp-Buy Login Protection - Limit Failed Login Attempts

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

6.5
2021-05-14 CVE-2021-24195 WP BUY Improper Authorization vulnerability in Wp-Buy Login AS User OR Customer (User Switching)

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

6.5
2021-05-14 CVE-2021-24280 Querysol Deserialization of Untrusted Data vulnerability in Querysol Redirection for Contact Form 7

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects.

6.5
2021-05-14 CVE-2021-24282 Querysol Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things.

6.5
2021-05-13 CVE-2020-23996 Ilias Unspecified vulnerability in Ilias

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.

6.5
2021-05-13 CVE-2021-3528 Redhat Insufficiently Protected Credentials vulnerability in Redhat Noobaa-Operator

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files.

6.5
2021-05-13 CVE-2021-31215 Schedmd
Fedoraproject
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
6.5
2021-05-13 CVE-2021-22155 Blackberry Incorrect Authorization vulnerability in Blackberry Workspaces Server

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account.

6.5
2021-05-11 CVE-2021-26422 Microsoft Command Injection vulnerability in Microsoft Lync Server and Skype for Business Server

Skype for Business and Lync Remote Code Execution Vulnerability

6.5
2021-05-11 CVE-2021-27068 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2019

Visual Studio Remote Code Execution Vulnerability

6.5
2021-05-11 CVE-2021-28455 Microsoft Command Injection vulnerability in Microsoft products

Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability

6.5
2021-05-11 CVE-2021-28474 Microsoft Command Injection vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability

6.5
2021-05-11 CVE-2021-28476 Microsoft Unspecified vulnerability in Microsoft products

Hyper-V Remote Code Execution Vulnerability

6.5
2021-05-11 CVE-2021-31181 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SharePoint Remote Code Execution Vulnerability

6.5
2021-05-11 CVE-2021-31194 Microsoft Unspecified vulnerability in Microsoft products

OLE Automation Remote Code Execution Vulnerability

6.5
2021-05-11 CVE-2021-31200 Microsoft Unspecified vulnerability in Microsoft Neural Network Intelligence

Common Utilities Remote Code Execution Vulnerability

6.5
2021-05-11 CVE-2021-31207 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Security Feature Bypass Vulnerability

6.5
2021-05-11 CVE-2021-31899 Jetbrains Unspecified vulnerability in Jetbrains Code With ME

In JetBrains Code With Me bundled to the compatible IDEs before version 2021.1, the client could execute code in read-only mode.

6.5
2021-05-11 CVE-2020-27242 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application.

6.5
2021-05-11 CVE-2020-27243 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application.

6.5
2021-05-11 CVE-2020-27244 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application.

6.5
2021-05-11 CVE-2020-27245 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application.

6.5
2021-05-11 CVE-2020-27246 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application.

6.5
2021-05-10 CVE-2020-27232 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3.

6.5
2021-05-10 CVE-2020-27226 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3.

6.5
2021-05-10 CVE-2020-27229 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application.

6.5
2021-05-10 CVE-2020-27230 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application.

6.5
2021-05-10 CVE-2020-27231 Openclinic GA Project SQL Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3

A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application.

6.5
2021-05-10 CVE-2021-23014 F5 Missing Authorization vulnerability in F5 products

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files.

6.5
2021-05-10 CVE-2021-23015 F5 Incorrect Authorization vulnerability in F5 products

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints.

6.5
2021-05-10 CVE-2021-26077 Atlassian Improper Authentication vulnerability in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps.

6.5
2021-05-14 CVE-2021-3402 Virustotal
Fedoraproject
Integer Overflow OR Wraparound vulnerability in multiple products

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.

6.4
2021-05-13 CVE-2021-31876 Bitcoin Incorrect Authorization vulnerability in Bitcoin

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes.

6.4
2021-05-13 CVE-2021-32925 Chamilo Information Exposure vulnerability in Chamilo 1.11.14

admin/user_import.php in Chamilo 1.11.14 reads XML data without disabling the ability to load external entities.

6.4
2021-05-11 CVE-2021-29508 Asynkron Deserialization of Untrusted Data vulnerability in Asynkron Wire

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer.

6.4
2021-05-10 CVE-2021-20538 IBM Incorrect Authorization vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms.

6.4
2021-05-13 CVE-2021-22153 Blackberry Improper Neutralization of Formula Elements in A CSV File vulnerability in Blackberry Unified Endpoint Management

A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user.

6.0
2021-05-14 CVE-2020-24119 UPX Project
Fedoraproject
Out-Of-Bounds Read vulnerability in multiple products

A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.

5.8
2021-05-13 CVE-2020-36197 Qnap Improper Access Control vulnerability in Qnap Music Station

An improper access control vulnerability has been reported to affect earlier versions of Music Station.

5.8
2021-05-11 CVE-2021-3504 Redhat
Debian
Fedoraproject
Out-Of-Bounds Read vulnerability in multiple products

A flaw was found in the hivex library in versions before 1.3.20.

5.8
2021-05-11 CVE-2021-26418 Microsoft Incorrect Authorization vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-28478, CVE-2021-31172.

5.8
2021-05-11 CVE-2021-26421 Microsoft Unspecified vulnerability in Microsoft Lync Server and Skype for Business Server

Skype for Business and Lync Spoofing Vulnerability

5.8
2021-05-11 CVE-2021-28478 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-31172.

