Vulnerability Index: Year 2019

Uncontrolled Recursion Loop Vulnerability in Juniper Networks Junos OS Vulnerability: Ineffective Firewall Filter Configuration on EX2300 and EX3400 Series BGP Flowspec Configuration Reachable Assertion Failure Vulnerability Information Disclosure: API and Device Keys Logged in Readable File on Juniper ATP Vulnerability: Inability to Perform IPv6 Extension Header Packet Matching on Juniper Networks Junos OS Uninitialized Function Pointer Dereference Vulnerability in Juniper Networks Junos OS Predictable IP ID Sequence Number Vulnerability in Juniper Networks vMX Series Software Stack-based Buffer Overflow in Junos OS Packet Forwarding Engine Manager (FXPC) Process on QFX5000 Series, EX4300, EX4600 Devices Vulnerability: High Disk I/O Operations Disrupt Communication on EX2300 and EX3400 Series SRX Series Service Gateway UTM HTTP AV Inspection Memory Buffer Exhaustion Vulnerability Junos OS Kernel Crash Vulnerability Denial of Service (DoS) Vulnerability in BGP Auto Discovery for LDP VPLS in Juniper Networks Junos OS Denial of Service (DoS) vulnerability in Juniper Networks Junos OS J-Flow Sampling Malformed Packet Denial of Service Vulnerability Vulnerability: Persistent Dynamic VPN Connections in SRX Series Service Gateway Junos Space Unauthorized Device Deletion Vulnerability Insufficient Validity Checking in Junos Space Application Allows Malicious Image Upload Persistent XSS Vulnerability in Juniper ATP File Upload Menu BGP Tracing DoS Vulnerability in Junos OS Critical Vulnerability: Hard Coded Credentials in Juniper ATP Web Collector Clear Text Logging of Secret Passphrases in Juniper ATP 5.0 Versions Prior to 5.0.4 Critical Vulnerability: Hard Coded Credentials in Juniper ATP Allows Full Control Persistent XSS Vulnerability in Juniper ATP Golden VM Menu Persistent XSS Vulnerability in Juniper ATP Email Collectors Menu Persistent XSS Vulnerability in Juniper ATP RADIUS Configuration Menu Persistent XSS Vulnerability in Juniper ATP Zone Configuration Persistent XSS Vulnerability in Juniper ATP 5.0 Allows for Arbitrary Script Injection and Data Theft Denial of Service (DoS) Vulnerability in Junos BGP Graceful Restart Mechanism Juniper ATP Series Splunk Credentials Exposure Vulnerability Vulnerability: Trivial De-hashing of Passwords in Juniper ATP 5.0 versions prior to 5.0.3 Memory resource consumption vulnerability in Junos OS jdhcpd daemon Plaintext Storage of Organization Authentication Credentials in Log Files Proxy ARP Service Firewall Bypass Vulnerability in Juniper Networks Junos OS Administrative Bypass Vulnerability in Junos OS with Insecure Console Access Silent Ignoring of internal-n Terms in Junos OS Firewall Filter Configuration Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS DHCPv6 Implementation Denial of Service (DoS) Vulnerability in Juniper SRX340/SRX345 Services Gateways Vulnerability: Brute Force Attacks on Junos OS REST API Login Credentials Information Leak and Denial of Service Vulnerability in Junos OS rpcbind Vulnerability: Control Plane Exposure via Loopback Interface on EX4300-MP Series Devices Vulnerability in Juniper Identity Management Service (JIMS) for Windows Allows Firewall Bypass and DoS Attacks Denial of Service Vulnerability in Juniper Networks Junos OS Out-of-Band Management Interface Denial of Service Vulnerability Juniper Networks Junos OS EX4300 Broadcast Storm DoS Vulnerability Persistent Cross-Site Scripting (XSS) Vulnerability in Junos OS J-Web Interface Vulnerability: Multicast Traffic Loopback Filter Bypass on Juniper EX4300 Series Switches Denial of Service (DoS) Vulnerability in Junos OS BGP Graceful Restart SRX1500 Denial of Service Vulnerability SSL-Proxy Feature on Juniper SRX Devices Denial of Service Vulnerability Vulnerability: SRX Series Gateways Crash Due to Misinterpreted Fragmented HTTP Packet Stack-based buffer overflow vulnerability in Junos OS telnet client Improper Certificate Validation in Juniper Networks Junos OS SRX Series Application Identification Signature Update Client SIP ALG Denial of Service Vulnerability in Juniper Networks Junos OS Insufficient Resource Pool Vulnerability in Juniper Networks Junos OS Improper Authorization Vulnerability in Juniper Networks Junos OS Veriexec Subsystem Privilege Escalation Vulnerability in Juniper Networks Junos OS Memory Leak Vulnerability in Juniper Networks Junos OS: DoS via BGP Peered Host Denial of Service (DoS) Vulnerability in Juniper SRX Series Gateways with IPSec Tunnels Privilege Escalation Vulnerability in Junos OS Management Daemon (MGD) Title: Session Fixation Vulnerability in J-Web on Junos OS Allows for Session Hijacking and Unauthorized Access Denial of Service (DoS) vulnerability in Juniper Networks Junos OS Denial of Service (DoS) vulnerability in SRX5000 Series devices with 'set security zones security-zone <zone> tcp-rst' configuration Denial of Service Vulnerability in Juniper Networks Junos OS on MX Series NG-mVPN Service Denial of Service Vulnerability in Juniper Networks Junos OS IPv6 Packet Crash Vulnerability in Juniper Networks Junos OS Denial of Service Vulnerability in Juniper Networks Junos OS on SRX Series Clear text logging of console management port credentials on Juniper Networks Junos OS Privilege Escalation Vulnerability in Juniper Networks Junos OS on NFX Series Vulnerability: Veriexec Subsystem Failure Allows Unauthorized Execution Unprotected Storage of Credentials Vulnerability in Juniper Networks SBR Carrier Insecure File Permissions in PKI Key Export on Junos OS Path Traversal Vulnerability in Juniper Networks Junos OS on NFX150, QFX10K, EX9200, MX, and PTX Series Devices with Next-Generation Routing Engine (NG-RE) PIM-enabled SRX Series Devices Vulnerability: Denial of Service via srxpfe Process Crash Dynamic Application Loader Software Vulnerability: Unauthorized Privilege Escalation via Local Access Path Traversal Vulnerability in Intel(R) System Support Utility for Windows Privilege Escalation Vulnerability in Intel(R) SPS Subsystem Insufficient Access Control Vulnerability in Intel Subsystems: Potential Privilege Escalation via Physical Access Code Injection Vulnerability in Intel(R) CSME and Intel(R) TXE Installer Escalation of Privilege Vulnerability in Intel(R) AMT Subsystem Insufficient Data Sanitization Vulnerability in Intel(R) CSME and SPS Denial of Service Vulnerability in Intel(R) AMT Subsystem Escalation of Privilege Vulnerability in Intel(R) AMT Subsystem Denial of Service Vulnerability in Intel(R) AMT Subsystem Escalation of Privilege Vulnerability in Intel(R) CSME and Intel(R) TXE Subsystems Insufficient Access Control Vulnerability in Intel(R) SPS Subsystem Title: Authentication Bypass Vulnerability in Intel Unite(R) Solution 3.2-3.3 Allows Privilege Escalation Insufficient Session Authentication in Intel(R) Data Center Manager SDK: Potential Privilege Escalation via Network Access Insufficient File Protection in Intel(R) Data Center Manager SDK Install Routine: Potential Information Disclosure Vulnerability Unprotected Uninstall Routine in Intel(R) Data Center Manager SDK Prior to Version 5.0.2 Allows for Local Information Disclosure Privilege Escalation Vulnerability in Intel(R) Data Center Manager SDK Install Routine Privilege Escalation Vulnerability in Intel(R) Data Center Manager SDK Install Routine Insufficient User Prompt in Intel(R) Data Center Manager SDK Install Routine: Potential Privilege Escalation Vulnerability Improper File Permissions in Intel(R) Data Center Manager SDK: Local Access Information Disclosure Vulnerability Privilege Escalation via Improper Folder Permissions in Intel(R) Data Center Manager SDK Insufficient Key Management in Intel(R) Data Center Manager SDK: Local Access Information Disclosure Vulnerability Improper File Permissions in Intel(R) Data Center Manager SDK: Potential Information Disclosure Vulnerability Denial of Service Vulnerability in Intel(R) Data Center Manager SDK Denial of Service Vulnerability in Intel Graphics Drivers Race Condition Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel Graphics Driver Out of Bound Read Vulnerability in Intel Graphics Driver Intel SGX Vulnerability: Insufficient Access Control in Protected Memory Subsystem Buffer Overflow Vulnerability in Intel System Firmware: Privilege Escalation and Denial of Service Risk Insufficient Key Protection Vulnerability in Intel Processors: Potential Denial of Service via Local Access Privilege Escalation Vulnerability in Intel(R) Matrix Storage Manager 8.9.0.1023 and Earlier Double Free Vulnerability in Intel SGX SDK for Linux and Windows Memory Protection Vulnerability in Intel(R) 6th Generation Core Processors and Above: Potential Privilege Escalation via Local Access Memory Protection Vulnerability in Intel(R) 6th Generation Core Processors and Above: Potential Privilege Escalation via Local Access Insufficient Access Control in Intel Xeon Processors' Silicon Reference Firmware: Potential Privilege Escalation and Denial of Service Vulnerability Privilege Escalation and Information Disclosure Vulnerability in Intel(R) OpenVINO(TM) Installer for Linux Privilege Escalation Vulnerability in Intel Chipset Device Software Installer Escalation of Privilege Vulnerability in Intel(R) USB 3.0 Creator Utility Reflected XSS Vulnerability in Intel(R) Accelerated Storage Manager Web Interface Insufficient Input Validation in Intel(R) AMT Subsystem: Potential Denial of Service and Information Disclosure Vulnerability Intel Unite(R) Client Data Corruption Vulnerability Elevated Privilege Execution Vulnerability in Intel(R) Dynamic Platform and Thermal Framework Privilege Escalation Vulnerability in Intel(R) Accelerated Storage Manager Installer Insufficient Access Control in Intel(R) PROSet/Wireless WiFi Software Driver: Potential Denial of Service via Adjacent Access Improper Directory Permissions in Intel(R) ACU Wizard 12.0.0.129 and Earlier: Local Privilege Escalation Vulnerability Firmware Vulnerability in Intel(R) Ethernet 700 Series Controllers: Insufficient Access Control Firmware Vulnerability: Buffer Overflow in Intel Ethernet 700 Series Controllers Privilege Escalation Vulnerability in Intel(R) Ethernet 700 Series Controllers Denial of Service Vulnerability in Intel(R) Ethernet 700 Series Controllers Denial of Service Vulnerability in Intel(R) Ethernet 700 Series Controllers Firmware Buffer Overflow Vulnerability in i40e Driver for Intel(R) Ethernet 700 Series Controllers i40e Driver Resource Leak Vulnerability Denial of Service Vulnerability in i40e Driver for Intel(R) Ethernet 700 Series Controllers i40e Driver Resource Leak Vulnerability Denial of Service Vulnerability in i40e Driver for Intel(R) Ethernet 700 Series Controllers Firmware Vulnerability: Insufficient Access Control in Intel(R) Ethernet 700 Series Controllers Intel(R) TXT Insufficient Memory Protection Vulnerability Vulnerability: Insufficient Memory Protection in SMM and Intel TXT for Intel Xeon Processors Buffer Overflow Vulnerability in Intel(R) CSME 12.0.0 through 12.0.34: Network-based Privilege Escalation Insufficient Access Control in Intel Processor Graphics Subsystem: Potential Denial of Service Vulnerability Insufficient Access Control Vulnerability in Intel Graphics Subsystem Denial of Service Vulnerability in Intel(R) SGX Driver for Linux Privilege Escalation Vulnerability in Intel(R) Graphics Performance Analyzer for Linux Version 18.4 and Earlier Memory Protection Vulnerability in Linux Administrative Tools for Intel(R) Network Adapters EDK II System Firmware Buffer Overflow Vulnerability XHCI Stack Overflow Vulnerability in EDK II: Local Denial of Service Potential Virtual Memory Mapping Vulnerability Title: Insufficient Input Validation in Intel(R) Broadwell U i5 vPro Firmware (MYBDWi5v.86A) Allows Local Privilege Escalation and Information Disclosure Privilege Escalation Vulnerability in Intel(R) Turbo Boost Max Technology 3.0 Driver Installer Denial of Service Vulnerability in Intel(R) CSME Subsystem Intel(R) AMT Subsystem Information Disclosure Vulnerability Insufficient Input Validation in Intel(R) CSME and Intel(R) TXE Subsystems: Potential Information Disclosure via Local Access Heap Overflow Vulnerability in Intel(R) CSME and Intel(R) TXE Buffer Overflow Vulnerability in Intel(R) DAL Subsystem Privilege Escalation Vulnerability in Intel(R) Quartus(R) Software Installer Remote Privilege Escalation Vulnerability in Intel Unite(R) Client for Android Authentication Bypass Vulnerability in Intel(R) Raid Web Console 2 Partial Physical Address Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Intel(R) TXT Vulnerability: Privileged User Information Disclosure via Local Access Protected Memory Subsystem Vulnerability in Intel Processors: Potential Information Disclosure via Local Access Cross-Site Scripting (XSS) Vulnerability in Apache Pluto Chat Room Demo Portlet 3.0.0 and 3.0.1 Unauthenticated Remote Code Execution (RCE) Vulnerability in JMeter Distributed Mode XML External Entity Injection (XXE) Vulnerability in Apache Camel's camel-xmljson Component Java Deserialization Remote Code Execution in Apache Ofbiz Denial of Service Vulnerability in mod_ssl with Apache HTTP Server 2.4.37 and OpenSSL 1.1.1 or later Apache Karaf Zip-slip Vulnerability Remote Code Execution via Unsafe Deserialization in Apache Solr's Config API Apache Solr DataImportHandler dataConfig Parameter Security Vulnerability Directory Traversal Vulnerability in Apache Camel's File Component Classpath Asset File URL Manipulation and Java Deserialization Attack via Tapestry Form Component Apache HTTP Server 2.4.17 to 2.4.38 - Memory Access Vulnerability in HTTP/2 Request Handling HTTP/2 Upgrade Request Misconfiguration Vulnerability Excessive SETTINGS Frames and Thread Exhaustion DoS Vulnerability in Apache Tomcat Apache Qpid Broker-J Denial of Service Vulnerability Unauthenticated Disclosure of Digest Authentication Hash in Apache ZooKeeper Apache Storm Logviewer Daemon File Disclosure Vulnerability Apache Subversion Protocol Command Vulnerability Root-level Code Execution Vulnerability in Apache Mesos Endless Loop Vulnerability in Apache Thrift Versions up to 0.12.0 Path Traversal Vulnerability in Tapestry Asset Processing Panic Vulnerability in Apache Thrift Go Server with TJSONProtocol or TSimpleJSONProtocol Privilege Escalation Vulnerability in Apache HTTP Server 2.4 Improper Authorization Handling in Apache HBase REST Server with Kerberos and SPNEGO Authentication Stored XSS Vulnerability in Apache Archiva Arbitrary File Write Vulnerability in Apache Archiva 2.0.0 - 2.2.3 Bypassing Access Control Restrictions in Apache HTTP Server 2.4 with mod_ssl Arbitrary JavaScript Execution via Airflow Metadata Database Manipulation Race Condition in mod_auth_digest Allows Authentication Bypass Reflected XSS Vulnerability in Pony Mail Interface: Exploiting Specially Crafted URLs Cross-Site Scripting (XSS) Vulnerability in InAppBrowser WebView on Android Multiple Consecutive Slashes Vulnerability in Apache HTTP Server XSS Vulnerability in Apache Tomcat's SSI printenv Command Apache ActiveMQ Unmarshalling Vulnerability Apache Qpid Proton TLS Vulnerability Cross-Site Scripting (XSS) Vulnerability in Apache JSPWiki 2.9.0 to 2.11.0.M2 Arbitrary File Access Vulnerability in Apache JSPWiki 2.9.0 to 2.11.0.M2 Apache Karaf Config Service Directory Traversal and File Overwrite Vulnerability Apache Axis 1.4 Server Side Request Forgery (SSRF) Vulnerability XML External Entity (XXE) Vulnerability in Apache PDFBox 2.0.14 Cross-Site Request Forgery Vulnerability in Airflow Webserver Apache Struts 2 Forced Double OGNL Evaluation Remote Code Execution Vulnerability Apache MINA SSL/TLS Connection Retention Vulnerability Remote Code Execution Vulnerability in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 Apache Struts 2.0.0 to 2.5.20 File Upload Denial of Service Vulnerability Apache Roller Math Comment Authenticator Reflected Cross-site Scripting (XSS) Vulnerability CSRF Vulnerability in Apache OFBiz 17.12.01 Cross-Site Scripting (XSS) Vulnerability in SAP Commerce (previously SAP Hybris Commerce) Denial of Service Vulnerability in SAP Business Objects Mobile for Android (before 6.3.5) Denial of Service Vulnerability in SAP Work and Inventory Manager (Agentry_SDK) Privilege Escalation Vulnerability in SAP BW/4HANA Cross-Site Scripting (XSS) Vulnerability in SAP CRM WebClient UI Cross-Site Scripting (XSS) Vulnerability in SAP CRM WebClient UI Unauthenticated Access to SAP Cloud Connector Functionalities Code Injection Vulnerability in SAP Cloud Connector (CVE-2021-12345) SAP Gateway Information Disclosure Vulnerability SAP Landscape Management (VCM 3.0) Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Fiori Launchpad Cross-Site Scripting (XSS) Vulnerability in SAP Disclosure Management (before version 10.1 Stack 1301) SAP NetWeaver AS ABAP Platform Privilege Escalation Vulnerability SAP Business One Mobile Android App Information Disclosure Vulnerability Privilege Escalation in SAP NetWeaver AS ABAP Platform Privilege Escalation Vulnerability in SAP Disclosure Management 10.01 Arbitrary File Upload Vulnerability in SAP