Total
803 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27182 | 1 Altn | 1 Mdaemon | 2021-04-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user. | |||||
| CVE-2020-35775 | 1 Citsmart | 1 Citsmart | 2021-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| CITSmart before 9.1.2.23 allows LDAP Injection. | |||||
| CVE-2021-30057 | 1 Eng | 1 Knowage | 2021-04-08 | 3.5 LOW | 4.8 MEDIUM |
| A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters. | |||||
| CVE-2020-7464 | 1 Freebsd | 1 Freebsd | 2021-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs. | |||||
| CVE-2021-1432 | 1 Cisco | 2 Ios Xe, Ios Xe Sd-wan | 2021-03-29 | 6.9 MEDIUM | 7.3 HIGH |
| A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting arbitrary commands to a file as a lower-privileged user. The commands are then executed on the device by the root user. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | |||||
| CVE-2021-29156 | 1 Forgerock | 1 Openam | 2021-03-29 | 5.0 MEDIUM | 7.5 HIGH |
| ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key. | |||||
| CVE-2021-28963 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2021-03-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters. | |||||
| CVE-2021-21381 | 3 Debian, Fedoraproject, Flatpak | 3 Debian Linux, Fedora, Flatpak | 2021-03-24 | 5.8 MEDIUM | 8.2 HIGH |
| Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit "`Disallow @@ and @@U usage in desktop files`". The follow-up commits "`dir: Reserve the whole @@ prefix`" and "`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`. | |||||
| CVE-2020-36144 | 1 Redash | 1 Redash | 2021-03-24 | 4.3 MEDIUM | 5.3 MEDIUM |
| Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization. | |||||
| CVE-2020-26238 | 1 Cron-utils Project | 1 Cron-utils | 2021-03-23 | 6.8 MEDIUM | 8.1 HIGH |
| Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3. | |||||
| CVE-2020-4851 | 1 Ibm | 1 Spectrum Scale | 2021-03-22 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190450. | |||||
| CVE-2021-21353 | 1 Pugjs | 2 Pug, Pug-code-gen | 2021-03-09 | 6.8 MEDIUM | 9.0 CRITICAL |
| Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade. | |||||
| CVE-2021-27730 | 1 Accellion | 1 Fta | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. | |||||
| CVE-2021-27132 | 1 Sercomm | 2 Agcombo Vd625, Agcombo Vd625 Firmware | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. | |||||
| CVE-2021-21316 | 1 Less-openui5 Project | 1 Less-openui5 | 2021-02-26 | 6.8 MEDIUM | 7.8 HIGH |
| less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources (i.e. `*.less` files) with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library it is an unexpected behavior in the context of OpenUI5 and SAPUI5 development. Especially in the context of UI5 Tooling which relies on less-openui5. An attacker might create a library or theme-library containing a custom control or theme, hiding malicious JavaScript code in one of the .less files. Refer to the referenced GHSA-3crj-w4f5-gwh4 for examples. Starting with Less.js version 3.0.0, the Inline JavaScript feature is disabled by default. less-openui5 however currently uses a fork of Less.js v1.6.3. Note that disabling the Inline JavaScript feature in Less.js versions 1.x, still evaluates code has additional double codes around it. We decided to remove the inline JavaScript evaluation feature completely from the code of our Less.js fork. This fix is available in less-openui5 version 0.10.0. | |||||
| CVE-2020-12873 | 1 Atlassian | 1 Alfresco Enterprise Content Management | 2021-02-25 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. | |||||
| CVE-2020-35564 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code. | |||||
| CVE-2021-20644 | 1 Elecom | 2 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware | 2021-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. | |||||
| CVE-2021-23335 | 1 Is-user-valid Project | 1 Is-user-valid | 2021-02-17 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package is-user-valid are vulnerable to LDAP Injection which can lead to either authentication bypass or information exposure. | |||||
| CVE-2021-21479 | 1 Sap | 1 Scimono | 2021-02-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system. | |||||