5.8
2021-05-11 CVE-2021-31172 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from CVE-2021-26418, CVE-2021-28478.

5.8
2021-05-11 CVE-2021-31209 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Spoofing Vulnerability

5.8
2021-05-11 CVE-2021-21652 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Xray - Test Management

A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

5.8
2021-05-11 CVE-2021-21655 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins P4

A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.

5.8
2021-05-11 CVE-2021-27612 SAP Open Redirect vulnerability in SAP GUI for Windows 7.60/7.70

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.

5.8
2021-05-13 CVE-2021-20535 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Reporting Service

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF).

5.5
2021-05-11 CVE-2021-21656 Jenkins XXE vulnerability in Jenkins Xcode Integration

Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

5.5
2021-05-10 CVE-2021-23013 F5 Code Injection vulnerability in F5 products

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic under certain conditions.

5.4
2021-05-16 CVE-2021-29040 Liferay Information Exposure Through AN Error Message vulnerability in Liferay DXP 7.0

The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs.

5.0
2021-05-16 CVE-2021-29047 Liferay Improper Authentication vulnerability in Liferay DXP 7.0

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.

5.0
2021-05-14 CVE-2021-27737 Apache Unspecified vulnerability in Apache Traffic Server 9.0.0

Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.

5.0
2021-05-14 CVE-2021-32820 Express Handlebars Project Information Exposure vulnerability in Express Handlebars Project Express Handlebars

Express-handlebars is a Handlebars view engine for Express.

5.0
2021-05-14 CVE-2021-32816 Protonmail Resource Exhaustion vulnerability in Protonmail

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service.

5.0
2021-05-14 CVE-2020-4985 IBM Information Exposure vulnerability in IBM Planning Analytics Local 2.0.0

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query.

5.0
2021-05-14 CVE-2021-20393 IBM Information Exposure Through AN Error Message vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.0
2021-05-14 CVE-2021-20429 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy.

5.0
2021-05-14 CVE-2021-20565 IBM Improper Input Validation vulnerability in IBM Cloud PAK for Security

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

5.0
2021-05-14 CVE-2020-27185 Moxa Cleartext Transmission of Sensitive Information vulnerability in Moxa products

Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices.

5.0
2021-05-14 CVE-2020-27150 Moxa Unspecified vulnerability in Moxa products

In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.

5.0
2021-05-14 CVE-2021-24278 Querysol Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.

5.0
2021-05-14 CVE-2020-27020 Kaspersky Inadequate Encryption Strength vulnerability in Kaspersky Password Manager 9.2

Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases.

5.0
2021-05-14 CVE-2021-30183 Octopus Cleartext Storage of Sensitive Information vulnerability in Octopus Server

Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext.

5.0
2021-05-14 CVE-2021-31922 Pulsesecure Incorrect Usage of Seeds in Pseudo-Random Number Generator (Prng) vulnerability in Pulsesecure Virtual Traffic Manager

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header.

5.0
2021-05-14 CVE-2021-32051 Hexagon SQL Injection vulnerability in Hexagon Intergraph G!Nius

Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter.

5.0
2021-05-13 CVE-2021-29510 Pydantic Project
Fedoraproject
Infinite Loop vulnerability in multiple products

Pydantic is a data validation and settings management using Python type hinting.

5.0
2021-05-13 CVE-2021-22140 Elastic XXE vulnerability in Elastic APP Search 7.11.0/7.11.1

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature.

5.0
2021-05-13 CVE-2021-21424 Sensiolabs
Fedoraproject
Information Exposure vulnerability in multiple products

Symfony is a PHP framework for web and console applications and a set of reusable PHP components.

5.0
2021-05-13 CVE-2021-32918 Prosody
Debian
Fedoraproject
Resource Exhaustion vulnerability in multiple products

An issue was discovered in Prosody before 0.11.9.

5.0
2021-05-13 CVE-2020-21342 Zzcms Incorrect Default Permissions vulnerability in Zzcms 201910

Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.

5.0
2021-05-13 CVE-2020-12526 Beckhoff Improper Input Validation vulnerability in Beckhoff products

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co.

5.0
2021-05-13 CVE-2021-20988 Hilscher
Pepperi Fuchs
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet.

5.0
2021-05-13 CVE-2021-20993 Wago Information Exposure vulnerability in Wago products

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.

5.0
2021-05-13 CVE-2021-20995 Wago Cleartext Storage of Sensitive Information vulnerability in Wago products

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials.

5.0
2021-05-13 CVE-2021-20996 Wago Incorrect Permission Assignment for Critical Resource vulnerability in Wago products

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties.

5.0
2021-05-13 CVE-2021-20997 Wago Insufficiently Protected Credentials vulnerability in Wago products

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users.

5.0
2021-05-13 CVE-2021-25693 Teradici Null Pointer Dereference vulnerability in Teradici Pcoip Agent

An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference.

5.0
2021-05-13 CVE-2021-22154 Blackberry Information Exposure vulnerability in Blackberry Unified Endpoint Management

An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.

5.0
2021-05-12 CVE-2020-19275 Dhcms Project Improper Input Validation vulnerability in Dhcms Project Dhcms 20170918

An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path.

5.0
2021-05-12 CVE-2021-32572 Specotech Path Traversal vulnerability in Specotech web Viewer

Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /..