BusinessObjects (Visual Difference) Authentication Bypass Vulnerability in SAP HANA Extended Application Services, Advanced Model (XS Advanced) SAP WebIntelligence BILaunchPad XSS Vulnerability SLD Registration Denial of Service Vulnerability SAP HANA XS Advanced Credential Leakage Vulnerability Lack of Anti-XSRF Tokens in SAP Manufacturing Integration and Intelligence Servlet XML External Entity (XXE) Injection Vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC Module) Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) Versions 4.10 and 4.20 Privilege Escalation Vulnerability in SAP NetWeaver and ABAP Platform XML External Entity (XEE) Vulnerability in ABAP Server and ABAP Platform Denial of Service Vulnerability in SAP Mobile Platform SDK Cross-Site Scripting (XSS) Vulnerability in SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS) Inadequate Authorization Check in SAP Banking Services: Privilege Escalation Vulnerability XML External Entity (XXE) Vulnerability in SAP HANA Extended Application Services Information Disclosure in SAP NetWeaver Process Integration Monitoring Servlet Privilege Escalation in SAP BASIS Function Modules Privilege Escalation in SAP Treasury and Risk Management Cross-Site Scripting (XSS) Vulnerability in SAPUI5 and OpenUI5 Unauthenticated Access to SAP NetWeaver Process Integration (Runtime Workbench) Exposes Internal Data Digital Signature Spoofing Vulnerability in SAP NetWeaver Process Integration (Adapter Engine) XML External Entity (XXE) Vulnerability in SAP HANA SLD Registration Sensitive Database Information Disclosure in SAP Crystal Reports for Visual Studio SAP BusinessObjects Business Intelligence Platform Information Disclosure Vulnerability Unauthorized Information Access in SAP BusinessObjects Business Intelligence Platform Unauthorized Information Access in Solution Manager 7.2 Privilege Escalation in RFC Destination Access Cross-Site Scripting (XSS) Vulnerability in SAP E-Commerce Application SAP Identity Management REST Interface Version 2 Privilege Escalation Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform FTP Function Code Injection Vulnerability in SAP NetWeaver AS ABAP Platform Clickjacking Vulnerability in SAP NetWeaver Process Integration JSPs SAP HANA Extended Application Services (advanced model) User Enumeration Vulnerability Unencrypted Storage of Credentials in Diagnostics Agent in Solution Manager 7.2 Code Injection Vulnerability in SAP E-Commerce Allows Price Manipulation and Unauthorized Checkout Cross-Site Scripting (XSS) Vulnerability in Automotive Dealer Portal of SAP R/3 Enterprise Application Unprotected SAP NetWeaver Process Integration Web Pages Vulnerability Denial of Service Vulnerability in SAP Work Manager and SAP Inventory Manager FTP Password Disclosure Vulnerability in SAP NetWeaver Process Integration Reflected Cross Site Scripting Vulnerability in SAP NetWeaver Process Integration Information Disclosure Vulnerability in SAP NetWeaver Application Server for Java (Startup Framework) SAP Gateway Content Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in ABAP Server and ABAP Platform (SAP Basis) Versions 7.31, 7.4, 7.5 Denial of Service Vulnerability in SAP Commerce Cloud Unauthorized Access to Payroll Data in SAP ERP HCM (SAP_HRCES) Version 3 Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) File Upload Vulnerability in SAP NetWeaver for Java Application Server Privilege Escalation in ABAP Tests Modules of SAP NetWeaver Process Integration Cross-Site Scripting (XSS) Vulnerability in SAP Information Steward 4.2 Code Injection Vulnerability in SAP Diagnostic Agent (LM-Service) 7.2 Information Disclosure Vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace) Cross-Site Scripting (XSS) Vulnerability in SAP BusinessObjects Business Intelligence Platform (Info View) Information Disclosure Vulnerability in SAP BusinessObjects Business Intelligence Platform Stored Cross Site Scripting and Privilege Escalation via Session Hijacking in SAP BusinessObjects Business Intelligence Platform Stored Cross Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform (Central Management Console) Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Process Integration Java Proxy Runtime Improper HTTP Header Configuration in SAP Gateway Allows Information Disclosure Missing XML Validation Vulnerability in SAP Enable Now (pre-1902 version) Allows Local XXE File Read Session Cookie Vulnerability in SAP Enable Now (Version 1902) Allows Unauthorized Access Code Injection Vulnerability in SAP Commerce Cloud (Mediaconversion Extension) Unsafe Deserialization Vulnerability in SAP Commerce Cloud (VirtualJDBC Extension) Allows Arbitrary Code Execution Server-Side Request Forgery in SAP NetWeaver Application Server for Java (Administrator System Overview) Unencrypted Communication Vulnerability in SAP Business Objects BI Platform 4.2 Leads to Information Disclosure Unencrypted Connection Vulnerability in SAP BusinessObjects Business Intelligence Platform Missing Authorization Check in SAP Kernel (ABAP Debugger) SAP HANA Database Denial of Service Vulnerability Remote Code Execution Vulnerability in SAP NetWeaver UDDI Server (Services Registry) Caching Vulnerability in SAP Business Objects Business Intelligence Platform SAP Business One Client Information Disclosure Vulnerability Code Injection Vulnerability in SAP NetWeaver Application Server Java Web Container and SAP-JEECOR SAP NetWeaver Process Integration Runtime Workbench Information Disclosure Vulnerability SAP HANA Database Privilege Escalation Vulnerability SAP Supplier Relationship Management (SRM) Master Data Management Catalog XSS Vulnerability SAP HANA Extended Application Services (Advanced model) HTTP/REST Endpoint Misuse Vulnerability SAP HANA Extended Application Services (Advanced model) Open Port Enumeration Vulnerability Denial of Service (DoS) vulnerability in SAP Kernel and SAP GUI Missing Authorization Check in SAP NetWeaver Process Integration (B2B Toolkit) Allows Unauthorized Import of B2B Table Content Cross-Site Scripting Vulnerability in SAP Customer Relationship Management (Email Management) Reflected Cross-Site Scripting Vulnerability in SAP Financial Consolidation XPath Injection Vulnerability in SAP Financial Consolidation (Versions 10.0 and 10.1) Reflected Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Chart Title Reflected Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Stored Cross-Site Scripting in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) Missing Authentication Check in SAP Process Integration B2B Add-On with BouncyCastle Security Provider Information Disclosure in SAP Landscape Management Enterprise Edition Inadvertent File Access Vulnerability in SAP SQL Anywhere, SAP IQ, and SAP Dynamic Tier Cross-Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence-Publication Pages) Privilege Escalation Vulnerability in SAP Treasury and Risk Management Insufficient Authorization Checks in SAP Treasury and Risk Management Cross-Site Scripting (XSS) Vulnerability in SAP Enable Now (pre-1908 versions) Privilege Escalation in SAP ERP Sales and S4HANA Sales Insufficient URL Validation in SAP UI5 HTTP Handler Privilege Escalation Vulnerability in SAP NetWeaver Application Server Java SAP Data Hub Vulnerability: Unauthorized Access to Connection Manager Information SAP NetWeaver AS Java Information Disclosure Vulnerability SQL Injection Vulnerability in SAP Quality Management Allows Unauthorized Access to Historical Inspection Results Stored Cross Site Scripting Vulnerability in SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad) XML Injection Vulnerability in SAP BusinessObjects Business Intelligence Platform Insufficient CSRF Protection in SAP BusinessObjects Business Intelligence Platform (Monitoring Application) Allows Cross Site Request Forgery Unintended Information Disclosure in SAP Portfolio and Project Management SAP Adaptive Server Enterprise Information Disclosure Vulnerability CSV Command Injection Vulnerability in SAP Enable Now (before version 1911) SAP Enable Now Server Error Message Information Disclosure Vulnerability SAP Enable Now User Enumeration and Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Arbitrary File Content Disclosure in Microsoft Visual Studio via Malicious .vscontent File Windows Jet Database Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge URL Validation Bypass Vulnerability in Microsoft Office MSHTML Engine Remote Code Execution Vulnerability Xterm.js Remote Code Execution Vulnerability Windows Authentication Handling Elevation of Privilege Vulnerability .NET Framework and .NET Core Information Disclosure Vulnerability: Bypassing CORS Configurations Visual Studio C++ Compiler Remote Code Execution Vulnerability Windows DHCP Client Remote Code Execution Vulnerability ASP.NET Core Denial of Service Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows COM Desktop Broker Elevation of Privilege Vulnerability Windows Subsystem for Linux Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Escape from AppContainer Sandbox: Microsoft XmlDocument Elevation of Privilege Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Outlook Information Disclosure Vulnerability Memory Disclosure Vulnerability in Microsoft Office: Exposing Sensitive Information Improper Usage of Microsoft Word Macro Buttons Leads to Information Disclosure Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability ASP.NET Core Denial of Service Vulnerability in ASP.NET Core 2.1 Edge Memory Corruption Vulnerability: Remote Code Execution Exploit Edge Browser Broker COM Object Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability in Microsoft Edge Windows Kernel Information Disclosure Vulnerability Windows Runtime Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Word Software Microsoft Exchange Remote Code Execution Vulnerability Calendar Contributors Privilege Escalation in Microsoft Exchange Server Microsoft Edge Scripting Engine Memory Corruption Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-XXXX) Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability HID Information Disclosure Vulnerability HID Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Internet Explorer Remote Code Execution Vulnerability Microsoft Edge Scripting Engine Memory Corruption Vulnerability Microsoft Browser HTTP Content Parsing Spoofing Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Microsoft Edge Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Flash Object Click2Play Bypass Vulnerability in Microsoft Edge .NET Framework and Visual Studio Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Jet Database Engine Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Kernel Object Memory Handling Vulnerability Skype for Android Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Skype for Business 2015 Spoofing Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Server DHCP Service Memory Corruption Vulnerability Windows Security Feature Bypass Vulnerability Kernel Information Disclosure Vulnerability in Win32k Component Windows SMBv2 Remote Code Execution Vulnerability Windows Security Feature Bypass Vulnerability Windows Security Feature Bypass Vulnerability Windows SMBv2 Remote Code Execution Vulnerability Microsoft Edge Remote Code Execution Vulnerability Windows Hyper-V Information Disclosure Vulnerability Windows File Information Disclosure Vulnerability Cellular Network Profile Bypass Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Whitelist Bypass Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Cross-Origin Information Disclosure Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Microsoft Edge Remote Code Execution Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Team Foundation Server Secret Variable Information Disclosure Vulnerability Chakra Memory Disclosure Vulnerability Microsoft Chakra JIT Server Vulnerability: Scripting Engine Elevation of Privilege Microsoft Edge Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Microsoft Browser Spoofing Vulnerability: Exploiting Improper Redirect Handling Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Memory Object Handling Vulnerability in Windows Kernel .NET Framework and Visual Studio URL Parsing Vulnerability Scripting Engine Memory Object Handling Vulnerability Windows Storage Service Elevation of Privilege Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Kernel Object Memory Handling Vulnerability GDI+ Remote Code Execution Vulnerability Windows Kernel Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Windows VBScript Engine Remote Code Execution Vulnerability Windows VBScript Engine Remote Code Execution Vulnerability Windows VBScript Engine Remote Code Execution Vulnerability Microsoft SharePoint Elevation of Privilege Vulnerability Memory Disclosure Vulnerability in Microsoft Excel HTTP Content Parsing Spoofing Vulnerability in Microsoft SharePoint Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Internet Explorer Memory Handling Vulnerability Cross-Domain Policy Enforcement Bypass in Microsoft Edge Internet Explorer Scripting Engine Memory Corruption Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Active Directory Forest Trust Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Fragmented IP Packet Information Disclosure Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Subsystem for Linux Integer Overflow Elevation of Privilege Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Memory Object Handling Vulnerability in Windows Kernel Windows DHCP Client Memory Corruption Vulnerability Windows DHCP Client Memory Corruption Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Windows Kernel Information Disclosure Vulnerability Windows SMB Server Information Disclosure Vulnerability Windows SMB Server Information Disclosure Vulnerability Windows NDIS Elevation of Privilege Vulnerability Remote Desktop Services Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Windows Hyper-V Network Switch Privilege Escalation Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Windows Hyper-V Network Switch Privilege Escalation Vulnerability Windows Hyper-V Denial of Service Vulnerability Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Hyper-V Network Switch Remote Code Execution Vulnerability Hyper-V Remote Code Execution Vulnerability Hyper-V Network Switch Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Network Switch Privilege Escalation Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Windows Server DHCP Service Memory Corruption Vulnerability Windows DHCP Client Memory Corruption Vulnerability File Deletion Elevation of Privilege Vulnerability in Diagnostic Hub and Visual Studio Standard Collectors Project-based Remote Code Execution Vulnerability in Visual Studio Code Azure IoT Java SDK Symmetric Key Generation Vulnerability Windows LUAFV Driver Elevation of Privilege Vulnerability Windows LUAFV Driver Elevation of Privilege Vulnerability Windows Security Feature Bypass Vulnerability in LUAFV Driver Windows Defender Application Control Security Feature Bypass Vulnerability Kerberos Authentication Request Replacement Vulnerability Windows CSRSS Elevation of Privilege Vulnerability Windows DHCP Client Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Azure IoT Java SDK Information Leakage Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Team Foundation Server Cross-site Scripting Vulnerability Memory Object Handling Vulnerability in Microsoft Edge Access Connectivity Engine Remote Code Execution Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Windows Kernel Information Disclosure Vulnerability MSXML Remote Code Execution Vulnerability NuGet Package Manager Tampering Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Print Spooler Memory Object Handling Vulnerability Internet Explorer Security Zone Validation Bypass Vulnerability Cross-Origin Security Bypass Vulnerability in Microsoft Browsers Internet Explorer Remote Code Execution Vulnerability Unvalidated Input Tampering Vulnerability in Microsoft Browsers Memory Object Handling Vulnerability in comctl32.dll: Remote Code Execution Windows AppX Deployment Server Elevation of Privilege Vulnerability: Arbitrary File Creation Windows Kernel Information Disclosure Vulnerability Internet Explorer VBScript Execution Policy Bypass Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Windows VBScript Engine Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Windows GDI Memory Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Kernel Information Disclosure Vulnerability in Win32k Component Team Foundation Server Cross-site Scripting Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Edge Remote Code Execution Vulnerability Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Windows Kernel Memory Address Initialization Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability ADO Memory Handling Remote Code Execution Vulnerability Windows Server DHCP Service Memory Corruption Vulnerability SMB Server Elevation of Privilege Vulnerability Windows Remote Desktop Client Remote Code Execution Vulnerability Windows Remote Desktop Client Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability