Free Cyber Threat Intelligence Feed - Hackerpom Threat Feed

----Vulners.com High Sev. Last 3 Days----

----NVD Last 3 Days----

CVE#: CVE-2017-20004 Published Date: 2021-04-14 CVSS: NO CVSS Description: In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.

CVE#: CVE-2018-19942 Published Date: 2021-04-16 CVSS: NO CVSS Description: A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later)

CVE#: CVE-2018-25008 Published Date: 2021-04-14 CVSS: NO CVSS Description: In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.

CVE#: CVE-2020-19778 Published Date: 2021-04-14 CVSS: NO CVSS Description: Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request.

CVE#: CVE-2020-21087 Published Date: 2021-04-14 CVSS: 2.7 Description: Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.

CVE#: CVE-2020-21088 Published Date: 2021-04-14 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"

CVE#: CVE-2020-2509 Published Date: 2021-04-17 CVSS: NO CVSS Description: A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and later

CVE#: CVE-2020-27237 Published Date: 2021-04-15 CVSS: NO CVSS Description: An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE#: CVE-2020-27238 Published Date: 2021-04-15 CVSS: NO CVSS Description: An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE#: CVE-2020-27239 Published Date: 2021-04-15 CVSS: NO CVSS Description: An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE#: CVE-2020-28124 Published Date: 2021-04-14 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.

CVE#: CVE-2020-28592 Published Date: 2021-04-15 CVSS: NO CVSS Description: A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE#: CVE-2020-28593 Published Date: 2021-04-15 CVSS: NO CVSS Description: A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.

CVE#: CVE-2020-28898 Published Date: 2021-04-15 CVSS: NO CVSS Description: In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation.

CVE#: CVE-2020-29592 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).

CVE#: CVE-2020-29593 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.

CVE#: CVE-2020-35418 Published Date: 2021-04-14 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.

CVE#: CVE-2020-35419 Published Date: 2021-04-14 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.

CVE#: CVE-2020-35660 Published Date: 2021-04-14 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.

CVE#: CVE-2020-36120 Published Date: 2021-04-14 CVSS: 3.6 Description: Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).

CVE#: CVE-2020-36195 Published Date: 2021-04-17 CVSS: NO CVSS Description: An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later

CVE#: CVE-2020-36288 Published Date: 2021-04-15 CVSS: NO CVSS Description: The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused by parameter pollution.

CVE#: CVE-2020-36322 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.

CVE#: CVE-2020-36323 Published Date: 2021-04-14 CVSS: NO CVSS Description: In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.

CVE#: CVE-2020-7269 Published Date: 2021-04-15 CVSS: NO CVSS Description: Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.

CVE#: CVE-2020-7270 Published Date: 2021-04-15 CVSS: NO CVSS Description: Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.

CVE#: CVE-2020-7308 Published Date: 2021-04-15 CVSS: NO CVSS Description: Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining control of an intermediate DNS server or altering the network DNS configuration, it is possible for an attacker to intercept requests and send their own responses.

CVE#: CVE-2020-9667 Published Date: 2021-04-16 CVSS: 5.9 Description: Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.

CVE#: CVE-2020-9668 Published Date: 2021-04-16 CVSS: 4.2 Description: Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.

CVE#: CVE-2020-9681 Published Date: 2021-04-16 CVSS: 5.9 Description: Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.

CVE#: CVE-2021-0488 Published Date: 2021-04-15 CVSS: NO CVSS Description: In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178754781

CVE#: CVE-2021-20288 Published Date: 2021-04-15 CVSS: NO CVSS Description: An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE#: CVE-2021-20491 Published Date: 2021-04-16 CVSS: NO CVSS Description: IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.

CVE#: CVE-2021-21087 Published Date: 2021-04-15 CVSS: 3.4 Description: Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction.

CVE#: CVE-2021-21091 Published Date: 2021-04-15 CVSS: 1.4 Description: Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds read vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE#: CVE-2021-21092 Published Date: 2021-04-15 CVSS: 5.9 Description: Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE#: CVE-2021-21093 Published Date: 2021-04-15 CVSS: 5.9 Description: Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE#: CVE-2021-21094 Published Date: 2021-04-15 CVSS: 5.9 Description: Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE#: CVE-2021-21095 Published Date: 2021-04-15 CVSS: 5.9 Description: Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Out-of-bounds write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE#: CVE-2021-21096 Published Date: 2021-04-15 CVSS: 4.2 Description: Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction.

CVE#: CVE-2021-21100 Published Date: 2021-04-15 CVSS: 5.9 Description: Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE#: CVE-2021-21405 Published Date: 2021-04-15 CVSS: NO CVSS Description: Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.