5.0
2021-05-12 CVE-2021-32611 Antisip Null Pointer Dereference vulnerability in Antisip Exosip2

A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses.

5.0
2021-05-12 CVE-2020-27840 Samba
Debian
Fedoraproject
Out-Of-Bounds Read vulnerability in multiple products

A flaw was found in samba.

5.0
2021-05-12 CVE-2019-19276 Siemens Out-Of-Bounds Write vulnerability in Siemens products

A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl.

5.0
2021-05-12 CVE-2021-20277 Samba
Debian
Fedoraproject
Out-Of-Bounds Read vulnerability in multiple products

A flaw was found in Samba's libldb.

5.0
2021-05-12 CVE-2021-25660 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl.

5.0
2021-05-12 CVE-2021-25661 Siemens Access of Memory Location After END of Buffer vulnerability in Siemens products

SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a denial-of-service condition on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl.

5.0
2021-05-12 CVE-2021-25662 Siemens Improper Handling of Exceptional Conditions vulnerability in Siemens products

SmartVNC client fails to handle an exception properly if the program execution process is modified after sending a packet from the server, which could result in a denial-of-service condition on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl.

5.0
2021-05-12 CVE-2021-27383 Siemens Allocation of Resources Without Limits OR Throttling vulnerability in Siemens products

SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a denial-of-service condition on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl.

5.0
2021-05-12 CVE-2021-27385 Siemens Resource Exhaustion vulnerability in Siemens products

A remote attacker could send specially crafted packets to a SmartVNC device layout handler on the client side, which could influence the number of resources consumed and result in a denial-of-service condition (infinite loop) on the SIMATIC HMIs/WinCC Products SIMATIC HMI Comfort Outdoor Panels 7’ and 15’ (incl.

5.0
2021-05-12 CVE-2021-27386 Siemens Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Siemens products

A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl.

5.0
2021-05-12 CVE-2020-36289 Atlassian Information Exposure vulnerability in Atlassian Data Center and Jira

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint.

5.0
2021-05-11 CVE-2021-20313 Imagemagick Information Exposure vulnerability in Imagemagick

A flaw was found in ImageMagick in versions before 7.0.11.

5.0
2021-05-11 CVE-2020-26142 Openbsd Injection vulnerability in Openbsd 6.6

An issue was discovered in the kernel in OpenBSD 6.6.

5.0
2021-05-11 CVE-2021-29509 Puma Resource Exhaustion vulnerability in Puma

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications.

5.0
2021-05-11 CVE-2021-29471 Matrix Resource Exhaustion vulnerability in Matrix Synapse

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse).

5.0
2021-05-11 CVE-2021-30482 Jetbrains Improper Preservation of Permissions vulnerability in Jetbrains Upsource

In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly

5.0
2021-05-11 CVE-2021-31898 Jetbrains Inadequate Encryption Strength vulnerability in Jetbrains Webstorm

In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.

5.0
2021-05-11 CVE-2021-31910 Jetbrains Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.

5.0
2021-05-11 CVE-2021-31913 Jetbrains Improper Validation of Integrity Check Value vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.

5.0
2021-05-11 CVE-2021-26310 Jetbrains Unspecified vulnerability in Jetbrains Teamcity

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.

5.0
2021-05-11 CVE-2021-30006 Jetbrains XXE vulnerability in Jetbrains Intellij Idea

In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to information disclosure.

5.0
2021-05-11 CVE-2021-30504 Jetbrains Resource Exhaustion vulnerability in Jetbrains Intellij Idea

In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation.

5.0
2021-05-11 CVE-2021-31900 Jetbrains Unspecified vulnerability in Jetbrains Code With ME

In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host.

5.0
2021-05-11 CVE-2021-31901 Jetbrains Unspecified vulnerability in Jetbrains HUB

In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't enabled properly for the All Users group.

5.0
2021-05-11 CVE-2021-31902 Jetbrains Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.

5.0
2021-05-11 CVE-2021-31905 Jetbrains Information Exposure vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible.

5.0
2021-05-11 CVE-2021-31907 Jetbrains Incorrect Permission Assignment for Critical Resource vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.

5.0
2021-05-10 CVE-2020-23575 Kyocera Path Traversal vulnerability in Kyocera D-Copia253Mf Plus Firmware

A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus.

5.0
2021-05-10 CVE-2021-32053 Fhir Resource Exhaustion vulnerability in Fhir Hapi Fhir

JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests.

5.0
2021-05-10 CVE-2021-29022 Invoiceplane Unrestricted Upload of File With Dangerous Type vulnerability in Invoiceplane 1.5.11

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.

5.0
2021-05-10 CVE-2021-23009 F5 Infinite Loop vulnerability in F5 products

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic.

5.0
2021-05-10 CVE-2021-23010 F5 Unspecified vulnerability in F5 Big-Ip Application Security Manager

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-IP ASM bd process may produce a core file.

5.0
2021-05-10 CVE-2021-23016 F5 Unspecified vulnerability in F5 Big-Ip Access Policy Manager

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server.

5.0
2021-05-10 CVE-2021-23011 F5 Resource Exhaustion vulnerability in F5 products

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event.

5.0
2021-05-10 CVE-2021-25845 Moxa Null Pointer Dereference vulnerability in Moxa products

Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a NULL pointer dereference via a crafted lldp packet.