OLE Automation Remote Code Execution Vulnerability MS XML Remote Code Execution Vulnerability Windows LUAFV Driver Elevation of Privilege Vulnerability Win32k Object Handling Elevation of Privilege Vulnerability Skype for Business and Lync Spoofing Vulnerability Office URL File Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Azure Linux Agent Swap File Information Disclosure Vulnerability Windows LUAFV Driver Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Win32k Object Handling Elevation of Privilege Vulnerability Visual Studio C++ Redistributable Installer DLL Loading Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Windows DNS Server Denial of Service Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Impersonation Vulnerability in Windows Admin Center Win32k Kernel Information Disclosure Vulnerability ASP.NET Core Denial of Service Vulnerability Azure SSH Keypairs Security Feature Bypass Vulnerability Microsoft Exchange Server Spoofing Vulnerability Metadata Permissions Enforcement Vulnerability in Microsoft SQL Server Analysis Services .NET Framework and .NET Core RegEx Denial of Service Vulnerability Windows SMB Server Information Disclosure Vulnerability Memory Object Handling Vulnerability in Microsoft Graphics Components Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Chakra Scripting Engine Remote Code Execution Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Memory Object Handling Vulnerability in Microsoft Edge Memory Object Handling Vulnerability in Microsoft Scripting Engine Windows LUAFV Driver Elevation of Privilege Vulnerability Memory Object Handling Vulnerability in DirectX Windows Task Scheduler Credential Disclosure Vulnerability Terminal Services Memory Disclosure Vulnerability Windows Kernel Object Memory Handling Vulnerability Windows AppX Deployment Service Hard Link Elevation of Privilege Vulnerability VBScript Engine Remote Code Execution Vulnerability Windows Kernel Object Memory Handling Vulnerability ASP Webpage Content Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Win32k Kernel Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability Jet Database Engine Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Windows Memory Object Handling Remote Code Execution Vulnerability Azure DevOps Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Windows Error Reporting File Handling Elevation of Privilege Vulnerability Heap Memory Object Handling Vulnerability in .NET Framework SymCrypt Denial of Service Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server HTML Injection Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Azure DevOps Server Cross-site Scripting Vulnerability Azure DevOps Server Elevation of Privilege Vulnerability Memory Object Handling Vulnerability in Open Enclave SDK Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Splwow64.exe Local Elevation of Privilege Vulnerability Windows Kernel Key Enumeration Elevation of Privilege Vulnerability Windows GDI Memory Disclosure Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Windows OLE Remote Code Execution Vulnerability Windows Hyper-V Information Disclosure Vulnerability Clipboard Redirection Remote Code Execution Vulnerability ADO Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability GDI+ Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers URL Spoofing Vulnerability in Internet Explorer Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Microsoft Edge Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Windows Hyper-V Denial of Service Vulnerability Internet Explorer Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Internet Explorer Windows Storage Service Elevation of Privilege Vulnerability Skype for Android: Information Disclosure Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Windows Symbolic Link Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Escape from AppContainer Sandbox: Microsoft Edge Elevation of Privilege Vulnerability Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Request Filtering Denial of Service Vulnerability in Microsoft IIS Server Windows 10 Unified Write Filter Elevation of Privilege Vulnerability Windows ALPC Elevation of Privilege Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Windows Event Viewer XML External Entity (XXE) Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Unsafe ASP.Net web controls in Microsoft SharePoint Server can lead to remote code execution Memory Object Handling Vulnerability in Microsoft Word Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Windows GDI Memory Disclosure Vulnerability Azure Automation RunAs Account Privilege Escalation Vulnerability Microsoft Office SharePoint XSS Vulnerability Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows GDI Memory Disclosure Vulnerability Azure DevOps Server and Team Foundation Server Authentication Request Information Disclosure Vulnerability LSASS Denial of Service Vulnerability Windows Installer Elevation of Privilege Vulnerability Jet Database Engine Remote Code Execution Vulnerability ADFS Security Feature Bypass Vulnerability NuGet Package Manager Tampering Vulnerability Windows GDI Memory Disclosure Vulnerability Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability .NET Framework and .NET Core Web Request Denial of Service Vulnerability .NET Framework and .NET Core Web Request Denial of Service Vulnerability ASP.NET Core Denial of Service Vulnerability Windows Storage Service Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Speech API Remote Code Execution Vulnerability Symlink Exploitation in Windows User Profile Service: Elevation of Privilege Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer Chakra Scripting Engine Remote Code Execution Vulnerability Scripting Engine Information Disclosure Vulnerability in Microsoft Edge Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Mark of the Web Bypass Vulnerability in urlmon.dll Azure DevOps Server Cross-Site Request Forgery (CSRF) Vulnerability Windows Storage Service Elevation of Privilege Vulnerability DirectX Memory Object Handling Vulnerability Microsoft Azure AD Connect Elevation of Privilege Vulnerability Storing Passwords in a Recoverable Format Vulnerability in TeamPass Incorrect Access Control in Gitea's Delete/Edit File Functionality Cross Site Request Forgery (CSRF) Vulnerability in MapSVG Lite version 3.2.3 Cross-Site Scripting (XSS) Vulnerability in Yugandhargangu JspMyAdmin2 v1.0.6 and Earlier Arbitrary Code Execution and File Write Vulnerability in mPDF getImage() Method Buffer Overflow Vulnerability in RIOT-OS sock_dns Implementation Allows Remote Code Execution Improper Handling of Structural Elements in aioxmpp Version 0.10.2 and Earlier Path Traversal Vulnerability in Helm Fetch and Helm Lint Commands Path Traversal vulnerability in Helm ChartMuseum (>=0.1.0 and < 0.8.1) allows unauthorized file uploads Cross Site Scripting (XSS) Vulnerability in phpIPAM subnet-scan-telnet.php Incorrect Access Control in GraphQL Delete Mutations in API Platform 2.2.0 to 2.3.5 Vulnerability in Hex Package Manager Allows Undetected Package Modifications and Code Execution Vulnerability in Hex Package Manager Allows Undetected Package Modifications and Code Execution Package Registry Verification Bypass in Erlang/OTP Rebar3 (CVE-2021-12345) Cross Site Scripting (XSS) Vulnerability in Chamilo-lms Version 1.11.8 and Earlier CWE-129: Improper Validation of Array Index in FFMPEG version 4.1 Chamilo-lms Ticket Component Incorrect Access Control Vulnerability Command Injection Vulnerability in rssh Version 2.3.4 with allowscp Permission Out-of-bounds Read Vulnerability in libarchive's 7zip Decompression Infinite Loop DoS Vulnerability in libarchive ISO9660 Parser Access Control Vulnerability in XEP-0223 Plugin: Unauthorized Access to Private Data via PubSub Cross Site Request Forgery (CSRF) vulnerability in Taoensso Sente WebSocket Handshake Endpoint SQL Injection Vulnerability in OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) v3.6-2 and Earlier Versions Cross Site Scripting (XSS) Vulnerability in OPT/NET BV NG-NetMS v3.6-2 and Earlier Versions Disk Space Quota Exhaustion Vulnerability in article2pdf Wordpress Plugin Session Hijacking and Privilege Escalation in Zoho ManageEngine ServiceDesk 9.3 Arbitrary File Loading Vulnerability in Titan FTP Server 2019 Build 3505 Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers PHP League CommonMark Library XSS Vulnerability Arbitrary Account Creation with Weak Password Vulnerability in Jenzabar JICS Arbitrary Code Execution via ZIP Archive Upload in Jenzabar JICS Buffer Overflow in axTLS 2.1.5 Allows Remote Denial of Service Arbitrary Password Reset Vulnerability in DedeCMS 5.7SP2 Remote Code Execution in baigoStudio baigoSSO v3.0.1 via Configuration Screen Cross-Site Scripting (XSS) Vulnerability in GForge Advanced Server 6.4.4 via commonsearch.php words parameter XSS Vulnerability in CMS Made Simple 2.2.10 via moduleinterface.php Name Field Xpdf 4.01.01 FPE Vulnerability in PostScriptFunction::exec Function FPE Vulnerability in Xpdf 4.01.01: PSOutputDev::checkPageSlice Function Chakra Scripting Engine Remote Code Execution Vulnerability FPE Vulnerability in Xpdf 4.01.01: Splash::scaleImageYuXu Function Floating Point Exception in Xpdf's ImageStream::ImageStream Function Kubernetes API Server Denial of Service Vulnerability Arbitrary Code Execution via Malicious Tar Binary in kubectl cp Command NULL Pointer Dereference in Xpdf's Gfx::opSetExtGState Function Xpdf 4.01.01 FPE Vulnerability in PostScriptFunction::exec Function FPE Vulnerability in Xpdf 4.01.01: Splash::scaleImageYuXu Function FPE Vulnerability in Xpdf 4.01.01: ImageStream::ImageStream Function in Stream.cc Xpdf 4.01.01 FPE Vulnerability in PostScriptFunction::exec XSS Vulnerability in PHPCMS 9.6.x through 9.6.3 via Mailbox Field Dial Reference Source Code Denial of Service (DOS) Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Sandbox Bypass Vulnerability in Script Security Plugin Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Pipeline: Groovy Plugin Arbitrary Code Execution Vulnerability in Pipeline: Declarative Plugin Persistent Access Vulnerability in Jenkins 2.158 and Earlier Session Hijacking Vulnerability in Jenkins Jenkins Script Security Plugin Sandbox Bypass Vulnerability Jenkins Groovy Plugin Sandbox Bypass Vulnerability Arbitrary Code Execution Vulnerability in Jenkins Warnings Plugin 5.0.0 and Earlier Arbitrary Code Execution Vulnerability in Jenkins Warnings Next Generation Plugin Impersonation Vulnerability in Jenkins Active Directory Plugin Cross-Site Request Forgery Vulnerability in Jenkins Git Plugin 3.9.1 and Earlier Jenkins Token Macro Plugin Recursive Input Vulnerability Cross-Site Request Forgery Bypass Vulnerability in Jenkins Blue Ocean Plugins Cross-Site Scripting Vulnerability in Jenkins Blue Ocean Plugins 1.10.1 and Earlier Cross-Site Scripting Vulnerability in Jenkins Config File Provider Plugin 3.4.1 and Earlier XML External Entity (XXE) Processing Vulnerability in Jenkins Job Import Plugin 2.1 and Earlier Jenkins Job Import Plugin Vulnerability: Unauthorized Access to Sensitive Information Jenkins Job Import Plugin 3.0 and Earlier: Data Modification Vulnerability Jenkins GitHub Authentication Plugin 0.29 and earlier: Sensitive Information Exposure Vulnerability Session Fixation Vulnerability in Jenkins GitHub Authentication Plugin Server-Side Request Forgery Vulnerability in Jenkins Kanboard Plugin 1.5.10 and Earlier Jenkins OpenId Connect Authentication Plugin 1.4 and earlier: Sensitive Information Exposure Vulnerability Jenkins Monitoring Plugin 1.74.0 and Earlier: Denial of Service Vulnerability Allows Thread Killing Arbitrary HTML Rendering Vulnerability in Jenkins Warnings Next Generation Plugin Jenkins Script Security Plugin Sandbox Bypass Vulnerability Jenkins Cloud Foundry Plugin: Sensitive Information Exposure Vulnerability Server-side request forgery vulnerability in Jenkins Mattermost Notification Plugin 2.6.2 and earlier allows unauthorized message sending Server-Side Request Forgery Vulnerability in Jenkins OctopusDeploy Plugin 1.8.1 and Earlier Server-side request forgery vulnerability in Jenkins JMS Messaging Plugin 1.1.1 and earlier allows unauthorized JMS endpoint connection Jenkins Script Security Plugin Sandbox Bypass Vulnerability Jenkins Pipeline: Groovy Plugin Sandbox Bypass Vulnerability Sandbox Bypass Vulnerability in Jenkins Matrix Project Plugin 1.13 and Earlier Sandbox Bypass Vulnerability in Jenkins Email Extension Plugin Sandbox Bypass Vulnerability in Jenkins Groovy Plugin 2.1 and Earlier Sandbox Bypass Vulnerability in Jenkins Job DSL Plugin Information Exposure Vulnerability in Jenkins Azure VM Agents Plugin Jenkins Azure VM Agents Plugin 0.8.0 and earlier: Data Modification Vulnerability Information Exposure Vulnerability in Jenkins Azure VM Agents Plugin Insufficiently Protected Credentials Vulnerability in Jenkins Repository Connector Plugin Insufficient Credential Protection in JenkinsAppDynamics Dashboard Plugin Arbitrary Constructor Invocation Vulnerability in Jenkins Script Security Plugin Sandbox Bypass Vulnerability in Jenkins Pipeline: Groovy Plugin Allows Invocation of Arbitrary Constructors Arbitrary JavaScript Injection Vulnerability in Jenkins Lockable Resources Plugin Jenkins Slack Notification Plugin 2.19 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs Cross-Site Request Forgery Vulnerability in Jenkins Slack Notification Plugin Jenkins ECS Publisher Plugin 1.0.0 API Token Disclosure Vulnerability Cross-Site Request Forgery Vulnerability in Jenkins Fortify on Demand Uploader Plugin Unauthenticated Remote Server Connection Vulnerability in Jenkins Fortify on Demand Uploader Plugin Local File System Access Vulnerability in Jenkins PRQA Plugin 3.1.0 and Earlier Vulnerability: Persistent CLI Authentication in Jenkins Versions 2.171 and Earlier Cross-Site Scripting (XSS) Vulnerability in Jenkins UI's f:validateButton Form Control Unencrypted Storage of Credentials in Jenkins IRC Plugin's Global Configuration File Unencrypted Storage of Credentials in Jenkins AWS Elastic Beanstalk Publisher Plugin Unencrypted Storage of Credentials in Jenkins HockeyApp Plugin Unencrypted Storage of Credentials in Jenkins Jira Issue Updater Plugin Unencrypted Storage of Credentials in Jenkins FTP Publisher Plugin Unencrypted Storage of Credentials in Jenkins WebSphere Deployer Plugin Unencrypted Storage of Credentials in Jenkins Bitbucket Approve Plugin Cross-Site Request Forgery Vulnerability in Jenkins FTP Publisher Plugin Allows Unauthorized Server Connections Jenkins FTP Publisher Plugin Vulnerability: Unauthorized Server Connection Unencrypted Storage of Credentials in Jenkins Official OWASP ZAP Plugin Unencrypted Storage of Credentials in Jenkins CloudFormation Plugin Unencrypted Storage of Credentials in Jenkins AWS CloudWatch Logs Publisher Plugin Unencrypted Storage of Credentials in Jenkins Amazon SNS Build Notifier Plugin Unencrypted Storage of Credentials in Jenkins aws-device-farm Plugin Unencrypted Storage of Credentials in Jenkins CloudShare Docker-Machine Plugin Unencrypted Storage of Credentials in Jenkins Bugzilla Plugin Unencrypted Storage of Credentials in Jenkins Trac Publisher Plugin Unencrypted Storage of Credentials in Jenkins VMware vRealize Automation Plugin Unencrypted Storage of Credentials in Jenkins Aqua Security Scanner Plugin Unencrypted Storage of Credentials in Jenkins veracode-scanner Plugin Unencrypted Storage of Credentials in Jenkins OctopusDeploy Plugin Unencrypted Storage of Credentials in Jenkins WildFly Deployer Plugin Unencrypted Storage of Credentials in Jenkins VS Team Services Continuous Deployment Plugin Unencrypted Storage of Credentials in Jenkins Hyper.sh Commons Plugin Unencrypted Storage of Credentials in Jenkins Audit to Database Plugin Cross-Site Request Forgery Vulnerability in Jenkins Audit to Database Plugin Jenkins Audit to Database Plugin: Missing Permission Check in DbAuditPublisherDescriptorImpl#doTestJdbcConnection Form Validation Method Cross-Site Request Forgery Vulnerability in Jenkins VMware Lab Manager Slaves Plugin Unauthenticated Connection Initiation Vulnerability in Jenkins VMware Lab Manager Slaves Plugin Cross-Site Request Forgery Vulnerability in Jenkins OpenShift Deployer Plugin Unauthenticated Server Connection Vulnerability in Jenkins OpenShift Deployer Plugin Cross-Site Request Forgery Vulnerability in Jenkins Gearman Plugin Allows Unauthorized Server Connections Jenkins Gearman Plugin: Missing Permission Check in Connection Validation Allows Unauthorized Server Connections Cross-Site Request Forgery Vulnerability in Jenkins Zephyr Enterprise Test Management Plugin Unauthenticated Connection Initiation Vulnerability in Jenkins Zephyr Enterprise Test Management Plugin Cross-Site Request Forgery Vulnerability in Jenkins Chef Sinatra Plugin Jenkins Chef Sinatra Plugin Vulnerability: Unauthorized Connection Initiation Unencrypted Storage of Credentials in Jenkins Fabric Beta Publisher Plugin Unencrypted Storage of Credentials in Jenkins Upload to pgyer Plugin Cross-Site Request