CVE#: CVE-2021-22539 Published Date: 2021-04-16 CVSS: NO CVSS Description: An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above.

CVE#: CVE-2021-22879 Published Date: 2021-04-14 CVSS: NO CVSS Description: Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.

CVE#: CVE-2021-23884 Published Date: 2021-04-15 CVSS: NO CVSS Description: Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.

CVE#: CVE-2021-23886 Published Date: 2021-04-15 CVSS: NO CVSS Description: Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory.

CVE#: CVE-2021-23887 Published Date: 2021-04-15 CVSS: NO CVSS Description: Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.

CVE#: CVE-2021-24028 Published Date: 2021-04-14 CVSS: NO CVSS Description: An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

CVE#: CVE-2021-25314 Published Date: 2021-04-14 CVSS: NO CVSS Description: A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.

CVE#: CVE-2021-25316 Published Date: 2021-04-14 CVSS: NO CVSS Description: A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.

CVE#: CVE-2021-26030 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page

CVE#: CVE-2021-26031 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.

CVE#: CVE-2021-26073 Published Date: 2021-04-16 CVSS: NO CVSS Description: Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Express versions between 3.0.2 - 6.5.0 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

CVE#: CVE-2021-26074 Published Date: 2021-04-16 CVSS: NO CVSS Description: Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 - 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app.

CVE#: CVE-2021-26075 Published Date: 2021-04-15 CVSS: NO CVSS Description: The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.

CVE#: CVE-2021-26076 Published Date: 2021-04-15 CVSS: NO CVSS Description: The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https.

CVE#: CVE-2021-26582 Published Date: 2021-04-15 CVSS: NO CVSS Description: A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).

CVE#: CVE-2021-26805 Published Date: 2021-04-14 CVSS: NO CVSS Description: Buffer Overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file.

CVE#: CVE-2021-26812 Published Date: 2021-04-14 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.

CVE#: CVE-2021-26827 Published Date: 2021-04-14 CVSS: NO CVSS Description: Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router.

CVE#: CVE-2021-26830 Published Date: 2021-04-16 CVSS: NO CVSS Description: SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.

CVE#: CVE-2021-26832 Published Date: 2021-04-14 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site.

CVE#: CVE-2021-27112 Published Date: 2021-04-15 CVSS: NO CVSS Description: LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEditorController.php during the downloading of external images.

CVE#: CVE-2021-27113 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.

CVE#: CVE-2021-27114 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/addassignment route, a very long text entry for the"'s_ip" and "s_mac" fields could lead to a Stack-Based Buffer Overflow and overwrite the return address.

CVE#: CVE-2021-27129 Published Date: 2021-04-15 CVSS: NO CVSS Description: CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.

CVE#: CVE-2021-27130 Published Date: 2021-04-14 CVSS: NO CVSS Description: Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.

CVE#: CVE-2021-27180 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.

CVE#: CVE-2021-27181 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the value of the anti-CSRF token, the attacker may trick the user into visiting his malicious page and performing any request with the privileges of attacked user.

CVE#: CVE-2021-27182 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.

CVE#: CVE-2021-27183 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead to Remote Code Execution.

CVE#: CVE-2021-27246 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306.

CVE#: CVE-2021-27247 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-11907.

CVE#: CVE-2021-27248 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the getpage parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10932.

CVE#: CVE-2021-27249 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369.

CVE#: CVE-2021-27250 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. When parsing the errorpage request parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11856.

CVE#: CVE-2021-27251 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The specific flaw exists within handling of firmware updates. The issue results from a fallback to a insecure protocol to deliver updates. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12308.

CVE#: CVE-2021-27252 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.

CVE#: CVE-2021-27253 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.

CVE#: CVE-2021-27258 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.

CVE#: CVE-2021-27259 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12021.

CVE#: CVE-2021-27260 Published Date: 2021-04-14 CVSS: NO CVSS Description: This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12068.

CVE#: CVE-2021-27288 Published Date: 2021-04-14 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.

CVE#: CVE-2021-27394 Published Date: 2021-04-16 CVSS: NO CVSS Description: A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.

CVE#: CVE-2021-27544 Published Date: 2021-04-15 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter.

CVE#: CVE-2021-27545 Published Date: 2021-04-15 CVSS: NO CVSS Description: SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to obtain sensitive database information by injecting SQL commands into the "sername" parameter.

CVE#: CVE-2021-27599 Published Date: 2021-04-14 CVSS: NO CVSS Description: SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.

CVE#: CVE-2021-27604 Published Date: 2021-04-14 CVSS: NO CVSS Description: In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.

CVE#: CVE-2021-27608 Published Date: 2021-04-14 CVSS: NO CVSS Description: An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability.