5.0
2021-05-11 CVE-2021-31182 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Bluetooth Driver Spoofing Vulnerability

4.8
2021-05-14 CVE-2021-33033 Linux USE After Free vulnerability in Linux Kernel

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd.

4.6
2021-05-14 CVE-2021-33034 Linux
Fedoraproject
USE After Free vulnerability in multiple products

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409.

4.6
2021-05-14 CVE-2020-27833 Redhat Improper Input Validation vulnerability in Redhat Openshift Container Platform

A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links.

4.6
2021-05-14 CVE-2021-29513 Google Type Confusion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29514 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29515 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29518 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29520 Google Classic Buffer Overflow vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29525 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29529 Google Off-By-One Error vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29530 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29535 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29536 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29537 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29540 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29546 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29558 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29566 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29568 Google Access of Uninitialized Pointer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29571 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29574 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29576 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29577 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29578 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29579 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29583 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29585 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29586 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29587 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29588 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29589 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29591 Google Infinite Loop vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29592 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29593 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29594 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29595 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29596 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29597 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29598 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29599 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29600 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29603 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29606 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29607 Google Improper Check for Unusual OR Exceptional Conditions vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29608 Google Incorrect Calculation of Buffer Size vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29609 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29610 Google Improper Initialization vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29612 Google Classic Buffer Overflow vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29614 Google Improper Initialization vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29616 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-14 CVE-2021-29512 Google Out-Of-Bounds Write vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

4.6
2021-05-13 CVE-2020-36198 Qnap Command Injection vulnerability in Qnap Malware Remover

A command injection vulnerability has been reported to affect certain versions of Malware Remover.

4.6
2021-05-12 CVE-2021-23134 Linux
Fedoraproject
USE After Free vulnerability in multiple products

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges.

4.6
2021-05-12 CVE-2021-20202 Redhat Insecure Temporary File vulnerability in Redhat Keycloak

A flaw was found in keycloak.

4.6
2021-05-12 CVE-2021-23872 Mcafee Improper Privilege Management vulnerability in Mcafee Total Protection

Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.

4.6
2021-05-12 CVE-2021-23891 Mcafee Improper Privilege Management vulnerability in Mcafee Total Protection

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.

4.6
2021-05-11 CVE-2021-31165 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31167, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208.

4.6
2021-05-11 CVE-2021-31167 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31168, CVE-2021-31169, CVE-2021-31208.

4.6
2021-05-11 CVE-2021-31168 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31169, CVE-2021-31208.

4.6
2021-05-11 CVE-2021-31169 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208.

4.6
2021-05-11 CVE-2021-31170 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31188.

4.6
2021-05-11 CVE-2021-31190 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2019

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

4.6
2021-05-11 CVE-2021-31193 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows SSDP Service Elevation of Privilege Vulnerability

4.6
2021-05-11 CVE-2021-31204 Microsoft
Fedoraproject
Improper Privilege Management vulnerability in multiple products

.NET and Visual Studio Elevation of Privilege Vulnerability

4.6
2021-05-11 CVE-2021-31208 Microsoft Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31169.

4.6
2021-05-11 CVE-2021-27611 SAP Injection vulnerability in SAP Netweaver AS Abap

SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system.

4.6
2021-05-11 CVE-2021-27613 SAP Incorrect Authorization vulnerability in SAP Chef Business-One-Cookbook 0.1.9

Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability.

4.6
2021-05-11 CVE-2021-29263 Jetbrains Unspecified vulnerability in Jetbrains Intellij Idea

In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient checks when getting the project from VCS.

4.6
2021-05-11 CVE-2021-30005 Jetbrains Code Injection vulnerability in Jetbrains Pycharm

In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.

4.6
2021-05-10 CVE-2020-22809 Windscribe Unquoted Search Path OR Element vulnerability in Windscribe 1.83.20

In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.

4.6
2021-05-13 CVE-2021-25694 Teradici Uncontrolled Search Path Element vulnerability in Teradici Pcoip Graphics Agent

Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll.

4.4
2021-05-12 CVE-2021-28649 Trendmicro Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063

An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.

4.4
2021-05-12 CVE-2021-31519 Trendmicro Incorrect Default Permissions vulnerability in Trendmicro Housecall for Home Networks 5.3.0.1063

An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.

4.4
2021-05-10 CVE-2021-32399 Linux Race Condition vulnerability in Linux Kernel

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

4.4
2021-05-10 CVE-2021-21428 Openapi Generator Improper Privilege Management vulnerability in Openapi-Generator Openapi Generator

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec.

4.4
2021-05-16 CVE-2021-29039 Liferay Cross-Site Scripting vulnerability in Liferay Portal 7.3.4

Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.

4.3
2021-05-14 CVE-2021-32054 Fire LY USE of Incorrectly-Resolved Name OR Reference vulnerability in Fire.Ly Spark

Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.

4.3
2021-05-14 CVE-2020-17891 TP Link Cross-Site Scripting vulnerability in Tp-Link Archer C1200 Firmware 1.13

TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code.

4.3
2021-05-14 CVE-2020-27769 Imagemagick
Redhat
Fedoraproject
Integer Overflow OR Wraparound vulnerability in multiple products

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.

4.3
2021-05-14 CVE-2021-3537 Xmlsoft
Redhat
Debian
Fedoraproject
Null Pointer Dereference vulnerability in multiple products

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference.