Forgery Vulnerability in Jenkins SOASTA CloudTest Plugin Unauthenticated Server Connection Vulnerability in Jenkins SOASTA CloudTest Plugin Cross-Site Request Forgery Vulnerability in Jenkins Nomad Plugin Allows Unauthorized Server Connections Jenkins Nomad Plugin Vulnerability: Unauthorized Connection Initiation Unencrypted Storage of Credentials in Jenkins Open STF Plugin Unencrypted Storage of Credentials in Jenkins Perfecto Mobile Plugin Unencrypted Storage of Credentials in Jenkins TestFairy Plugin Unencrypted Storage of Credentials in Jenkins Crowd Integration Plugin Cross-Site Request Forgery Vulnerability in Jenkins OpenID Plugin OpenId Plugin in Jenkins: Missing Permission Check Allows Unauthorized Server Connection Arbitrary Program Execution Vulnerability in Evernote 7.9 on macOS Unauthenticated Account Manipulation in D-Link DIR-816 A2 1.11 Router Scripting Engine Memory Corruption Vulnerability in Internet Explorer Unauthenticated Command Execution in D-Link DIR-816 A2 1.11 Router Unauthenticated System Account Modification in D-Link DIR-816 A2 1.11 Router Unauthenticated Router Reset Vulnerability in D-Link DIR-816 A2 1.11 IDN Homograph Attack Vulnerability in Telegram Applications Session Cookie Disclosure Vulnerability in Pydio through 8.2.2 Information Disclosure Vulnerability in Pydio 8.2.2 Allows Unauthenticated Attackers to Obtain Configuration Details Stored XSS Vulnerability in Pydio Web Application through 8.2.2 via File Upload and Preview Features Arbitrary Command Execution Vulnerability in Pydio ImageMagick Plugin Cross-Site Scripting (XSS) Vulnerability in Pydio 8.2.2 Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Buffer Over-read Vulnerability in Suricata 4.1.x Suricata 4.1.3 Vulnerability: Crash due to Unsafe Some(sfcm) => { ft.new_chunk } in filetracker_newchunk Panic Vulnerability in Suricata 4.1.3 DHCP Parser Heap-based Buffer Over-read in Suricata 4.1.x before 4.1.4 Invalid Memory Access in Suricata 4.1.3: process_reply_record_v3 Vulnerability FTP PASV Response Length Check Bypass Vulnerability in Suricata 4.1.3 Vulnerability: Double Execution of DecodeEthernet in Suricata 4.1.3 CSRF Vulnerability in Lexmark Products Lexmark Products Vulnerable to Incorrect Access Control Default Enabled Legacy Finger Service on Older Lexmark Devices WCF/WIF SAML Token Authentication Bypass Vulnerability Buffer Overflow Vulnerability in Verix Multi-app Conductor Application 2.7 for Verifone Verix Command Injection vulnerability in utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 XSS Vulnerability in Aurelia Framework's HTMLSanitizer Class Sandbox Bypass Vulnerability in Flatpak Insecure Random Number Generation in hostapd EAP Mode (CVE-2016-10743) Information Disclosure Vulnerability in Open Ticket Request System (OTRS) 7.0 through 7.0.6 JavaScript Execution Vulnerability in OTRS and OTRSAppointmentCalendar JavaScript Execution Vulnerability in Open Ticket Request System (OTRS) Unauthenticated Remote Code Execution in Kentico CMS Remote Code Execution Vulnerability in Godot through 3.1: Incorrect Deserialization Policy Windows Audio Service Elevation of Privilege Vulnerability Stored Cross-Site Scripting Vulnerability in Apache Atlas Search Functionality Timing Side Channel Vulnerability in HMAC Signature Comparison Incomplete Fix for CVE-2019-0199: HTTP/2 Connection Window Exhaustion Vulnerability in Apache Tomcat Stored XSS Vulnerability in Apache OFBiz Ecommerce Template Remote Code Execution (RCE) Vulnerability in Apache OFBiz Form Widget Textarea Field XSS Vulnerability in Apache JSPWiki 2.9.0 to 2.11.0.M3 Allows for Session Hijacking InterWiki Link XSS Vulnerability in Apache JSPWiki 2.9.0 to 2.11.0.M3 Multiple Plugins in Apache JSPWiki 2.9.0 to 2.11.0.M3 Vulnerable to XSS Exploitation and Session Hijacking Apache Traffic Server HTTP/2 Setting Flood Vulnerability Security Feature Bypass Vulnerability in Microsoft Dynamics On-Premise XML External Entity (XXE) Vulnerability in NiFi XMLFileLookupService HTTP/2 Early Push Memory Overwrite Vulnerability Apache HTTP Server 2.4.18-2.4.39: Memory Read After Free Vulnerability in HTTP/2 Session Handling Information Disclosure Vulnerability in NiFi API Apache Impala Session and Query Hijacking Vulnerability Stored XSS Vulnerability in Apache Allura Prior to 1.11.0 Vulnerability: Unprotected Classloader Access in Apache Commons Beanutils 1.9.2 Apache JSPWiki Plugin Link XSS Vulnerability Apache Tika RecursiveParserWrapper OOM Vulnerability Apache JSPWiki WYSIWYG Editor XSS Vulnerability Windows GDI Memory Disclosure Vulnerability Apache JSPWiki Plain Editor XSS Vulnerability Apache Geode SSL Handshake Vulnerability Limited Cross-Site Scripting Vulnerability in Apache HTTP Server 2.4.0-2.4.39 Apache Tika 1.19 to 1.21 Vulnerability: Denial of Service via Crafted 2003ml or 2006ml File StackOverflowError Vulnerability in Apache Tika's RecursiveParserWrapper (Versions 1.7-1.21) Apache Zeppelin Bash Command Injection Vulnerability Stack Buffer Overflow and NULL Pointer Dereference in Apache HTTP Server 2.4.32-2.4.39 with mod_remoteip and PROXY Protocol Apache HTTP Server mod_rewrite Redirect Vulnerability Unencrypted Data Leakage Vulnerability in Spark 2.3.3 and Earlier Versions Windows GDI Memory Disclosure Vulnerability Server Side Template Injection in JetBrains YouTrack Confluence Plugin Cross Site Scripting (XSS) vulnerability in Leanote prior to version 2.6 SoX - Sound eXchange 14.4.2 and earlier Vulnerability: Out-of-bounds Read in read_samples function at xa.c:219 XSS to Code Execution Vulnerability in HexoEditor v1.1.8-beta Buffer Overflow Vulnerability in Evince 3.26.0: DOS / Possible Code Execution Cross Site Scripting (XSS) Vulnerability in Emoncms 9.8.8 Insecure Permissions in DGLogik Inc DGLux Server All Versions: Remote Execution and Credential Leaks via IoT API Cross Site Scripting (XSS) vulnerability in Dolibarr 6.0.4 allows for Cookie Stealing via specially crafted link in htdocs/product/stats/card.php XML Injection Vulnerability in libnmap < v0.6.3: Denial of Service (DoS) via Specially Crafted XML Payload Cross Site Scripting (XSS) Vulnerability in Zammad GmbH Zammad 2.3.0 and Earlier Mitigation Bypass: Stack Guard Protection Bypass in GNU Libc's nptl Component Vulnerability: Privilege Escalation via Re-mapping Loaded Library Mitigation Bypass: ASLR Bypass Using Cache of Thread Stack and Heap in GNU Libc ASLR Bypass Vulnerability in GNU Libc Cross Site Scripting (XSS) vulnerability in School College Portal with ERP Script 2.6.1 and earlier: Attack on administrators, teachers, and students via /pro-school/index.php?student/message/send_reply/ SQL Injection in Deepwoods Software WebLibrarian 3.5.2 and earlier: Exposing the Entire Database Buffer Overflow Vulnerability in OpenModelica OMCompiler Buffer Overflow in uLaunchELF Loader Program (loader.c) Allows for Possible Code Execution and Denial of Service Buffer Overflow Vulnerability in Quake3e < 5ed740d Buffer Overflow in borg-reducer c6d5240: Potential for Code Execution and Denial of Service Dolibarr 7.0.0 Vulnerability: Cross Site Request Forgery (CSRF) Allows Unauthorized User Actions Buffer Overflow Vulnerability in nfdump 1.6.16 and Earlier: Potential Denial of Service to Local Code Execution NASA CFITSIO prior to 3.43 Buffer Overflow Vulnerability Unrestricted File Upload Vulnerability in PluckCMS 4.7.4 and Earlier Integer Overflow in The Sleuth Kit 4.6.0 and earlier: Crash in tsk/fs/hfs_dent.c:237 Vulnerability: Incorrect Access Control in Lawrence Livermore National Laboratory msr-safe v1.1.0 Vulnerability: Denial of Service Attack via Crafted File in moinejf abcm2ps 8.13.20 Flask before 1.0 Vulnerability: Denial of Service via Crafted Encoded JSON Data Incorrect Access Control in Dancer::Plugin::SimpleCRUD 1.14 and earlier: Potential for Unauthorized Data Access CWE-79: Improper Neutralization of Input During Web Page Generation in TinyMCE 4.7.11 and 4.7.12: JavaScript Code Execution via Media Element CSRF Vulnerability in DomainMod v4.10.0 Allows Unauthorized Password Change CSRF Vulnerability in DomainMOD v4.10.0 Allows Unauthorized Administrator Account Addition CSRF Vulnerability in DomainMOD v4.10.0 Allows Unauthorized User Privilege Escalation Insecure Artifact Resolution in JetBrains Kotlin Versions Prior to 1.3.30 Title: Critical Vulnerability in Akeo Consulting Rufus 3.0 and Earlier: DLL Search Order Hijacking Enables Arbitrary Code Execution with Privilege Escalation Insecure Permissions in Akeo Consulting Rufus 3.0 and Earlier: Arbitrary Code Execution with Privilege Escalation SQL Injection Vulnerability in TechyTalk Quick Chat WordPress Plugin Cross Site Request Forgery (CSRF) vulnerability in OECMS v4.3.R60321 and later versions allows unauthorized addition of administrator accounts Cross Site Scripting (XSS) Vulnerability in Premium Software CLEditor 1.4.5 and Earlier Unrestricted File Upload Vulnerability in MODX Revolution Gallery 1.7.0 Cross-Site Scripting (XSS) Vulnerability in WebAppick WooCommerce Product Feed Plugin VCFTools Prior to Version 0.1.15: Use-After-Free Vulnerability in header::add_FILTER_descriptor Method ChinaMobile GPN2.4P21-C-CN W2001EN-00 Vulnerability: Unauthenticated Remote Reboot Title: Scapy 2.4.0 Denial of Service Vulnerability in _RADIUSAttrPacketListField.getfield() Privilege Escalation through XSS in Yellowfin Smart Reporting (Versions Prior to 7.3) SQL Injection Vulnerability in zzcms Version 8.3 and Earlier: zzcms File Delete to Code Execution Vulnerability: File Delete to Code Execution in zzcms version 8.3 and earlier Vulnerability Title: File Delete to Code Execution in zzcms 8.3 and earlier File Delete Vulnerability in zzcms zzmcms 8.3 and Earlier: Exploiting /user/ppsave.php to Gain Shell Access Vulnerability Title: File Delete to Code Execution in zzcms 8.3 and Earlier SQL Injection Vulnerability in zzcms 8.3 and earlier Authentication Bypass Vulnerability in D-Link DSL-2750U 1.11 Incorrect Access Control in perl-CRYPT-JWT 0.022 and earlier allows for bypassing authentication Vulnerability Title: NULL Pointer Dereference in Jsi_StrcmpDict Function (jsiChar.c:121) in jsish 2.4.74 2.0474 Buffer Overflow Vulnerability in Socusoft Co Photo 2 Video Converter 8.0.0 Out-of-bounds Read Vulnerability in Jsish 2.4.77 (CVE-2021-XXXX) Use After Free vulnerability in Jsish 2.4.77 (2.0477): Denial of Service in Jsi_ObjFree (jsiObj.c:230) Nullpointer Dereference Vulnerability in Jsish 2.4.83: Denial of Service in jsi_DumpFunctions (jsiEval.c:567) Uncontrolled Resource Consumption in Jsish 2.4.84: Denial of Service Vulnerability Reachable Assertion in Jsi_ValueArrayIndex (jsiValue.c:366) in Jsish 2.4.84 2.0484: Denial of Service Vulnerability CImg Library v.2.3.3 and earlier: Command Injection in load_network() Function Buffer Overflow in lit_char_to_utf8_bytes function of JerryScript (commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166) allows for denial of service and potential arbitrary code execution Use After Free vulnerability in Jsish 2.4.70 2.047 in Jsi_RegExpNew function (jsi/jsiRegexp.c:39) allows for denial of service and possibly arbitrary code execution Vulnerability Title: Remote Code Execution in Fred MODX Revolution < 1.0.0-beta5 Command Injection Vulnerability in PHKP (commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b) Buffer Overflow Vulnerability in GNU gdb: Denial of Service, Memory Disclosure, and Possible Code Execution Uncontrolled Recursion in YamlLoader::load_from_str function leads to Denial of Service Uncontrolled Recursion in serde_yaml 0.6.0 to 0.8.3: Denial of Service via Malicious YAML Parsing Infinite Loop Denial of Service Vulnerability in mgetty Out-of-Bounds Read Vulnerability in mgetty prior to 1.2.1 SQL Injection Vulnerability in Marginalia < 1.6 Cross Site Scripting (XSS) Vulnerability in hisiphp 1.0.8 Cross Site Scripting (XSS) vulnerability in ServiceStack Framework 4.5.14 Insecure Artifact Resolution in JetBrains Ktor Framework Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is vulnerable to OS Command Injection leading to Remote Code Execution SQL Injection Vulnerability in Jeesite 1.2.7: Sensitive Information Disclosure XML External Entity (XXE) Vulnerability in Jeesite 1.2.7: Sensitive Information Disclosure Vulnerability: Denial of Service in GNU binutils gold Directory Traversal Vulnerability in LINAGORA Hublin Vulnerability: Missing SSL Certificate Validation in OSS Http Request Plugin Cross Site Scripting (XSS) vulnerability in Genetechsolutions Pie Register 3.0.15 allows session cookie theft Buffer Overflow Vulnerability in Veracrypt NT Driver (veracrypt.sys) Unauthenticated File Upload Vulnerability in GoURL WordPress Plugin 1.4.13 and Earlier Buffer Overflow Vulnerability in Cherokee Web Server Buffer Over-read Vulnerability in tcpdump 4.9.2: Exposing Stack Information via Specially Crafted pcap File Vulnerability: Incorrect Access Control in LineageOS 16.0 and earlier Buffer Overflow Vulnerability in OFFIS.de DCMTK 3.6.3 and below Buffer Overflow Vulnerability in Juniper libslax Library Remote Code Execution in Linux Foundation ONOS 1.15.0 and Earlier via Improper Input Validation in YangLiveCompilerManager.java Cross Site Scripting (XSS) Vulnerability in Frog CMS 1.1 Snippets Component Stored XSS Vulnerability in Ilias Assessment/TestQuestionPool Component Heap-based Buffer Overflow in Gnome Pango 1.42 and Later: Exploiting pango_log2vis_get_embedding_levels Function Null Dereference Vulnerability in cJSON 1.7.8: Denial of Service via Crafted JSON File Jenkins Credentials Binding Plugin 1.17: CWE-257 - Storing Passwords in a Recoverable Format Arbitrary Command Execution in Linux Foundation ONOS SDN Controller 1.15 and Earlier Versions Unauthenticated MySQL Database Password Information Disclosure in MailCleaner ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier Cross Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in Synetics GmbH I-doit 1.12 and Earlier: Unauthenticated MySQL Database Access via Web Login Form Title: Integer Overflow Vulnerability in Linux Foundation ONOS Allows Unauthorized Flow Rule Installation Vulnerability: Unintended Flow Rule Installation in ONOS 2.0.0 and Earlier Denial of Service - DNS Detection Bypass in Open Information Security Foundation Suricata (CVE-2019-12168) Title: Vulnerability in Linux Foundation ONOS 2.0.0 and Earlier: Unintended Flow Rule Installation via Poor Input Validation Arbitrary File Download and Deletion in article2pdf Wordpress Plugin Buffer Overflow in nanosvg Library: Memory Corruption and DoS SQL Injection in SaltStack Salt 2018.3, 2019.2: Privilege Escalation and RCE via mysql.user_chpass Arbitrary Code Execution via MITM Attack in ktlint Custom Ruleset Download Cross Site Scripting (XSS) vulnerability in Gitea 1.7.0 and earlier allows arbitrary JavaScript execution in victim's browser Incorrect Access Control in Perl Crypt::JWT (CVE-2021-12345) Uncontrolled Resource Consumption in Lodash Date Handler (CWE-400) XML External Entity (XXE) Vulnerability in Ladon SOAP Request Handlers Improper Certificate Validation in Helm Before 2.7.2 Allows Unauthorized Client Connections Denial of Service - TCP/HTTP Detection Bypass in Open Information Security Foundation Suricata (CVE-2020-XXXX) Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier Vulnerability: Intentional Information Exposure Cross Site Scripting (XSS) vulnerability in Timesheet Next Gen 1.5.3 and earlier allows arbitrary code execution via redirect parameter in login.php. Open Redirection Vulnerability in Babel: Allowing Unrestricted URL Redirection Boundary Check Vulnerability in Linaro/OP-TEE Prior to v3.4.0 Boundary Crossing Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier: Memory Corruption of TEE Rounding Error Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier Buffer Overflow Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier: Memory Corruption and Disclosure Buffer Overflow Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier Buffer Overflow Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier Buffer Overflow Vulnerability in Linaro/OP-TEE OP-TEE 3.3.0 and Earlier Uninitialized Memory Exposure in Rust Programming Language Standard Library Vulnerability: Insecure Gradle Artifact Resolution in JetBrains IntelliJ IDEA Kotlin Projects Buffer Overflow Vulnerability in mz-automation libiec61850 1.3.2 1.3.1 1.3.0: Server Example Complex Array Component Buffer Overflow Vulnerability in jhead 3.03: Denial of Service via Specially Crafted JPEG File Denial of Service Vulnerability in jhead 3.03: Incorrect Access Control in iptc.c Line 122 show_IPTC() Incorrect Access Control in Saleor GraphQL API allows Unauthenticated Users to Access Admin-Restricted Shop Revenue Data Buffer Overflow in libmspack 0.9.1alpha: Information Disclosure in chmd_read_headers() Remote Code Execution (RCE) Vulnerability in Slanger 0.6.0 Cross Site Scripting (XSS) Vulnerability in GLPI Product 9.3.1: Privilege Escalation and Admin JS Execution via Link Tickets Feature Unrestricted Access to Sensitive Information in Aquarius CMS Log File GLPI Product 9.3.1 - Frame and Form Tags Injection Vulnerability