CVE#: CVE-2021-27672 Published Date: 2021-04-15 CVSS: NO CVSS Description: SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.

CVE#: CVE-2021-27673 Published Date: 2021-04-15 CVSS: NO CVSS Description: Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.

CVE#: CVE-2021-27691 Published Date: 2021-04-16 CVSS: NO CVSS Description: Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.

CVE#: CVE-2021-27692 Published Date: 2021-04-16 CVSS: NO CVSS Description: Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.

CVE#: CVE-2021-27705 Published Date: 2021-04-14 CVSS: NO CVSS Description: Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit.

CVE#: CVE-2021-27706 Published Date: 2021-04-14 CVSS: NO CVSS Description: Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter "IPMacBindIndex" to strcpy without limit.

CVE#: CVE-2021-27707 Published Date: 2021-04-14 CVSS: NO CVSS Description: Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without limit.

CVE#: CVE-2021-27708 Published Date: 2021-04-14 CVSS: NO CVSS Description: Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.

CVE#: CVE-2021-27710 Published Date: 2021-04-14 CVSS: NO CVSS Description: Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.

CVE#: CVE-2021-27815 Published Date: 2021-04-14 CVSS: NO CVSS Description: NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.

CVE#: CVE-2021-27850 Published Date: 2021-04-15 CVSS: NO CVSS Description: A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.

CVE#: CVE-2021-27989 Published Date: 2021-04-14 CVSS: 2.7 Description: Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.

CVE#: CVE-2021-27990 Published Date: 2021-04-14 CVSS: NO CVSS Description: Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.

CVE#: CVE-2021-28048 Published Date: 2021-04-14 CVSS: NO CVSS Description: An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page.

CVE#: CVE-2021-28055 Published Date: 2021-04-15 CVSS: NO CVSS Description: An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.

CVE#: CVE-2021-28060 Published Date: 2021-04-14 CVSS: NO CVSS Description: A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.

CVE#: CVE-2021-28098 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking.

CVE#: CVE-2021-28157 Published Date: 2021-04-14 CVSS: NO CVSS Description: An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete.

CVE#: CVE-2021-28242 Published Date: 2021-04-15 CVSS: NO CVSS Description: SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.

CVE#: CVE-2021-28300 Published Date: 2021-04-14 CVSS: NO CVSS Description: NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.

CVE#: CVE-2021-28484 Published Date: 2021-04-14 CVSS: NO CVSS Description: An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which can lead to a state where yubihsm-connector becomes stuck in a loop waiting for the YubiHSM to send it data, preventing any further operations until the yubihsm-connector is restarted. An attacker can send 0, 1, or 2 bytes to trigger this.

CVE#: CVE-2021-28548 Published Date: 2021-04-15 CVSS: 5.9 Description: Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE#: CVE-2021-28549 Published Date: 2021-04-15 CVSS: NO CVSS Description: Adobe Photoshop versions 21.2.6 (and earlier) and 22.3 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted JSX file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE#: CVE-2021-28797 Published Date: 2021-04-14 CVSS: NO CVSS Description: A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (and later) for ARM CPU NAS (64bit OS) and x86 CPU NAS (64bit OS) Surveillance Station 5.1.5.3.3 (and later) for ARM CPU NAS (32bit OS) and x86 CPU NAS (32bit OS)

CVE#: CVE-2021-28825 Published Date: 2021-04-14 CVSS: NO CVSS Description: The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition: versions 1.3.0 and below.

CVE#: CVE-2021-28826 Published Date: 2021-04-14 CVSS: NO CVSS Description: The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition: versions 1.3.0 and below and TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Enterprise Edition: versions 1.3.0 and below.

CVE#: CVE-2021-28855 Published Date: 2021-04-14 CVSS: NO CVSS Description: In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).

CVE#: CVE-2021-28856 Published Date: 2021-04-14 CVSS: NO CVSS Description: In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.

CVE#: CVE-2021-29338 Published Date: 2021-04-14 CVSS: NO CVSS Description: Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.

CVE#: CVE-2021-29430 Published Date: 2021-04-15 CVSS: NO CVSS Description: Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it makes to remote Matrix homeservers. A malicious homeserver could return a very large response, again leading to memory exhaustion and denial of service. This affects any server which accepts registration requests from untrusted clients. This issue has been patched by releases 89071a1, 0523511, f56eee3. As a workaround request sizes can be limited in an HTTP reverse-proxy. There are no known workarounds for the problem with overlarge responses.