4.3
2021-05-14 CVE-2021-32817 Express Handlebars Project Information Exposure vulnerability in Express Handlebars Project Express Handlebars

express-hbs is an Express handlebars template engine.

4.3
2021-05-14 CVE-2021-20392 IBM Cross-Site Scripting vulnerability in IBM Qradar User Behavior Analytics 1.0.0

IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting.

4.3
2021-05-14 CVE-2021-20564 IBM Information Exposure vulnerability in IBM Cloud PAK for Security

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2021-05-14 CVE-2020-27184 Moxa Inadequate Encryption Strength vulnerability in Moxa products

The NPort IA5000A Series devices use Telnet as one of the network device management services.

4.3
2021-05-14 CVE-2021-32613 Radare USE After Free vulnerability in Radare Radare2

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.

4.3
2021-05-14 CVE-2021-24286 Mooveagency Cross-Site Scripting vulnerability in Mooveagency Redirect 404 TO Parent

The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

4.3
2021-05-14 CVE-2021-24287 Mooveagency Cross-Site Scripting vulnerability in Mooveagency Select ALL Categories and Taxonomies, Change Checkbox TO Radio Buttons

The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue

4.3
2021-05-14 CVE-2021-24291 10Web Cross-Site Scripting vulnerability in 10Web Photo Gallery

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users)

4.3
2021-05-13 CVE-2019-10062 Bluespire Cross-Site Scripting vulnerability in Bluespire Aurelia Framework

The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS.

4.3
2021-05-13 CVE-2021-22135 Elastic Information Exposure vulnerability in Elastic Elasticsearch

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled.

4.3
2021-05-13 CVE-2021-22137 Elastic Information Exposure vulnerability in Elastic Elasticsearch

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used.

4.3
2021-05-13 CVE-2021-22138 Elastic Improper Certificate Validation vulnerability in Elastic Logstash

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature.

4.3
2021-05-13 CVE-2021-29623 Exiv2 USE of Uninitialized Resource vulnerability in Exiv2

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata.

4.3
2021-05-13 CVE-2021-32917 Prosody
Debian
Fedoraproject
Missing Authorization vulnerability in multiple products

An issue was discovered in Prosody before 0.11.9.

4.3
2021-05-13 CVE-2021-32919 Prosody
Debian
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

An issue was discovered in Prosody before 0.11.9.

4.3
2021-05-13 CVE-2021-32921 Prosody
Fedoraproject
Debian
Race Condition vulnerability in multiple products

An issue was discovered in Prosody before 0.11.9.

4.3
2021-05-13 CVE-2020-27824 Uclouvain
Redhat
Fedoraproject
Debian
Classic Buffer Overflow vulnerability in multiple products

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function.

4.3
2021-05-13 CVE-2021-20994 Wago Cross-Site Scripting vulnerability in Wago products

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management.

4.3
2021-05-12 CVE-2020-19274 Dhcms Project Cross-Site Scripting vulnerability in Dhcms Project Dhcms 20170918

A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code.

4.3
2021-05-12 CVE-2021-30213 ENG Cross-Site Scripting vulnerability in ENG Knowage 7.3.0

Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS).

4.3
2021-05-11 CVE-2021-32604 Solarwinds Cross-Site Scripting vulnerability in Solarwinds Serv-U 15.1.6/15.2.1

Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS."

4.3
2021-05-11 CVE-2021-31178 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Office Information Disclosure Vulnerability

4.3
2021-05-11 CVE-2021-31186 Microsoft Information Exposure vulnerability in Microsoft products

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

4.3
2021-05-11 CVE-2021-31205 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows SMB Client Security Feature Bypass Vulnerability

4.3
2021-05-11 CVE-2021-31936 Microsoft Unspecified vulnerability in Microsoft Accessibility Insights for web

Microsoft Accessibility Insights for Web Information Disclosure Vulnerability

4.3
2021-05-11 CVE-2021-21648 Jenkins Cross-Site Scripting vulnerability in Jenkins Credentials

Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.

4.3
2021-05-11 CVE-2021-31537 Sisinformatik Cross-Site Scripting vulnerability in Sisinformatik Sis-Rewe GO 7.5.0/7.7

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).

4.3
2021-05-11 CVE-2021-21990 Vmware Cross-Site Scripting vulnerability in VMWare Workspace ONE Unified Endpoint Management

VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability.

4.3
2021-05-11 CVE-2021-32561 Octoprint Cross-Site Scripting vulnerability in Octoprint

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.

4.3
2021-05-11 CVE-2020-35438 KK Star Ratings Project Cross-Site Scripting vulnerability in KK Star Ratings Project KK Star Ratings

Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5.

4.3
2021-05-11 CVE-2021-31911 Jetbrains Cross-Site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.

4.3
2021-05-11 CVE-2021-31903 Jetbrains Cross-Site Scripting vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.

4.3
2021-05-11 CVE-2021-31904 Jetbrains Cross-Site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.

4.3
2021-05-10 CVE-2020-23369 Yzmcms Cross-Site Scripting vulnerability in Yzmcms 5.6

In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.

4.3
2021-05-10 CVE-2020-23371 5None Cross-Site Scripting vulnerability in 5None Nonecms 1.3.0

Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.