Gitea 1.7.2, 1.7.3 Vulnerability: Cross Site Scripting (XSS) in Repository Description WavPack 5.1 and earlier Vulnerability: Divide by Zero in ParseDsdiffHeaderConfig (dsdiff.c:282) Incorrect Access Control in pyxtrlock 0.3 and earlier: False Locking Impression in Non-X11 Sessions Uninitialized Variable in WavPack's ParseCaffHeaderConfig Leads to Control Flow Issues Uninitialized Variable in WavPack's ParseWave64HeaderConfig Leads to Control Flow Issues Remote Code Execution Vulnerability in JetBrains IntelliJ IDEA Ultimate Self-XSS Vulnerability in CMS Made Simple 2.2.10 via Layout Design Manager Name Field XSS Vulnerability in CMS Made Simple 2.2.10 via 'moduleinterface.php' Name Field XSS Vulnerability in CMS Made Simple 2.2.10 via Email Address Field in myaccount.php Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition EXIF Geolocation Data Exposure in GitLab Windows GDI Memory Disclosure Vulnerability Insecure Permissions in GitLab's Move Issue Feature Persistent XSS Vulnerability in GitLab Merge Request Resolve Conflicts Page Insecure HMAC Key Derivation Vulnerability in GitLab Uncontrolled Resource Consumption in GitLab API Insecure Parameter Validation in GitLab OAuth Authentication Insecure Permissions in GitLab Releases Feature Insecure Permissions Allow Unauthorized Access to Related Branches in GitLab Open Redirect Vulnerability in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2 XSS Vulnerability in Snipe-IT (before 4.6.14) via log_meta and API User's Last Name Authentication Bypass Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 Devices (HMCCU-154) Windows GDI Memory Disclosure Vulnerability HMCCU-154: Session ID Persistence Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 Devices HMCCU-153: Unauthenticated Session Hijacking and Admin Access in eQ-3 HomeMatic CCU2 and CCU3 Devices Buffer Overflow Vulnerability in eQ-3 HomeMatic CCU2 and CCU3 Devices (HMCCU-179) SQL Injection Vulnerability in AIS ESEL-Server 67 Allows Arbitrary Code Execution Use-after-free vulnerability in aio_poll() in Linux kernel through 5.0.4 Heap-based Buffer Overflow in mwifiex_uap_parse_tail_ies Function in Linux Kernel Arbitrary Code Execution and Data Access Vulnerability in PostgreSQL 11.x Insecure ACL Configuration in PostgreSQL Windows Installer Arbitrary Memory Read Vulnerability in PostgreSQL 11.x (CVE-2019-10164) Windows GDI Memory Disclosure Vulnerability Vulnerability: Information Leakage in PostgreSQL Column Statistics Off-by-one read vulnerability in ImageMagick's formatIPTCfromBuffer function Vulnerability in libvirt >= 4.1.0: Unauthenticated Administrative Access via virtlockd-admin.socket and virtlogd-admin.socket Unrestricted External URL Redirect in Moodle Cohort Upload Form User Quota Exceedance Vulnerability in Moodle Insecure Code Execution Vulnerability in osbs-client's yaml.load() Function Spacewalk Vulnerability: Expired Authentication Session Manipulation Path Traversal Vulnerability in spacewalk-proxy Insufficient Access Control in python-novajoin Plugin Allows Unauthorized FreeIPA Token Generation Plain-text storage of admin and appliance passwords in ansible variable file during HE deployment via cockpit-ovirt Win32k Memory Object Handling Elevation of Privilege Vulnerability Linux Kernel OverlayFS NULL Pointer Dereference Denial of Service Vulnerability SQL-injection vulnerability in openstack-ironic-inspector's node_cache.find_node() function Vulnerability in Linux Kernel's Freescale Hypervisor Manager Implementation Privilege Escalation Vulnerability in FreeRADIUS Logrotate Configuration Lack of Process Isolation in rkt enter Vulnerability Lack of Process Isolation in rkt enter Vulnerability Reflected Cross Site Scripting Vulnerability in pki-core Server's CA Agent Service Insecure Process Isolation in rkt Versions 1.30.0 and Below Remote Command Execution Vulnerability in Exim 4.87 to 4.91 Windows GDI Memory Disclosure Vulnerability OpenShift Container Platform SSH Host Key Checking Bypass Vulnerability Path Traversal Vulnerability in Podman Allows Arbitrary File Access Vulnerability: Denial of Service in fence-agents due to Non-ASCII Characters Unrestricted Access to Conversations in Moodle Web Service Unverified Integrity Check Vulnerability in Libreswan IKEv1 Informational Exchange Processing Information Disclosure Vulnerability in Ansible Templating Keycloak Node.js Adapter Backchannel Logout Token Verification Bypass Vulnerability Improper Session Fixation Protection in Infinispan-Spring Session Integration Data Leak Vulnerability in cfme-gemset Versions 5.10.4.3 and Below, 5.9.9.3 and Below Windows GDI Memory Disclosure Vulnerability Vulnerability Title: Python Security Regression in URL Parsing (CVE-2019-9636) Arbitrary File Access and Execution Vulnerability in libvirtd PowerDNS Authoritative Server Denial of Service Vulnerability PowerDNS Authoritative Server Vulnerability: Remote Master Server CPU Load and Zone Update Prevention Stack-based Buffer Overflow in PostgreSQL Plaintext Storage of OAuth Tokens in OpenShift Container Platform Audit Logs Arbitrary Code Execution Vulnerability in libvirtd Arbitrary Code Execution Vulnerability in libvirt's virConnectGetDomainCapabilities() API Arbitrary Code Execution via Libvirt's Hypervisor CPU APIs Arbitrary Code Execution Vulnerability in Keycloak's User-Managed Access Interface Win32k Memory Object Handling Elevation of Privilege Vulnerability Arbitrary Code Execution Vulnerability in Keycloak Admin Console Denial of Service Vulnerability in 389-ds-base in RHEL 7.5 XML External Entity (XXE) Vulnerability in org.codehaus.jackson:jackson-mapper-asl:1.9.x Libraries Remote Code Execution Vulnerability in XStream API (CVE-2021-XXXX) Infinispan Privilege Escalation via Reflection Vulnerability Unauthorized Cloning of Persistent Volume Claims in virt-cdi-cloner Static CSRF Tokens in OpenShift Container Platform Stored XSS Vulnerability in CloudForms PDF Export Component Stored Cross Site Scripting (XSS) Vulnerability in Token Processing Service (TPS) Reflected Cross Site Scripting (XSS) Vulnerability in PKI-Core 10.x.x Key Recovery Authority (KRA) Agent Service DirectX Memory Object Handling Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in PKI-Core 10.x.x Token Processing Service (TPS) Code Injection Vulnerability in IcedTea-Web Arbitrary File Upload Vulnerability in IcedTea-Web Insecure Password Handling in virt-install(1) Utility Undertow Information Leak Vulnerability Zip-Slip Vulnerability in IcedTea-Web: Arbitrary File Write and Sandbox Escape CSRF Token Bypass in Moodle XML Loading/Unloading Admin Tool Glossary Entry Deletion Vulnerability in Moodle Vulnerability: Unauthorized Group Override Modification in Moodle Quiz Group Override Vulnerability in Moodle NETLOGON Message Session Key Retrieval Vulnerability DNS Resolver Component Vulnerability: Bypassing DNSSEC Validation for Non-Existence Answer Vulnerability in Knot Resolver Allows DNSSEC Downgrade and Domain Hijacking Heap-Buffer Overflow Vulnerability in Redis HyperLogLog Data Structure Stack-buffer overflow vulnerability in Redis hyperloglog data structure Insufficient Protection of Sensitive Passwords in oVirt Metrics Deployment and Configuration Clear text password logging vulnerability in FreeIPA's batch processing API Denial of Service and Memory Leak Vulnerability in http-proxy-agent Samba Directory Traversal Vulnerability Authentication Bypass Vulnerability in foreman-tasks before 0.15.7 Inadequate Header Checks in Keycloak Account Console: Untrusted Domain Request Vulnerability OpenShift Container Platform 4 Vulnerability: Unauthorized Access to AWS IAM Role Credentials on Master Nodes Path Traversal Vulnerability in Yard before 0.9.20 Credential Sniffing Vulnerability in Pterodactyl before 0.7.14 with 2FA Cross-Site Scripting (XSS) Vulnerability in Invenio-Records before 1.2.2 Tridactyl 1.16.0 Vulnerability: Fake Key Events Cross-Site Scripting (XSS) Vulnerability in Invenio-Communities before 1.0.0a20 Host Header Injection Vulnerability in Invenio-App Cross-Site Scripting (XSS) Vulnerability in Dependency-Track before 3.5.1 Cross-Site Scripting (XSS) Vulnerability in stacktable.js before 1.0.4 SMTP Credential Exposure Vulnerability in Fleet before 2.1.2 User Token Hijacking Vulnerability in Misskey before 10.102.4 Unauthorized Automatic Deployments of SmokeDetector: A Critical Vulnerability Vulnerability: Denial of Service (DoS) in parse-server before 3.4.1 Account Enumeration Vulnerability in parse-server before 3.6.0 Double Free Vulnerability in docker-credential-helpers List Functions Improper Audience Check in Hasura GraphQL Engine JWT Verification Open Redirect Vulnerability in ASH-AIO before 2.0.0.3 Lack of Confirmation Screen in Discourse User-API OTP Login Vulnerability Missing Confirmation Screen for Email Login Vulnerability Cross-Site Scripting (XSS) Vulnerability in Invenio-Previewer Keycloak SAML Broker Message Signature Verification Bypass Vulnerability Deserialization Vulnerabilities in Codehaus 1.9.x Implemented in EAP 7 PowerDNS Authoritative daemon Denial of Service Vulnerability Insecure Storage of Robot Account Tokens in Red Hat Quay Vulnerability: Password Exposure in Ansible Playbook and CLI Tools Linux Kernel Bluetooth UART Local Privilege Escalation Vulnerability Arbitrary SQL Execution Vulnerability in PostgreSQL Memory Disclosure Vulnerability in Cross-Type Comparison for Hashed Subplan in PostgreSQL 11.x before 11.5 Windows Audio Service Elevation of Privilege Vulnerability Vulnerability: Insecure Handling of Superuser Password in Postgresql Windows Installer Vulnerability: Code Execution via Unprotected Directory in PostgreSQL Windows Installer Undertow DEBUG Log Information Disclosure Vulnerability Unsanitized Secret Data Exposure in OpenShift Container Platform Vulnerability: Insecure TLS Connections in Containers/Image Library Cross-Site Scripting Vulnerability in Bootstrap-3-Typeahead's highlighter() Function Privilege Escalation Vulnerability in Ghostscript Sensitive Data Leakage in Ansible GCP Modules Samba Client Path Traversal Vulnerability XSS Vulnerability in Hibernate-Validator's SafeHtml Validator Annotation Windows Audio Service Elevation of Privilege Vulnerability Relative Paths Injection Vulnerability in Linux Kernel CIFS Implementation (Version 4.9.0) Reflected Cross Site Scripting Vulnerability in pki-core 10.x.x Ceph RGW Beast Front End Remote Denial of Service Vulnerability Vulnerability: Exposing Secret Content in Metrics Sensitive Information Disclosure in 389-ds-base Vulnerability: Unauthorized Access to GlusterFS StorageClass in OpenShift Container Platform Title: Authenticated HTML Injection Vulnerability in Fat Free CRM v0.19.0 via /comments URI Reflected XSS Vulnerability in openITCOCKPIT 404-not-found Component Arbitrary Password Login Vulnerability in MailStore Server Scripting Engine Memory Object Information Disclosure Vulnerability PHP Type Juggling Vulnerability in Teclib GLPI Allows Authentication Bypass SQL Injection in Teclib GLPI through 9.3.3 via cycle parameter in /scripts/unlock_tasks.php Timing Attack Vulnerability in Teclib GLPI before 9.4.1.1 CSRF Vulnerability in S-CMS PHP v1.0 Allows Unauthorized Addition of Admin User XSS Vulnerability in Sitemagic CMS v4.4 via Filename Parameter Insufficient Protection of Stored Credentials in Robotronic RunAsSpc 3.7.0.0 Chakra Scripting Engine Remote Code Execution Vulnerability Insecure HTTP Resolution of Maven Build Artifacts in Eclipse hawkBit XSS Vulnerability in Eclipse Jetty DefaultServlet and ResourceHandler Path Traversal Vulnerability in Eclipse Kura SkinServlet Exposure of Underlying Ui Web Server Version in Eclipse Kura Versions up to 4.0.0 XXE Vulnerability in Eclipse Kura Versions up to 4.0.0 Java Bytecode Verifier Allows Execution Past End of Bytecode Array in Eclipse OpenJ9 Windows Directory Listing Information Exposure Vulnerability in Eclipse Jetty Exposure of Configured Directory Base Resource Location in Jetty Server 404 Error Insecure Maven Artifact Resolution in Eclipse Vorto Prior to 0.11 Insecure File Transfer in Xtext & Xtend Versions Prior to 2.18.0 Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Vulnerability: UCWeb UC Browser 7.0.185.1002 on Windows PDF Module Download MITM Attack Vulnerability: MITM Attacks in UCWeb UC Browser for Android CSRF Vulnerability in TeamMate+ 21.0.0.0 Allows Remote Attackers to Modify Application Data Reflected XSS Vulnerability in MISP before 2.4.105 Open Redirect Vulnerability in Jupyter Notebook and JupyterHub VIVOTEK IPCam Authentication Bypass Vulnerability Directory Traversal Vulnerability in Zucchetti HR Portal Allows Unauthorized Access to System Files Windows Audio Service Elevation of Privilege Vulnerability XSS Vulnerabilities in Total.js CMS 12.0.0: themes/admin/views/index.html and themes/admin/public/ui.js Stored/Persistent XSS in CentOS Web Panel (CWP) 0.9.8.789 via Edit Nameservers IPs action SQL Injection Vulnerability in BlueCMS 1.6 XSS Vulnerability in Ahsay Cloud Backup Suite Allows Account Takeover XXE Vulnerability in Ahsay Cloud Backup Suite Allows Arbitrary XML Entity Expansion Directory Traversal Vulnerability in Ahsay Cloud Backup Suite Unauthenticated File Structure and Content Disclosure in Ahsay Cloud Backup Suite Insecure File Upload and Code Execution Vulnerability in Ahsay Cloud Backup Suite 8.1.0.50 Stack-based buffer overflow in BWA (Burrow-Wheeler Aligner) before 2019-01-23 via long sequence name in .alt file Windows Audio Service Elevation of Privilege Vulnerability Arbitrary Password Reset Vulnerability in Ultimate Member Plugin for WordPress Unauthorized Profile and Cover Picture Modification Vulnerability in Ultimate Member Plugin 2.39 for WordPress CRLF Injection Vulnerability in Weaver e-cology 9.0 User Enumeration Vulnerability in ManageEngine ServiceDesk Plus 9.3 File Upload Vulnerability in Western Bridge Cobub Razor 0.8.0 via web/assets/swf/uploadify.php URI Unencrypted Storage of Credentials in Jenkins StarTeam Plugin Cross-Site Request Forgery Vulnerability in Jenkins jenkins-reviewbot Plugin Missing Permission Check in Jenkins jenkins-reviewbot Plugin Allows Unauthorized Connection Initiation Windows Audio Service Elevation of Privilege Vulnerability Unencrypted Storage of Credentials in Jenkins Assembla Auth Plugin Unencrypted Storage of Credentials in Jenkins Relution Enterprise Appstore Publisher Plugin Unencrypted Storage of Credentials in Jenkins Klaros-Testmanagement Plugin Unencrypted Storage of Credentials in Jenkins mabl Plugin Unencrypted Storage of Credentials in Jenkins Diawi Upload Plugin Unencrypted Storage of Credentials in Jenkins Minio Storage Plugin Unencrypted Storage of Credentials in Jenkins DeployHub Plugin Unencrypted Storage of Credentials in Jenkins YouTrack-Plugin Unencrypted Storage of Credentials in Jenkins Jabber Server Plugin Cross-Site Request Forgery Vulnerability in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and Older Skype for Business Denial of Service Vulnerability Vulnerability: Missing Permission Check in Jenkins Netsparker Cloud Scan Plugin Unencrypted Storage of Credentials in Jenkins Netsparker Cloud Scan Plugin Cross-Site Request Forgery Vulnerability in Jenkins Kmap Plugin Allows Server Connection Initiation Unauthenticated Remote Code Execution in Jenkins Kmap Plugin Unencrypted Storage of Credentials in Jenkins Kmap Plugin Unencrypted Storage of Credentials in Jenkins crittercism-dsym Plugin Unencrypted Storage of Credentials in Jenkins Serena SRA Deploy Plugin Unencrypted Storage of Credentials in Jenkins Sametime Plugin's Global Configuration File Unencrypted Storage of Credentials in Jenkins Koji Plugin's Global Configuration File Unencrypted Storage of Credentials in Jenkins CloudCoreo DeployTime Plugin Memory Object Handling Vulnerability in Microsoft Edge Cross-Site Request Forgery Vulnerability in Jenkins GitLab Plugin 1.5.11 and Earlier Missing Permission Check in Jenkins GitLab Plugin Allows Unauthorized Access to Credentials Unencrypted Storage of Credentials in Jenkins Jira-ext Plugin Unencrypted Storage of Credentials in Jenkins Azure PublisherSettings Plugin Cross-Site Request Forgery Vulnerability in Jenkins XebiaLabs XL Deploy Plugin Missing Permission Check in Jenkins XebiaLabs XL Deploy Plugin Allows Unauthorized Server Connections Sandbox Bypass Vulnerability in Jenkins ontrack Plugin 3.4 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins Static Analysis Utilities Plugin Allows Unauthorized Modification of Default Graph Configuration Vulnerability: Unauthorized Modification of Default Graph Configuration in Jenkins Static Analysis Utilities Plugin XML External Entity (XXE) Processing Vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin Microsoft Office SharePoint XSS Vulnerability Cross-Site Request Forgery Vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and Earlier Vulnerability: Missing Permission Check in Jenkins Ansible Tower Plugin Allows Unauthorized Access to Credentials Vulnerability: Enumeration of Credentials in Jenkins Ansible Tower Plugin Unencrypted Storage of Credentials in Jenkins Twitter Plugin's