CVE#: CVE-2021-29431 Published Date: 2021-04-15 CVSS: NO CVSS Description: Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform an internal port enumeration. This issue has been addressed in in 9e57334, 8936925, 3d531ed, 0f00412. A potential workaround would be to use a firewall to ensure that Sydent cannot reach internal HTTP resources.

CVE#: CVE-2021-29432 Published Date: 2021-04-15 CVSS: NO CVSS Description: Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.

CVE#: CVE-2021-29433 Published Date: 2021-04-15 CVSS: NO CVSS Description: ### Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. ### Patches Fixed by 3175fd3. ### Workarounds There are no known workarounds. ### References n/a ### For more information If you have any questions or comments about this advisory, email us at security@matrix.org.

CVE#: CVE-2021-29443 Published Date: 2021-04-16 CVSS: NO CVSS Description: jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. A possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `^1.28.1 || ^2.0.5 || >=3.11.4`. Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4. Thanks to Jason from Microsoft Vulnerability Research (MSVR) for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.

CVE#: CVE-2021-29444 Published Date: 2021-04-16 CVSS: NO CVSS Description: jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.

CVE#: CVE-2021-29445 Published Date: 2021-04-16 CVSS: NO CVSS Description: jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.

CVE#: CVE-2021-29446 Published Date: 2021-04-16 CVSS: NO CVSS Description: jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.

CVE#: CVE-2021-29447 Published Date: 2021-04-15 CVSS: NO CVSS Description: Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

CVE#: CVE-2021-29448 Published Date: 2021-04-15 CVSS: NO CVSS Description: Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details.

CVE#: CVE-2021-29449 Published Date: 2021-04-14 CVSS: NO CVSS Description: Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.

CVE#: CVE-2021-29450 Published Date: 2021-04-15 CVSS: NO CVSS Description: Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.

CVE#: CVE-2021-29451 Published Date: 2021-04-16 CVSS: NO CVSS Description: Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.

CVE#: CVE-2021-29452 Published Date: 2021-04-16 CVSS: NO CVSS Description: a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change. Patched in v0.18.2.

CVE#: CVE-2021-29654 Published Date: 2021-04-14 CVSS: NO CVSS Description: AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.

CVE#: CVE-2021-30138 Published Date: 2021-04-15 CVSS: NO CVSS Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE#: CVE-2021-3017 Published Date: 2021-04-14 CVSS: NO CVSS Description: The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.

CVE#: CVE-2021-30209 Published Date: 2021-04-15 CVSS: NO CVSS Description: Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions.

CVE#: CVE-2021-30245 Published Date: 2021-04-15 CVSS: NO CVSS Description: The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is always best practice to be careful opening documents from unknown and unverified sources. The mitigation in Apache OpenOffice 4.1.10 (unreleased) assures that a security warning is displayed giving the user the option of continuing to open the hyperlink.

CVE#: CVE-2021-30459 Published Date: 2021-04-14 CVSS: NO CVSS Description: A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input field of the SQL explain, analyze, or select form.

CVE#: CVE-2021-30477 Published Date: 2021-04-15 CVSS: NO CVSS Description: An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.

CVE#: CVE-2021-30478 Published Date: 2021-04-15 CVSS: NO CVSS Description: An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.

CVE#: CVE-2021-30479 Published Date: 2021-04-15 CVSS: NO CVSS Description: An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.

CVE#: CVE-2021-30487 Published Date: 2021-04-15 CVSS: NO CVSS Description: In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.

CVE#: CVE-2021-30493 Published Date: 2021-04-14 CVSS: NO CVSS Description: Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).

CVE#: CVE-2021-30494 Published Date: 2021-04-14 CVSS: NO CVSS Description: Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).

CVE#: CVE-2021-31152 Published Date: 2021-04-14 CVSS: NO CVSS Description: Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.

CVE#: CVE-2021-31162 Published Date: 2021-04-14 CVSS: 5.9 Description: In the standard library in Rust before 1.53.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

CVE#: CVE-2021-31229 Published Date: 2021-04-15 CVSS: NO CVSS Description: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.

CVE#: CVE-2021-31347 Published Date: 2021-04-16 CVSS: NO CVSS Description: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).

CVE#: CVE-2021-31348 Published Date: 2021-04-16 CVSS: NO CVSS Description: An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).

CVE#: CVE-2021-31402 Published Date: 2021-04-15 CVSS: NO CVSS Description: The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.

CVE#: CVE-2021-31414 Published Date: 2021-04-16 CVSS: NO CVSS Description: The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studio Code allows remote code execution via a crafted workspace configuration.

CVE#: CVE-2021-3243 Published Date: 2021-04-15 CVSS: NO CVSS Description: Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function.

CVE#: CVE-2021-3487 Published Date: 2021-04-15 CVSS: NO CVSS Description: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.