4.3
2021-05-10 CVE-2020-23376 5None Cross-Site Request Forgery (CSRF) vulnerability in 5None Nonecms 1.3.0

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack.

4.3
2021-05-10 CVE-2020-18102 Hotels Server Project Cross-Site Scripting vulnerability in Hotels Server Project Hotels Server 1.0

Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".

4.3
2021-05-10 CVE-2021-20577 IBM Cross-Site Scripting vulnerability in IBM Cloud PAK for Security 1.5.0.0/1.5.0.1

IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting.

4.3
2021-05-10 CVE-2021-20717 EC Cube Cross-Site Scripting vulnerability in Ec-Cube

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE.

4.3
2021-05-10 CVE-2021-3003 Agenziaentrate Cleartext Transmission of Sensitive Information vulnerability in Agenziaentrate Desktop Telematico 1.0.0

Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleartext HTTP, which allows man-in-the-middle attackers to spoof product updates.

4.3
2021-05-16 CVE-2021-29041 Liferay Unspecified vulnerability in Liferay DXP 7.0

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.

4.0
2021-05-14 CVE-2020-4811 IBM Improper Input Validation vulnerability in IBM Cloud PAK for Security

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation.

4.0
2021-05-14 CVE-2020-27149 Moxa Unspecified vulnerability in Moxa products

By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed.

4.0
2021-05-14 CVE-2021-24279 Querysol Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress repository.

4.0
2021-05-14 CVE-2021-24281 Querysol Incorrect Authorization vulnerability in Querysol Redirection for Contact Form 7

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site.

4.0
2021-05-13 CVE-2020-23995 Ilias Information Exposure vulnerability in Ilias

An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.

4.0
2021-05-13 CVE-2021-29506 Graphhopper Resource Exhaustion vulnerability in Graphhopper

GraphHopper is an open-source Java routing engine.

4.0
2021-05-13 CVE-2021-22139 Elastic Resource Exhaustion vulnerability in Elastic Kibana

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size.

4.0
2021-05-13 CVE-2020-25713 Librdf
Fedoraproject
Heap-Based Buffer Overflow vulnerability in multiple products

A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.

4.0
2021-05-13 CVE-2021-20250 Redhat Information Exposure vulnerability in Redhat Jboss-Ejb-Client

A flaw was found in wildfly.

4.0
2021-05-12 CVE-2021-29511 EVM Project Allocation of Resources Without Limits OR Throttling vulnerability in EVM Project EVM

evm is a pure Rust implementation of Ethereum Virtual Machine.

4.0
2021-05-12 CVE-2021-31339 Mendix Information Exposure Through AN Error Message vulnerability in Mendix Excel Importer

A vulnerability has been identified in Mendix Excel Importer Module (All versions < V9.0.3).

4.0
2021-05-12 CVE-2021-31341 Mendix Information Exposure Through AN Error Message vulnerability in Mendix Database Replication

Uploading a table mapping using a manipulated XML file results in an exception that could expose information about the application-server and the used XML-framework on the Mendix Database Replication Module (All versions prior to v7.0.1).

4.0
2021-05-11 CVE-2021-31173 Microsoft Information Exposure vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Information Disclosure Vulnerability

4.0
2021-05-11 CVE-2020-4536 IBM Information Exposure Through AN Error Message vulnerability in IBM Openpages GRC Platform

IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.0
2021-05-11 CVE-2020-20265 Mikrotik Reachable Assertion vulnerability in Mikrotik Routeros

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process.

4.0
2021-05-11 CVE-2020-20267 Mikrotik Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mikrotik Routeros

Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process.

4.0
2021-05-11 CVE-2021-21651 Jenkins Missing Authorization vulnerability in Jenkins S3 Publisher

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles.

4.0
2021-05-11 CVE-2021-21653 Jenkins Missing Authorization vulnerability in Jenkins Xray - Test Management for Jira

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.0
2021-05-11 CVE-2021-21654 Jenkins Missing Authorization vulnerability in Jenkins P4

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.

4.0
2021-05-11 CVE-2021-27617 SAP Resource Exhaustion vulnerability in SAP Process Integration

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source.

4.0
2021-05-11 CVE-2021-27618 SAP Unrestricted Upload of File With Dangerous Type vulnerability in SAP Process Integration

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source.

4.0
2021-05-11 CVE-2021-27619 SAP Improper Input Validation vulnerability in SAP Commerce

SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them.

4.0
2021-05-11 CVE-2021-32560 Octoprint Unspecified vulnerability in Octoprint

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.

4.0
2021-05-11 CVE-2021-31906 Jetbrains Unspecified vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.

4.0
2021-05-10 CVE-2021-29502 Warnsystem Project Injection vulnerability in Warnsystem Project Warnsystem

WarnSystem is a cog (plugin) for the Red discord bot.

4.0
2021-05-10 CVE-2021-29501 DAV Cogs Project Injection vulnerability in Dav-Cogs Project Dav-Cogs

Ticketer is a command based ticket system cog (plugin) for the red discord bot.

4.0
2021-05-10 CVE-2021-32056 Cyrus Incorrect Permission Assignment for Critical Resource vulnerability in Cyrus Imap

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.