Global Configuration File Global SSL/TLS and Hostname Verification Bypass in Jenkins Koji Plugin CSRF Vulnerability in Jenkins GitHub Authentication Plugin 0.31 and Earlier Unencrypted Storage of Credentials in Jenkins Aqua MicroScanner Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins SiteMonitor Plugin Unencrypted Storage of Client Secret in Jenkins Azure AD Plugin Information Disclosure Vulnerability in Jenkins PAM Authentication Plugin Microsoft Office SharePoint XSS Vulnerability Jenkins Credentials Plugin Path Disclosure and Certificate Content Disclosure Vulnerability Cross-Site Request Forgery Vulnerability in Jenkins Artifactory Plugin 3.2.2 and Earlier Jenkins Artifactory Plugin 3.2.2 and Earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs and Credentials Jenkins Artifactory Plugin 3.2.3 and Earlier: Missing Permission Check Allows Enumeration of Credentials Cross-Site Request Forgery Vulnerability in Jenkins Artifactory Plugin 3.2.2 and Earlier Cross-Site Scripting Vulnerability in Jenkins Warnings NG Plugin 5.0.0 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins Warnings NG Plugin 5.0.0 and Earlier XML External Entities (XXE) Vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and Earlier Arbitrary Method Invocation Vulnerability in Jenkins Pipeline Remote Loader Plugin Unencrypted Storage of Credentials in Jenkins InfluxDB Plugin Microsoft Office SharePoint XSS Vulnerability Untrusted Revision Manipulation in Jenkins Gitea Plugin 1.1.1 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and Earlier Unauthenticated Remote Code Execution in Jenkins ElectricFlow Plugin Information Disclosure Vulnerability in Jenkins ElectricFlow Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins ElectricFlow Plugin Stored Cross Site Scripting Vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and Earlier Reflected Cross-Site Scripting Vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and Earlier XML External Entities (XXE) Vulnerability in Jenkins Token Macro Plugin 2.7 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins JX Resources Plugin Allows Credential Leakage Jenkins JX Resources Plugin 1.0.36 and Earlier: Missing Permission Check Allows Unauthorized Access to Kubernetes Server Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1034) Cross-Site Request Forgery Vulnerability in Jenkins Docker Plugin 1.1.6 and Earlier Unauthenticated Remote Code Execution in Jenkins Docker Plugin Vulnerability: Enumeration of Credentials IDs in Jenkins Docker Plugin 1.1.6 and earlier Improper Value Masking in Jenkins Configuration as Code Plugin Information Disclosure in Jenkins Configuration as Code Plugin Insecure Handling of Proxy Password in Jenkins Configuration as Code Plugin Reflected Cross-Site Scripting Vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and Earlier Unencrypted Storage of Credentials in Jenkins Mashup Portlets Plugin Unencrypted Storage of Credentials in Jenkins Gogs Plugin Stored Cross Site Scripting Vulnerability in Jenkins Dependency Graph Viewer Plugin Microsoft Word Remote Code Execution Vulnerability Unencrypted Storage of Credentials in Jenkins Port Allocator Plugin Unencrypted Storage of Credentials in Jenkins Caliper CI Plugin Arbitrary File Write Vulnerability in Jenkins 2.185 and Earlier CSRF Token Expiration Bypass in Jenkins 2.185 and Earlier Stapler Web Framework Vulnerability: Unauthorized Access to View Fragments in Jenkins Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Information Disclosure Vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin Sensitive Build Variable Disclosure in Jenkins Maven Integration Plugin Cross-Site Request Forgery Vulnerability in Jenkins Maven Release Plugin 0.14.0 and Earlier Microsoft Office SharePoint XSS Vulnerability Stored Cross Site Scripting Vulnerability in Jenkins Maven Release Plugin 0.14.0 and Earlier Unencrypted Storage of Credentials in Jenkins Maven Release Plugin Jenkins Configuration as Code Plugin: Variable Interpolation Vulnerability Inadequate Identification of Sensitive Values in Jenkins Configuration as Code Plugin Sensitive Private Key Information Leakage in Jenkins Amazon EC2 Plugin Insecure Temporary Access Token Storage in Jenkins Google Kubernetes Engine Plugin Unencrypted Storage of Credentials in Jenkins Skytap Cloud CI Plugin Incomplete Fix of CVE-2019-10343 in Jenkins Configuration as Code Plugin 1.26 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins JClouds Plugin 2.14 and Earlier Jenkins JClouds Plugin Vulnerability: Unauthorized Access to Attacker-Specified URLs and Credentials Capture Windows Error Reporting File Handling Elevation of Privilege Vulnerability Jenkins Mask Passwords Plugin: Plain Text Transmission of Global Passwords Session Fixation Vulnerability in Jenkins Gitlab Authentication Plugin Open Redirect Vulnerability in Jenkins Gitlab Authentication Plugin Stored Cross-Site Scripting Vulnerability in Jenkins Build Pipeline Plugin 1.5.8 and Earlier Stored Cross-Site Scripting Vulnerability in Jenkins PegDown Formatter Plugin 1.3 and Earlier Arbitrary File Read Vulnerability in Jenkins File System SCM Plugin 2.1 and Earlier Reflected Cross-Site Scripting Vulnerability in Jenkins Wall Display Plugin 0.6.34 and Earlier Jenkins Avatar Plugin 1.2 and Earlier: Unauthorized Avatar Modification Vulnerability Unencrypted Storage of Credentials in Jenkins TestLink Plugin Unencrypted Storage of Credentials in Jenkins Google Cloud Messaging Notification Plugin Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Arbitrary Code Execution in Jenkins Simple Travis Pipeline Runner Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins Codefresh Integration Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins VMware Lab Manager Slaves Plugin Stored Cross-Site Scripting Vulnerability in Jenkins Update Center CSRF Token Bypass Vulnerability in Jenkins 2.191 and Earlier Unencrypted Storage of Credentials in Jenkins eggPlant Plugin 2.2 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins XL TestView Plugin 1.2.0 and Earlier Unauthenticated Remote Code Execution in Jenkins XL TestView Plugin Cross-Site Request Forgery Vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin Unauthenticated Remote Code Execution in Jenkins Relution Enterprise Appstore Publisher Plugin Windows Kernel Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Jenkins Splunk Plugin 1.7.4 and Earlier Plain Text Transmission of Configured Passwords in Jenkins IBM Application Security on Cloud Plugin OS Command Injection in Jenkins Git Client Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Cross-Site Scripting Vulnerability in Jenkins Build Environment Plugin 1.6 and Earlier Cross-Site Scripting Vulnerability in Jenkins Dashboard View Plugin 2.11 and Earlier Vulnerability: Plain Text Transmission of Configured Passwords in Jenkins Aqua Security Serverless Scanner Plugin Unencrypted Storage of Credentials in Jenkins Beaker Builder Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin NTLM MIC Bypass Vulnerability in Microsoft Windows Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Stored XSS Vulnerability in Jenkins LTS and Earlier Versions Stored XSS Vulnerability in Jenkins LTS and Earlier Versions Stored XSS Vulnerability in Jenkins 2.196 and Earlier Stored XSS vulnerability in Jenkins 2.196 and earlier, LTS 2.176.3 and earlier Jenkins XSS Vulnerability: Session Cookie Disclosure via Cookie Header Stored XSS Vulnerability in Jenkins Global Configuration Unmasked Sensitive Variables in Jenkins Project Inheritance Plugin Cross-Site Request Forgery Vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and Earlier Vulnerability: Unauthorized Project Generation in Jenkins Project Inheritance Plugin Windows Kernel Object Handling Elevation of Privilege Vulnerability Cross-Site Scripting Vulnerability in Jenkins Log Parser Plugin 2.0 and Earlier Inedo BuildMaster Plugin: Plain Text Transmission of Configured Credentials Inedo ProGet Plugin for Jenkins: Plain Text Transmission of Configured Credentials Unencrypted Storage of Credentials in Jenkins CI/CD Plugin 1.3 and Earlier Unencrypted Storage of Credentials in Jenkins Git Changelog Plugin Unencrypted Storage of Credentials in Jenkins Violation Comments to GitLab Plugin Unencrypted Storage of Credentials in Jenkins Violation Comments to GitLab Plugin Jenkins Kubernetes Pipeline: Arbitrary Method Invocation Vulnerability Arbitrary Method Invocation Vulnerability in Jenkins Kubernetes Pipeline Arquillian Steps Plugin Unencrypted Storage of Credentials in Jenkins vFabric Application Director Plugin Unencrypted Storage of Credentials in Jenkins Assembla Plugin Unencrypted Storage of Credentials in Jenkins Azure Event Grid Build Notifier Plugin Unencrypted Storage of Credentials in Jenkins Call Remote Job Plugin Unencrypted Storage of Credentials in Jenkins CodeScan Plugin's Global Configuration File Unencrypted Storage of Credentials in Jenkins elOyente Plugin Unencrypted Storage of Credentials in Jenkins Google Calendar Plugin Unencrypted Storage of Credentials in Jenkins Gem Publisher Plugin Jenkins Aqua MicroScanner Plugin: Plain Text Transmission of Configured Credentials Jenkins Aqua Security Scanner Plugin: Plain Text Transmission of Configured Credentials Unencrypted Storage of Credentials in Jenkins GitLab Logo Plugin Memory Object Handling Vulnerability in comctl32.dll: Remote Code Execution Unencrypted Storage of Credentials in Jenkins NeuVector Vulnerability Scanner Plugin Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Cross-Site Scripting Vulnerability in Jenkins HTML Publisher Plugin 1.20 and Earlier Unencrypted Storage of Credentials in Jenkins Dingding Plugin Jenkins LDAP Email Plugin: Plain Text Transmission of Configured Credentials Jenkins SourceGear Vault Plugin: Plain Text Transmission of Configured Credentials Arbitrary File Read Vulnerability in Jenkins Google OAuth Credentials Plugin 0.9 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins CRX Content Package Deployer Plugin Jenkins CRX Content Package Deployer Plugin 1.8.1 and Earlier: Missing Permission Check Allows Unauthorized URL Connection and Credential Capture Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier: Missing Permission Check Allows Enumeration of Stored Credentials Windows Secure Kernel Mode Security Feature Bypass Vulnerability Unencrypted Storage of Credentials in Jenkins NeoLoad Plugin Cross-Site Request Forgery Vulnerability in Jenkins iceScrum Plugin 1.1.5 and Earlier Unauthenticated Remote Code Execution in Jenkins iceScrum Plugin Unencrypted Storage of Credentials in Jenkins iceScrum Plugin Unconditional SSL/TLS and Hostname Verification Disabling in Jenkins Bumblebee HP ALM Plugin Information Disclosure Vulnerability in Jenkins Google Kubernetes Engine Plugin Global SSL/TLS and Hostname Verification Bypass in Jenkins Cadence vManager Plugin Unencrypted Storage of Credentials in Jenkins Sofy.AI Plugin Unencrypted Storage of Credentials in Jenkins Extensive Testing Plugin Unencrypted Storage of Credentials in Jenkins Fortify on Demand Plugin Windows Network File System Elevation of Privilege Vulnerability Unencrypted Storage of Credentials in Jenkins ElasticBox CI Plugin Unencrypted Storage of Credentials in Jenkins SOASTA CloudTest Plugin Unencrypted Storage of Credentials in Jenkins View26 Test-Reporting Plugin Unencrypted Storage of Credentials in Jenkins Delphix Plugin's Global Configuration File Jenkins Rundeck Plugin Cross-Site Request Forgery Vulnerability: Unauthorized Access to Attacker-Specified URL Jenkins Rundeck Plugin Vulnerability: Unauthorized URL Connection with Attacker-Specified Credentials Cross-Site Request Forgery Vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin Unauthenticated Remote Code Execution in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin Arbitrary Code Execution Vulnerability in Jenkins Puppet Enterprise Pipeline Unencrypted Storage of Secret Token in Jenkins Mattermost Notification Plugin Windows GDI Memory Disclosure Vulnerability Unencrypted Storage of Credentials in Jenkins Bitbucket OAuth Plugin Unencrypted Storage of Credentials in Jenkins Dynatrace Application Monitoring Plugin Cross-Site Request Forgery Vulnerability in Jenkins Dynatrace Application Monitoring Plugin Unauthenticated Remote Code Execution in Jenkins Dynatrace Application Monitoring Plugin Cross-Site Request Forgery Vulnerability in Jenkins Deploy WebLogic Plugin Jenkins Deploy WebLogic Plugin Missing Permission Check Vulnerability Jenkins 360 FireLine Plugin XXE Vulnerability: Extracting Secrets and Enabling SSRF and DoS Attacks Unencrypted Storage of Credentials in Jenkins Sonar Gerrit Plugin Cross-Site Request Forgery Vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Vulnerability: Missing Permission Check in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Windows GDI Memory Disclosure Vulnerability Vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin Allows Enumeration of Credentials Jenkins Libvirt Slaves Plugin Cross-Site Request Forgery Vulnerability: Unauthorized SSH Server Connection and Credential Capture Vulnerability: Unauthorized SSH Server Connection in Jenkins Libvirt Slaves Plugin Vulnerability: Enumeration of Credentials ID in Jenkins Libvirt Slaves Plugin Vulnerability: Unauthorized Script Listing in Jenkins Global Post Script Plugin Jenkins build-metrics Plugin: Reflected Cross-Site Scripting Vulnerability Unencrypted Storage of Credentials in Jenkins Zulip Plugin FusionInventory Plugin SendXML Action Mishandling Vulnerability Unrestricted File Upload Vulnerability in Glory RBW-100 Devices with Firmware ISP-K05-02 7.0.0 Hard-coded Username and Password Vulnerability in Glory RBW-100 Devices Windows GDI Memory Disclosure Vulnerability WMI Firmware Event Handler Out of Bound Write Vulnerability Out of Bound Access Vulnerability in WMI FW Event Handling in Snapdragon Platforms Timing Side Channel Vulnerability in Snapdragon Processors Side Channel Vulnerability in QTEE: Non-Time-Constant Comparison Function Usage in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Platforms Infinite Loop Vulnerability in Multiple Snapdragon Platforms Race condition vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Null-pointer dereference vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 while parsing avi clip during copy. Windows GDI Memory Disclosure Vulnerability Use After Free Vulnerability in Xtra Daemon Shutdown in Multiple Snapdragon Platforms Vulnerability: Compromised ADSP in Snapdragon Processors AVB Boot Image Verification Vulnerability in Multiple Qualcomm Snapdragon Processors Vulnerability: Position Determination Accuracy Degradation in Snapdragon Processors Race condition vulnerability in camera functions leading to memory corruption and UAF issue in multiple Snapdragon platforms Arbitrary Buffer Write Vulnerability in Snapdragon Processors Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Use After Free Vulnerability in Snapdragon Processors Multiple Buffer Overflow Vulnerabilities in Qualcomm Snapdragon Processors Out-of-Bound Access Vulnerability in Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Windows GDI Memory Disclosure Vulnerability Buffer Overflow Vulnerability in Snapdragon Processors Use After Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Stack Overflow Vulnerability in Camera Module of Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDX24 Out-of-bounds Access Vulnerability in Snapdragon Camera Driver Firmware Resource Consumption Vulnerability in Qualcomm Snapdragon Devices Out of Bound Access Vulnerability in Snapdragon Processors Unvalidated User Input in QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY Command Out of Buffer Read Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music Out-of-Bounds Access Vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820A, SDX20 due to Lack of Input Validation Pairing Device Use-After-Free Vulnerability in Snapdragon Devices Chakra Scripting Engine Remote Code Execution Vulnerability Null Pointer Dereference Vulnerability in Bluetooth Process of Snapdragon Auto, Consumer IoT, Mobile, Voice & Music Processors Memory Overflow Vulnerability in GSNDCP Compressed Mode PDU Decoding in Snapdragon Platforms Unbounded Array Index Vulnerability in Multiple Snapdragon Platforms Null Pointer Access Vulnerability in Trustzone Execution of SPDM Commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, Preemptive Freeing Vulnerability in Snapdragon Processors Multiple Read Overflows in MM Decoding Vulnerability in Snapdragon Auto, Compute, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, and Wearables Double Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Use After Free Vulnerability in iWLAN State Transition in Snapdragon Platforms Chakra Scripting Engine Remote Code Execution Vulnerability GPU Memory Exhaustion Vulnerability in Snapdragon Mobile Processors Nonstandard Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Data Leakage Vulnerability in Multiple Snapdragon Platforms Use-after-free vulnerability in clk driver allows for arbitrary code