4.0

120 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2021-05-14 CVE-2021-29532 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29553 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29559 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29560 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29569 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29570 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29582 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29590 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29601 Google Integer Overflow OR Wraparound vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-14 CVE-2021-29613 Google Improper Initialization vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

3.6
2021-05-13 CVE-2021-22136 Elastic Insufficient Session Expiration vulnerability in Elastic Kibana

In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected.

3.6
2021-05-12 CVE-2021-3457 Theforeman Incorrect Authorization vulnerability in Theforeman Smart Proxy Shell Hooks

An improper authorization handling flaw was found in Foreman.

3.6
2021-05-11 CVE-2021-27614 SAP Injection vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE

SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application.

3.6
2021-05-15 CVE-2020-16632 Dedecms Cross-Site Scripting vulnerability in Dedecms 5.7

A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.

3.5
2021-05-14 CVE-2021-32818 Haml Coffee Project Cross-Site Scripting vulnerability in Haml-Coffee Project Haml-Coffee

haml-coffee is a JavaScript templating solution.

3.5
2021-05-14 CVE-2020-18167 Laobancms Cross-Site Scripting vulnerability in Laobancms 2.0

Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu".

3.5
2021-05-14 CVE-2020-23689 Yfcmf Cross-Site Scripting vulnerability in Yfcmf 2.3.1

In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.

3.5
2021-05-14 CVE-2021-24277 Wpuslugi Cross-Site Scripting vulnerability in Wpuslugi RSS for Yandex Turbo

The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues

3.5
2021-05-14 CVE-2021-24283 Pickplugins Cross-Site Scripting vulnerability in Pickplugins Accordion

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.

3.5
2021-05-13 CVE-2021-20331 Mongodb Information Exposure vulnerability in Mongodb C# Driver 2.11.0/2.12.0/2.12.1

Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application.

3.5
2021-05-12 CVE-2020-28722 Deskpro Cross-Site Scripting vulnerability in Deskpro

Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates.

3.5
2021-05-12 CVE-2020-18165 Laobancms Cross-Site Scripting vulnerability in Laobancms 2.0

Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu".

3.5
2021-05-12 CVE-2021-30211 ENG Cross-Site Scripting vulnerability in ENG Knowage 7.3.0

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS).

3.5
2021-05-12 CVE-2021-30212 ENG Cross-Site Scripting vulnerability in ENG Knowage 7.3.0

Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS).

3.5
2021-05-12 CVE-2021-30214 ENG Injection vulnerability in ENG Knowage 7.3.0

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.

3.5
2021-05-11 CVE-2021-28461 Microsoft Cross-Site Scripting vulnerability in Microsoft Dynamics 365

Dynamics Finance and Operations Cross-site Scripting Vulnerability

3.5
2021-05-11 CVE-2021-32573 Express Cart Project Cross-Site Scripting vulnerability in Express-Cart Project Express-Cart

** DISPUTED ** The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options.

3.5
2021-05-11 CVE-2020-4535 IBM Cross-Site Scripting vulnerability in IBM Openpages GRC Platform

IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting.

3.5
2021-05-11 CVE-2021-21649 Jenkins Cross-Site Scripting vulnerability in Jenkins Dashboard View

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.

3.5
2021-05-11 CVE-2021-21650 Jenkins Missing Authorization vulnerability in Jenkins S3 Publisher

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled.

3.5
2021-05-11 CVE-2021-27733 Jetbrains Cross-Site Scripting vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.

3.5
2021-05-11 CVE-2021-31908 Jetbrains Cross-Site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.

3.5
2021-05-11 CVE-2021-3315 Jetbrains Cross-Site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.

3.5
2021-05-11 CVE-2021-30174 Ruiyanai Cross-Site Scripting vulnerability in Ruiyanai Cloudiso

RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.

3.5
2021-05-11 CVE-2021-32544 IGT Project Cross-Site Scripting vulnerability in Igt+ Project Igt+

Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.

3.5
2021-05-10 CVE-2020-23370 Yzmcms Cross-Site Scripting vulnerability in Yzmcms 5.6

In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file.

3.5
2021-05-10 CVE-2020-23373 5None Cross-Site Scripting vulnerability in 5None Nonecms 1.3.0

Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.

3.5
2021-05-10 CVE-2020-23374 5None Cross-Site Scripting vulnerability in 5None Nonecms 1.3.0

Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.

3.5
2021-05-10 CVE-2021-32489 Yubico Integer Overflow OR Wraparound vulnerability in Yubico Yubihsm-Shell

An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3.

3.5
2021-05-10 CVE-2021-20559 IBM Cross-Site Scripting vulnerability in IBM Control Desk 7.6.1.2/7.6.1.3

IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting.

3.5
2021-05-11 CVE-2020-26140 Alfa Injection vulnerability in Alfa Awus036H Firmware 6.1316.1209

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H.

3.3
2021-05-11 CVE-2020-26141 Alfa Improper Validation of Integrity Check Value vulnerability in Alfa Awus036H Firmware 6.1316.1209

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H.

3.3
2021-05-11 CVE-2020-26143 Alfa Improper Input Validation vulnerability in Alfa Awus036H Firmware 1030.36.604

An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH.

3.3
2021-05-11 CVE-2020-26144 Samsung Improper Input Validation vulnerability in Samsung Galaxy I9305 Firmware 4.4.4

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices.

3.3
2021-05-11 CVE-2020-26145 Samsung Improper Input Validation vulnerability in Samsung Galaxy I9305 Firmware 4.4.4

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices.