execution Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables Processors Out of Bound Write Vulnerability in WLAN Driver in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music Vulnerability: SMEM Partition Manipulation Leading to Memory Corruption Use After Free Vulnerability in Kernel for Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24 Race condition vulnerability in set_page_dirty() function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 Folder Shortcut Validation Vulnerability Buffer Overflow Vulnerability in Snapdragon Auto, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables Buffer Overflow Vulnerability in Qualcomm Snapdragon Processors Null-pointer dereference vulnerability in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Array Index Out of Bounds Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 Null-pointer dereference vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 Out-of-Bound Access Vulnerability in WLAN Function in Snapdragon Processors Double Free Vulnerability in Multiple Snapdragon Chipsets and Modules Integer overflow vulnerability in event buffer extraction from FW response in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Firmware Response Address Range Vulnerability Buffer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Multiple Qualcomm Chipsets Edge MOTW Bypass Vulnerability Buffer Overflow Vulnerability in WLAN NAN Function in Multiple Snapdragon Platforms Uninitialized Buffer Dereference Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 Firmware File Buffer Over-read Vulnerability Out-of-Bound Access Vulnerability in Diag Handlers in Snapdragon Processors Critical Null Pointer Dereference Vulnerability in Snapdragon Kernel Buffer Overflow Vulnerability in WLAN Firmware during Roaming in Multiple Snapdragon Platforms Memory Leak Vulnerability in ION IOCTL Calls in Snapdragon Auto, Compute, Consumer Electronics, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables, Wired Infrastructure, and Networking Heap Use-After-Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Wearables Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables in Multiple Chipsets Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Buffer Over-read Vulnerability in Multiple Snapdragon Platforms Buffer Overread Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Multiple Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, Wired Infrastructure and Networking Multiple Read Overflows in Authentication Decoding in Snapdragon Platforms Multiple Read Overflows Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in various Qualcomm chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Out-of-bound read vulnerability in Linux kernel wireless driver in Snapdragon devices Out of Bound Vulnerability in FastRPC HLOS Driver in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Processors Internet Explorer Scripting Engine Memory Corruption Vulnerability Improper Initialization of Local Variables in Snapdragon Processors Leads to Denial of Service Vulnerability Vulnerability in Secure Boot Loader Allows Loading of Unverified Debug Policies and Leads to Memory Corruption Improper Input Validation Leads to Buffer Over-read in Snapdragon Processors Out-of-Bounds (OOB) Vulnerability in EEPROM Memory Access in Snapdragon Platforms Double Free Vulnerability in Multiple Snapdragon Platforms Buffer Overflow Vulnerability in WLAN Module with Supported Rates or Extended Rates Element Length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IoT, Snapdragon Industrial IoT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA845, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR2130 GPU Ringbuffer Overwrite Vulnerability in Snapdragon Processors Misplaced Instance ID Vulnerability in Snapdragon Platforms MSXML Remote Code Execution Vulnerability Missing size check in Snapshot of IB function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS405, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130 Integer Overflow and Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables in Multiple Qualcomm Chipsets Out-of-Bound Read Vulnerability in Multiple Snapdragon Platforms Unsigned Wlan Binary Vulnerability in Snapdragon Devices Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Buffer Over-read Vulnerability in Multiple Snapdragon Platforms Use-after-free vulnerability in kernel thread unregistered listener Use-after-free vulnerability in audio device pointer assignment in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Invalidated Iterator Use After Free Vulnerability in Sensors HAL Critical Use After Free Vulnerability in Snapdragon Platforms Out of Bound Access Vulnerability in Debug Queue of Snapdragon Processors Integer overflow vulnerability in mmap find function can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in multiple Qualcomm chipsets. Buffer Overflow Vulnerability in Snapdragon Processors Stack Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Remote Stack Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in Snapdragon Platforms Internet Explorer Scripting Engine Memory Corruption Vulnerability Out-of-Bound Access Vulnerability in DTS Atom Parsing in Multiple Snapdragon Platforms Null Pointer Dereference Vulnerability in Parsing Non-Standard udta Atom in Snapdragon Platforms Potential Integer Overflow Vulnerability in QDCM API of Snapdragon Platforms Buffer Overflow Vulnerability in SDP Video Image Attribute Processing in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Stack Overflow Vulnerability in Multiple Snapdragon Platforms Buffer Overwrite Vulnerability in Message Handler in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24 Improper Access Control Vulnerability in Snapdragon Platforms Arbitrary Memory Write Vulnerability in Multiple Snapdragon Platforms Out of Bound Access Vulnerability in Snapdragon Processors MSXML Remote Code Execution Vulnerability Out-of-Scope Local Variable Vulnerability in Multiple Snapdragon Platforms Firmware Event Processing Vulnerability in Multiple Snapdragon Platforms Heap-based use-after-free vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables processors Use After Free Vulnerability in Snapdragon Devices during Route Lookup Heap-buffer-overflow vulnerability during image version information population in diag command response packet Buffer Overwrite Vulnerability in IEEE80211 Header Filling Function in Multiple Snapdragon Platforms Out-of-Bound Access Vulnerability in Snapdragon Chipsets USB Driver Out of Bounds memcpy Vulnerability in Multiple Snapdragon Platforms Insecure Binding Vulnerability in Snapdragon Platforms Out of Bound Write Vulnerability in Multiple Snapdragon Platforms Buffer Over Read Vulnerability in SDP Message Processing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Stack Overflow Vulnerability in UTCB Object's Memory Deallocation Function Pointer Unvalidated Data Access Vulnerability in Multiple Snapdragon Platforms Integer Overflow Vulnerability in Keymaster 4 Leading to Memory Corruption Null Pointer Access Vulnerability in SPDM Commands Execution in Non-Standard Way Privilege Escalation Vulnerability in QCA6174_9377.WIN.1.0 Invalid Address Access Vulnerability in Snapdragon Connectivity (QCA6390) Chakra Scripting Engine Remote Code Execution Vulnerability Improper User Data Length Check Leading to Kernel Memory Error in Snapdragon Processors Use After Free Vulnerability in Snapdragon Auto, Compute, Industrial IOT, Mobile, Voice & Music Out-of-Bound Memory Access Vulnerability in Snapdragon Processors Integer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile Processors Integer Truncation Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Industrial IOT, Mobile, and more Critical Out-of-Bound Access Vulnerability in Snapdragon Processors Unvalidated Payload Size Vulnerability in Multiple Snapdragon Platforms Critical Integer Overflow to Buffer Overflow Vulnerability in PostScript and PDF Printers TLB Manipulation Vulnerability in Snapdragon Processors Kernel Virtual Page Corruption Vulnerability in Snapdragon Processors Internet Explorer Remote Code Execution Vulnerability Zyxel NAS 326 through 5.21 Plaintext Password Vulnerability Zyxel NAS 326 Package Installer Shell Metacharacter Injection Vulnerability Directory Traversal Vulnerability in Zyxel NAS 326 File Browser Component Eval Injection Vulnerability in Zyxel NAS 326 v5.21 and Below: Remote Code Execution via tjp6jp6y4, simZysh, and ck6fup6 APIs Zyxel NAS 326 XSS Vulnerability: Remote Code Injection via User, Group, and File-Share Description Fields Flash Memory Reprogramming Vulnerability in Marvell SSD Controller Devices Secure Boot Bypass Vulnerability in Marvell SSD Controller Devices Vulnerability: Tracking and Hash Collision in Linux Kernel IP ID Generation KASLR Bypass: Information Exposure Vulnerability in Linux Kernel 4.x and 5.x Windows AppXSVC Hard Link Handling Elevation of Privilege Vulnerability Uncontrolled Resource Consumption in GitLab CI Configuration Validation Weak Password Recovery Mechanism in Contao Versions 3.5.39 and 4.x before 4.7.3 CSRF Vulnerability in Contao 4.7 Expired Key Vulnerability in Contao 4.7 CSRF Vulnerability in HYBBS 2.2 Allows Unauthorized Administrator Account Creation Cross-Site Scripting (XSS) Vulnerability in Wolf CMS v0.8.3.1 Add Snippet Module Remote Code Execution in ZZZCMS zzzphp v1.6.3 via plugins/ueditor/php/controller.php?action=catchimage source[] Parameter Remote DNS Query Vulnerability in Robocode Memory Leak Vulnerability in ImageMagick 7.0.8-36 Q16's SVGKeyValuePairs Function Windows Kernel Object Handling Elevation of Privilege Vulnerability Heap-based Buffer Over-read in WriteTIFFImage Function of ImageMagick 7.0.8-36 Q16 Remote Code Execution Vulnerability in Ivanti Endpoint Manager (EPM) 2017.3 and 2018.x Arbitrary PHP File Upload Vulnerability in flatCore 1.4.7 SQL Injection Vulnerability in Hsycms V1.1 via /news/*.html Page Denial of Service Vulnerability in LZO 2.10 Library (CVE-2017-8846) Unauthenticated Remote Code Execution via Shell Metacharacters and Buffer Overflow in Grandstream IP Phones Arbitrary Code Execution in Grandstream GWN7000 Devices via Filename Metacharacters Password Disclosure Vulnerability in Grandstream GWN7000 and GWN7610 Devices Arbitrary Code Execution in Grandstream GWN7610 Devices Arbitrary Code Execution in Grandstream GXV3370 and WP820 Devices via /manager?action=getlogcat Priority Field Arbitrary Code Execution in Grandstream GXV3611IR_HD Devices Root Account Without Password Vulnerability Arbitrary Code Execution Vulnerability in Grandstream UCM6204 Devices SQL Injection Vulnerability in Grandstream UCM6204 Devices SQL Injection in Domoticz WebServer.cpp via idx parameter Unvalidated User Input in LibreNMS Graphing Options Allows for RRDtool Syntax Injection Arbitrary PHP Code Execution via Dynamic Script Inclusion in LibreNMS Information Disclosure and File Path Exposure Vulnerability in LibreNMS Unauthenticated Access to Sensitive Functions and Information in LibreNMS Command Injection Vulnerability in LibreNMS through 1.47 Memory Object Handling Vulnerability in Windows Kernel Cross-Site Scripting (XSS) Vulnerability in LibreNMS SQL Injection Vulnerability in LibreNMS Improper Validation of Multiplications and Additions in treeRead Function in libmysofa CSRF Vulnerability in Ultimate Member Plugin Allows Unauthorized Admin Access and Code Execution Uniqkey Password Manager 1.14 - Cleartext Credential Exposure Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in DASAN Zhone ZNID GPON 2426A EU Version S3.1.285 Insecure Argument Options in Domoticz: Neglecting \n and \r Weak Permissions in Thomson Reuters Eikon 4.0.42144 Allow Local Users to Modify Service Executable SQL Server Remote Code Execution Vulnerability Cleartext Secrets Storage in django-nopassword before 5.0.0 Arbitrary PHP Code Execution in 74cms v5.0.1 via site_domain Parameter Reflected Cross Site Scripting (XSS) Vulnerability in Heidelberg Prinect Archiver v2013 release 1.0 SSRF Vulnerability in Ctrip Apollo API: Intranet Port Scan and GET Request via /system-info/health SQL Injection Vulnerabilities in KBPublisher 6.0.2.1 Hard-coded Credentials Vulnerability in VVX Products with BToE Application 3.9.1 Insufficient Authentication in VVX Products with BToE Application: Sensitive Information Leakage Task Scheduler Elevation of Privilege Vulnerability Dovecot JSON Encoder Denial of Service Vulnerability Unsanitized Field Names in wp-google-maps Plugin REST API Default Admin Password Vulnerability in Puppet Enterprise Exposure of Root User Credentials in cd4pe::root_configuration Task Microsoft Office SharePoint XSS Vulnerability Decryption Vulnerability in Western Digital SanDisk X600 Drives Allows Unauthorized Access to Data Firmware Update Authentication Vulnerability in Western Digital SanDisk Devices SQL Injection Vulnerability in MKCMS V5.0 via bplay.php Play Parameter SQL Injection Vulnerability in S-CMS PHP v1.0 via 4/js/scms.php?action=unlike id parameter Asus Precision TouchPad Driver Pool Overflow Vulnerability Windows Kernel Object Memory Handling Vulnerability Vulnerability: Insecure Permissions in Hisilicon Hi3510-based IP Cameras' Web Management Portal Expose WiFi Credentials Unauthenticated RTSP Stream Access Vulnerability in Hisilicon Hi3510-based IP Cameras Undocumented Service Access in WAGO Series 750-88x and 750-87x Web-GUI Out-of-Bounds Access Vulnerability in LocaleLowercase Function in ImageMagick Stored XSS Vulnerability in Verodin Director 3.5.3.0 and Earlier Information Disclosure Vulnerability in Verodin Director 3.5.3.1 and Earlier Directory Traversal Vulnerability in BlogEngine.NET 3.3.7.0 via /api/filemanager Path Parameter XML External Entity Blind Injection in BlogEngine.NET 3.3.7.0 and earlier Directory Traversal and Remote Code Execution Vulnerability in BlogEngine.NET 3.3.7.0 and Earlier Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability Directory Traversal and Remote Code Execution Vulnerability in BlogEngine.NET 3.3.7.0 and Earlier Client Side URL Redirect Vulnerability in BlogEngine.NET 3.3.7.0 Excessive Memory Allocation Vulnerability in PoDoFo 0.9.6 Dolby DAX2 API System Services Privilege Escalation Vulnerability Windows Kernel Object Memory Handling Vulnerability KDE KMail 5.2.3 Encrypted Email Leakage Vulnerability Vulnerability: Email Encryption Leakage in KDE Trojita 0.7 Vulnerability: Covert Leakage of Encrypted Emails in Claws Mail 3.14.1 Microsoft Windows Symbolic Link Elevation of Privilege Vulnerability Vulnerability: Covert Leakage of Encrypted Emails in Roundcube Webmail Vulnerability: HTML Code Injection in K-9 Mail v5.600 Denial of Service Vulnerability in Axios 0.18.0 and earlier Zip Slip Vulnerability: Path Traversal Exploit in Archiver's Unarchive Function Prototype Pollution Vulnerability in lodash.defaultsDeep() Prototype Pollution in assign-deep versions before 0.4.8 and 1.0.0 Prototype Pollution in mixin-deep: Exploiting Object.prototype Modification Prototype Pollution Vulnerability in set-value (versions < 3.0.1) SQL Injection Vulnerability in Sequelize SQL Injection in Sequelize JSON Path Keys in Postgres Dialect ASP.NET Core Open Redirect Vulnerability Prototype Pollution in deeply.assign-deep function in versions before 3.1.0 Open Redirect Vulnerability in HTTPie Package Allows Arbitrary File Write Sequelize JSON Query SQL Injection Vulnerability Insecure Dependency Resolution in Eclipse-WTP, Eclipse-CDT, and Eclipse-Groovy Predictable Token and ID Generation in Apereo CAS Before 6.1.0-RC5 Predictable SAML Identifier Vulnerability in pac4j-saml 3.X JavaScript Injection Vulnerability in node-red-dashboard SQL Injection Vulnerability in Knex.js Versions Before 0.19.5 Remote Code Execution in mongo-express via `toBSON` Method Arbitrary Code Execution Vulnerability in Safer-eval (before 1.3.4) Team Foundation Server Cross-site Scripting Vulnerability Arbitrary Code Execution Vulnerability in Safer-eval Before 1.3.2 Arbitrary Code Execution via Infinite Recursion in vm2 Package SQL Injection Vulnerability in medoo before 1.7.5: Improper Escaping in columnQuote SQL Injection in Pimcore before 6.3.0 allows for Data Leakage Timing Attacks and Scalar Leakage Vulnerability in elliptic-php Versions Prior to 1.0.6 Arbitrary File Inclusion Vulnerability in iobroker.admin SQL Injection Vulnerability in Pixie Versions 1.0.x and 2.0.x Arbitrary File Inclusion Vulnerability in Administrative Web Panel Prototype Pollution in AngularJS merge() Function Arbitrary Code Execution Vulnerability in safer-eval via RangeError Generation Visual Studio Updater Service File Permissions Vulnerability Cross-site Scripting (XSS) Vulnerability in io.ratpack:ratpack-core URL Path Injection Vulnerability Bypassing enshrined/svg-sanitize: xlink:href Attribute Vulnerability Arbitrary Symlink Generation Vulnerability in Yarn Package Install Functionality Command Injection Vulnerability in php-shellcommand versions before 1.6.1 Ecstatic Denial of Service Vulnerability: Application Crash Exploitation Remote Code Execution in git-diff-apply (Versions < 0.22.2) Arbitrary Command Injection in AWS