3.3
2021-05-11 CVE-2020-26147 Linux Unspecified vulnerability in Linux Kernel 5.8.9

An issue was discovered in the Linux kernel 5.8.9.

3.2
2021-05-11 CVE-2020-24586 Ieee
Linux
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network.
2.9
2021-05-11 CVE-2020-24588 Ieee
Linux
Missing Authentication for Critical Function vulnerability in multiple products

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.

2.9
2021-05-11 CVE-2020-26139 Netbsd Improper Authentication vulnerability in Netbsd 7.1

An issue was discovered in the kernel in NetBSD 7.1.

2.9
2021-05-11 CVE-2020-26146 Samsung Improper Input Validation vulnerability in Samsung Galaxy I9305 Firmware 4.4.4

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices.

2.9
2021-05-10 CVE-2020-13529 Freedesktop Authentication Bypass BY Spoofing vulnerability in Freedesktop Systemd 245

An exploitable denial-of-service vulnerability exists in Systemd 245.

2.9
2021-05-14 CVE-2021-29516 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29517 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29519 Google Type Confusion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29521 Google Incorrect Calculation of Buffer Size vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29522 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29523 Google Integer Overflow OR Wraparound vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29524 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29526 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29527 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29528 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29531 Google Improper Check for Unusual OR Exceptional Conditions vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29533 Google Improper Check for Unusual OR Exceptional Conditions vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29534 Google Improper Check for Unusual OR Exceptional Conditions vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29538 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29539 Google Incorrect Conversion Between Numeric Types vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29541 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29542 Google Incorrect Calculation of Buffer Size vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29543 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29544 Google Improper Check for Unusual OR Exceptional Conditions vulnerability in Google Tensorflow 2.4.0/2.4.1

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29545 Google Incorrect Calculation of Buffer Size vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29547 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29548 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29549 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29550 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29551 Google Out-Of-Bounds Read vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29552 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29555 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29556 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29557 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29561 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29562 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29563 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29564 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29565 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29567 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29572 Google Null Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29573 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29575 Google Classic Buffer Overflow vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29580 Google USE of Uninitialized Resource vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29581 Google USE of Uninitialized Resource vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29584 Google Integer Overflow OR Wraparound vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29602 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29604 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29605 Google Integer Overflow OR Wraparound vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29611 Google Improper Input Validation vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29615 Google Uncontrolled Recursion vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29617 Google Improper Handling of Exceptional Conditions vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29618 Google Improper Handling of Exceptional Conditions vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29619 Google Improper Handling of Exceptional Conditions vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-29554 Google Divide BY Zero vulnerability in Google Tensorflow

TensorFlow is an end-to-end open source platform for machine learning.

2.1
2021-05-14 CVE-2021-20391 IBM Insecure Storage of Sensitive Information vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system.

2.1
2021-05-13 CVE-2021-23906 Mercedes Benz Improper Input Validation vulnerability in Mercedes-Benz User Experience

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021.

2.1
2021-05-13 CVE-2021-20221 Qemu
Redhat
Debian
Out-Of-Bounds Write vulnerability in multiple products

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform.

2.1
2021-05-13 CVE-2020-27830 Linux
Debian
Null Pointer Dereference vulnerability in multiple products

A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.

2.1
2021-05-13 CVE-2020-14354 C Ares Project
Fedoraproject
Classic Buffer Overflow vulnerability in multiple products

A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing.

2.1
2021-05-13 CVE-2021-22152 Blackberry Improper Input Validation vulnerability in Blackberry Unified Endpoint Management

A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.

2.1
2021-05-12 CVE-2021-23135 Linuxfoundation Exposure of Resource TO Wrong Sphere vulnerability in Linuxfoundation Argo Continuous Delivery

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs.

2.1
2021-05-11 CVE-2021-28479 Microsoft Information Exposure vulnerability in Microsoft products

Windows CSC Service Information Disclosure Vulnerability

2.1
2021-05-11 CVE-2021-31171 Microsoft Information Exposure vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Information Disclosure Vulnerability

2.1
2021-05-11 CVE-2021-31174 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Excel Information Disclosure Vulnerability

2.1
2021-05-11 CVE-2021-31184 Microsoft Information Exposure vulnerability in Microsoft products

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability

2.1
2021-05-11 CVE-2021-31185 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

Windows Desktop Bridge Denial of Service Vulnerability

2.1
2021-05-11 CVE-2021-31188 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31170.

2.1
2021-05-11 CVE-2021-31191 Microsoft Information Exposure vulnerability in Microsoft products

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability

2.1
2021-05-11 CVE-2021-26309 Jetbrains Exposure of Resource TO Wrong Sphere vulnerability in Jetbrains Teamcity

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.

2.1
2021-05-10 CVE-2021-21430 Openapi Generator Improper Privilege Management vulnerability in Openapi-Generator Openapi Generator

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec.

2.1
2021-05-10 CVE-2020-28588 Linux Incorrect Conversion Between Numeric Types vulnerability in Linux Kernel 5.10/5.4.66/5.9.8

An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66.

2.1
2021-05-10 CVE-2021-25645 Couchbase Cleartext Storage of Sensitive Information vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1.

2.1
2021-05-11 CVE-2020-24587 Ieee
Linux
Inadequate Encryption Strength vulnerability in multiple products

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key.

1.8