Lambda's config.FunctionName Parameter Command Injection in devcert-sanscache before 0.4.7 allows remote code execution Cross-site Scripting (XSS) Vulnerability in Stroom:Stroom-App Windows Graphics Component Information Disclosure Vulnerability Shell Command Injection in BibTeX-ruby before 5.1.0 Bypassing Sanitization and Validation in schema-inspector (before 1.6.9) XML External Entity (XXE) Injection Vulnerability in com.puppycrawl.tools:checkstyle (versions before 8.29) Command Injection Vulnerability in lsof npm Module CSRF Vulnerability in phppgadmin through 7.12.1 Allows Remote Command Execution Cross-site Scripting Vulnerability in dojox.xmpp.util.xmlEncode Arbitrary Command Execution Vulnerability in Network-Manager Arbitrary Command Execution in im-resize through 2.3.2 Arbitrary Command Execution Vulnerability in im-metadata through 3.0.1 Command Injection Vulnerability in curling.js XML Parsing Vulnerability in Visual Studio TaffyDB npm Module Internal Index Forgery Vulnerability Command Injection Vulnerability in promise-probe before 0.10.0 Prototype Pollution Vulnerability in bodymen before 1.1.1 Prototype Pollution in dot-object before 2.1.3 allows Object.prototype Modification Prototype Pollution Vulnerability in component-flatten Prototype Pollution Vulnerability in Undefsafe before 2.0.3 Arbitrary Command Execution Vulnerability in rpi through 0.0.3 HTTP Response Splitting Vulnerability in Netty Transport-HTTP in WSO2 v6.3.1 and earlier versions Prototype Pollution in rdf-graph-array through 0.3.0-rc6: Manipulation of JavaScript Objects via rdf.Graph.prototype.add Arbitrary Command Execution in compile-sass Prior to 1.0.5 Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers Unsanitized Gcov Arguments in Codecov Package (CVE-XXXX-XXXX) Arbitrary Command Execution in enpeem through 2.2.0 Arbitrary Command Execution Vulnerability in Giting Version Prior to 0.0.8 Arbitrary Command Execution in push-dir through 0.4.1 Arbitrary Command Execution Vulnerability in serial-number through 1.3.0 Internal Property Tampering Vulnerability in Valib 2.0.0 Prototype Manipulation Vulnerability in vega-util Arbitrary Command Execution Vulnerability in Blamer Versions Prior to 1.0.1 Object Property Modification Vulnerability in Utilitify Prior to 1.0.3 Memory Object Handling Vulnerability in Microsoft Browsers Race Planting Vulnerability in Microsoft Windows .NET Denial of Service Vulnerability Invisible Display Name Exploit in Microsoft Exchange Arbitrary Code Execution via Backdoor in bootstrap-sass 3.2.0.3 Untrusted HOME Environment Variable Vulnerability in Sony Neural Network Libraries Uniqkey Password Manager 1.14 - Remote Manipulation of Credential Saving Pop-up Unauthenticated Reflected Cross-Site Scripting Vulnerabilities in Computrols CBAS 18.0.0 Login and Password Reset Pages Cross-Site Request Forgery Vulnerability in Computrols CBAS 18.0.0 Username Enumeration Vulnerability in Computrols CBAS 18.0.0 Unprotected Subversion (SVN) Directory/Source Code Disclosure in Computrols CBAS 18.0.0 WLAN Service Elevation of Privilege Vulnerability in Windows Default Credentials in Computrols CBAS 18.0.0 Hard-coded Encryption Keys in Computrols CBAS 18.0.0 Authenticated Blind SQL Injection in Computrols CBAS 18.0.0 via id GET Parameter Authentication Bypass Vulnerability in Computrols CBAS 18.0.0 Authenticated Command Injection in Computrols CBAS 18.0.0 Insecure Password Hashing in Computrols CBAS 18.0.0 Open Redirect Vulnerability in Jupyter Notebook before 5.7.8 Windows Audio Service Elevation of Privilege Vulnerability Command Injection Vulnerability in TeemIp Versions Before 2.4.0: Instantaneous Execution of Malicious PHP Code XSS Vulnerability in WP Statistics Plugin for WordPress SQL Injection Vulnerability in Form Maker Plugin for WordPress Untrusted Data Object Deserialization Vulnerability in Pimcore Unauthenticated User Access to Restricted Field Ordering Vulnerability Path Traversal and Unrestricted File Upload Vulnerability in Ninja Forms Plugin for WordPress Windows Audio Service Elevation of Privilege Vulnerability Heap-based Buffer Over-read in Poppler 0.74.0's PSOutputDev::checkPageSlice Function Heap-based Buffer Over-read in Poppler's Splash::blitTransparent Function NULL Pointer Dereference in SplashClip::clipAALine in Poppler 0.74.0 Arbitrary Code Execution via CSRF in Bolt CMS 3.6.6 File Upload Feature URL Spoofing Vulnerability in Xiaomi Mi Browser and Mint Browser OpenStack Neutron Open vSwitch Firewall KeyError Vulnerability Integer Overflow and Buffer Overflow Vulnerability in Teeworlds 0.7.2 Arbitrary Free and Out-of-Bounds Pointer Write Vulnerability in Teeworlds 0.7.2 Integer Overflow and Buffer Overflow Vulnerability in Teeworlds 0.7.2 Windows Audio Service Elevation of Privilege Vulnerability XEROX Products: Remote Command Execution Vulnerability via Crafted HTTP Request Weak Hard-Coded Password Vulnerability in Xerox AltaLink and AltaLink C Series Stack-based Buffer Overflow in Netskope Client Service Command Injection Vulnerability in Citrix SD-WAN Center and NetScaler SD-WAN Center Domain Confusion Vulnerability in Uniqkey Password Manager 1.14 Bypassing Workspace Control Security Features via Session Context Reset Sony Photo Sharing Plus Application Incorrect Access Control Vulnerability Reflected HTML Injection Vulnerability on Salicru SLC-20-cube3(5) Devices CSRF Vulnerability in UKcms v1.1.10 Allows Unauthorized Addition of Admin User Windows RPCSS Elevation of Privilege Vulnerability Command Injection Vulnerability in D-Link DIR-806 Devices Stack-based Buffer Overflow in D-Link DIR-806 Devices via HTTP Header Stored/Persistent XSS vulnerability in CentOS Web Panel (CWP) allows execution of XSS payload via Admin Email fields GSS-API Dissector Crash Vulnerability in Wireshark NetScaler File Parser Crash Vulnerability Vulnerability: Crash in Wireshark DOF Dissector Infinite Loop Vulnerability in Wireshark 3.0.0 IEEE 802.11 Dissector GSUP Dissector Infinite Loop Vulnerability in Wireshark 3.0.0 Heap-based Buffer Under-read Vulnerability in Wireshark SRVLOC Dissector Windows dnsrslvr.dll Elevation of Privilege Vulnerability Infinite Loop Vulnerability in Wireshark 3.0.0 Rbm Dissector Vulnerability: Crash in LDSS Dissector in Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0 TSDNS Dissector Crash Vulnerability in Wireshark 3.0.0 DCERPC SPOOLSS Dissector Crash Vulnerability Cross-Site Scripting (XSS) Vulnerability in Roundup 1.6 via URI Arbitrary JavaScript Code Execution in Parsedown (before 1.7.2) Sandbox Escape Vulnerability in Pallets Jinja before 2.10.1 Insecure Remember-Me Mechanism in Airsonic 10.2.1 Allows Password Bruteforce Vulnerability: Weak PRNG Seed in Airsonic 10.2.1 Leads to Privilege Escalation Attacks Cross-Site Scripting (XSS) Vulnerability in Symfony Framework Bundle Unistore.dll Memory Object Handling Vulnerability SQL Injection and Remote Code Execution Vulnerability in Symfony Dependency Injection Privileged User Authentication Vulnerability in Symfony File Deletion Vulnerability in Symfony Cache and PHPUnit-Bridge Unvalidated HTTP Methods in Symfony HTTP Foundation Vulnerability Stack-based Buffer Overflow in pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open Unauthenticated Command Execution Vulnerability in TIA Administrator Arbitrary System Command Execution Vulnerability in SIMATIC PCS 7 and WinCC Local Access Denial-of-Service Vulnerability in SIMATIC PCS 7 and WinCC Vulnerability in SIMATIC PCS 7 and WinCC Allows Arbitrary Command Execution Vulnerability in LOGO! 8 BM Allows Unauthorized Access and Device Manipulation Chakra Scripting Engine Remote Code Execution Vulnerability Hardcoded Encryption Key Vulnerability in LOGO! 8 BM (incl. SIPLUS variants) Unencrypted Storage of Passwords in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3) Unauthenticated Remote Code Execution Vulnerability in SIMATIC PCS 7 and WinCC Denial of Service Vulnerability in SIMATIC Industrial Control Systems Arbitrary Code Execution Vulnerability in LOGO! Soft Comfort (All versions < V8.3) Privilege Escalation Vulnerability in SIMATIC MV400 Family (All Versions < V7.0.6) Unencrypted Communication Vulnerability in SIMATIC MV400 Family (All Versions < V7.0.6) Title: Authenticated Remote DoS Vulnerability in SCALANCE Industrial Networking Devices Vulnerability: Arbitrary Command Execution in SCALANCE SC-600 (V2.0) Vulnerability: Message Protection Bypass in SIMATIC Products DirectWrite Memory Disclosure Vulnerability Vulnerability in SIPROTEC 5 Devices: Remote File Manipulation via Port 443/TCP Denial of Service Vulnerability in SIPROTEC 5 Devices Cross-Site Scripting (XSS) Vulnerability in Spectrum Power Web Interface Arbitrary Code Execution Vulnerability in TIA Portal Versions V14-V17 Arbitrary ASPX Code Upload Vulnerability in SIMATIC WinCC DataMonitor Denial of Service Vulnerability in SIMATIC S7-400 and Other Devices UDP Denial-of-Service Vulnerability in SIMATIC TDC CP51M1 (All versions < V1.1.7) Arbitrary Code Execution Vulnerability in Siemens SIPROTEC 5 and Power Meters Open Debug Port Vulnerability in TIM 3V-IE and TIM 4R-IE Devices Windows GDI Memory Disclosure Vulnerability Title: SINEMA Server Vulnerability: Unauthorized Administrative Operations and Firmware Updates Missing Authentication in SINEMA Server Allows Unauthorized Access to System Configuration Backup Files Denial-of-Service Vulnerability in SCALANCE X-200 Switch Family and SCALANCE X204RNA Vulnerability: Unauthorized Modification of User Program on SIMATIC Controllers Joomla! Media Manager Directory Traversal Vulnerability Unauthenticated Access to Refresh List of Helpsites Endpoint in Joomla! Multiple Remote Code Execution Vulnerabilities in Delta Industrial Automation CNCSoft Denial-of-Service Vulnerability in Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2 Multiple Out-of-Bounds Read Vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor Version 1.00.88 and Prior Windows GDI Memory Disclosure Vulnerability Insecure Telnet Services in Fujifilm FCR Systems Multiple Heap-Based Buffer Overflow Vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor Version 1.00.88 and Prior Stack-based Buffer Overflow Vulnerability in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 Controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and Earlier Denial-of-Service Vulnerability in Programmable Logic Controllers SMTP Packet Denial-of-Service Vulnerability in CompactLogix and GuardLogix Controllers Open Redirect Vulnerability in Rockwell Automation MicroLogix and CompactLogix Controllers Remote Code Execution Vulnerability in Geutebruck IP Cameras Remote Code Execution in Geutebruck IP Cameras Remote Code Execution in Geutebruck IP Cameras Vulnerability: Unrestricted Upload of Malicious Files during Firmware Update Kernel Information Disclosure Vulnerability in Win32k Component Unrestricted Front Panel Access Vulnerability in Zebra Industrial Printers Remote Code Execution Vulnerability in Advantech WebAccess HMI Designer Version 2.1.9.23 and Prior Alaris Gateway Workstation Unauthorized Access Vulnerability Information Disclosure Vulnerability in Moxa EDR 810 (Versions 5.1 and Prior) Vulnerability: Unauthorized Access and Control of Medtronic Insulin Pumps Heap-based Buffer Overflow Vulnerability in Emerson Ovation OCR400 Controller 3.3.1 and Earlier Remote Configuration Modification and Alarm Silencing Vulnerability in GE Aestiva and Aespire Versions 7100 and 7900 Stack-based Buffer Overflow in Emerson Ovation OCR400 Controller FTP Server Unauthorized Activation of System Options in Philips Holter 2010 Plus Ping Abuse Vulnerability in Moxa EDR 810: Remote Code Execution DirectWrite Memory Disclosure Vulnerability Root-level File System Access Vulnerability in Rockwell Automation PanelView 5510 Untrusted Search Path Vulnerability in Network Configurator for DeviceNet Safety 3.41 and Prior CPU Exhaustion Vulnerability in Mitsubishi Electric FR Configurator2 Unintentional Access Vulnerability in Quest KACE Arbitrary Code Execution Vulnerability in NREL EnergyPlus Fuji Electric Alpha7 PC Loader Out-of-Bounds Read Vulnerability Arbitrary File Read Vulnerability in Mitsubishi Electric FR Configurator2 Denial-of-Service Vulnerability in Mitsubishi Electric MELSEC-Q Series Ethernet Module QJ71E71-100 Multiple Memory Exploitation Vulnerabilities in Red Lion Controls Crimson Hard-coded Customer Account Password Vulnerability in SICK MSC800 Firmware Versions Prior to 4.0 Windows GDI Memory Disclosure Vulnerability Type Confusion Vulnerability in LAquis SCADA 4.3.1.71 Allows Remote Code Execution Local User Credential Access Vulnerability in Vijeo Citect and CitectSCADA Multiple Heap-Based Buffer Overflow Vulnerabilities in Delta Electronics CNCSoft ScreenEditor Out-of-Bounds Read Vulnerability in WebAccess/SCADA Versions 8.3.5 and Prior Multiple Pointer Mishandling Vulnerabilities in Red Lion Controls Crimson Path Traversal Vulnerability in WebAccess/SCADA Versions 8.3.5 and Prior Multiple Out-of-Bounds Write Vulnerabilities in WebAccess/SCADA Versions 8.3.5 and Prior Vulnerability: Exploitable Operating System in Philips HDI 4000 Ultrasound Systems Heap-based Buffer Overflow Vulnerabilities in WebAccess/SCADA Versions 8.3.5 and Prior Windows GDI Memory Disclosure Vulnerability Hard-coded Password Vulnerability in Red Lion Controls Crimson Multiple Stack-Based Buffer Overflow Vulnerabilities in WebAccess/SCADA Versions 8.3.5 and Prior Out-of-Bounds Read Vulnerabilities in Delta Electronics CNCSoft ScreenEditor Untrusted Pointer Dereference Vulnerabilities in WebAccess/SCADA Versions 8.3.5 and Prior Out-of-Bounds Read Vulnerability in LAquis SCADA 4.3.1.71 Hidden Administrative Accounts in ABB CP651 HMI Products: Vulnerability in Revision BSP UN30 v1.76 and Prior Memory Corruption Vulnerability in Red Lion Controls Crimson Protocol Fuzzing Vulnerability in Phoenix Contact AXC F 2152 Devices Unlimited Physical Access Vulnerability Leading to SD Card Manipulation and Authentication Bypass Stack-based Buffer Overflow in D-Link DCS Series Wi-Fi Cameras' Alphapd Web Server Windows GDI Memory Disclosure Vulnerability GitLab Enterprise Edition Information Disclosure Vulnerability Command Injection Vulnerability in Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W Devices XSS Vulnerability in Materialize Tooltip Feature XSS Vulnerability in Materialize Autocomplete Feature XSS Vulnerability in Materialize's Toast Feature Stack-based Buffer Overflow in GraphicsMagick 1.4 Snapshot-20190322 Q8: Remote Code Execution via SVGStartElement Heap-based Buffer Over-read in GraphicsMagick's ReadMIFFImage Function Heap-based Buffer Over-read in GraphicsMagick's ReadMNGImage Function Heap-based Buffer Overflow in GraphicsMagick 1.4 Snapshot-20190322 Q8: WriteXWDImage Vulnerability Heap-based Buffer Over-read in GraphicsMagick's ReadXWDImage Function Windows GDI Memory Disclosure Vulnerability Memory Leak in ReadMPCImage Function of GraphicsMagick 1.4 Snapshot-20190322 Q8 Remote Code Execution Vulnerability in Akamai CloudTest before 58.30 Nimble Streamer Directory Traversal Vulnerability Vulnerability: Camera Spoofing and Credential Theft in VStarCam Eye4 Application MIUI OS Version 10.1.3.0 Lockscreen Bypass Vulnerability via Wallpaper Carousel Open Redirect Vulnerability in Elgg before 1.12.18 and 2.3.x before 2.3.11 Multiple Stored and Reflected XSS Vulnerabilities in D-Link DI-524 V2.06RU Web Configuration Cookie-based credentials can be exploited to retain administrator access after password change in ThinkAdmin V4.0 Unauthenticated Remote Access to Claim Details in DDRT Dashcom Live GDI+ Remote Code Execution Vulnerability Remote Access to Claim Details in DDRT Dashcom Live 2019-05-09 Authenticated Unrestricted File Upload Vulnerability in Schlix CMS 2.1.8-7 Allows Remote Code Execution NULL Pointer Dereference in agroot() function in Graphviz 2.39.20160612.1140 Infinite Recursion Vulnerability in libsixel 1.8.2's load_pnm function Cross-Site Scripting (XSS) Vulnerability in clearFilter() Function in Cacti before 1.2.3 Infinite Recursion Vulnerability in Poppler 0.75.0's FontInfoScanner::scanFonts Remote Code Execution Vulnerability in Ruby OpenID (ruby-openid) Library Arbitrary File Upload Vulnerability in GAT-Ship Web Module before 1.40 Directory Traversal Vulnerability in Mirasys VMS AutoUpdateService Chakra Scripting Engine Remote Code Execution Vulnerability Insecure Deserialization Vulnerability in Mirasys VMS Privilege Escalation via Auto-Update Feature in Mirasys VMS Cross Site Scripting (XSS) Vulnerabilities in EasyToRecruit (E2R) before 2.11 HTML Injection Vulnerability in Applaud HCM 4.0.42+ with XSS Payload Buffer Overflow Vulnerability in PHP EXIF Extension Buffer Overflow Vulnerability in PHP EXIF Extension Buffer Overflow Vulnerability in PHP EXIF Extension Out-of-Bounds Write Vulnerability in PHP Imagick Extension Uninitialized Variable Vulnerability in gdImageCreateFromXbm() Function Out-of-Buffer Read Vulnerability in PHP's iconv_mime_decode_headers() Function Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Buffer Overflow Vulnerability in PHP EXIF Extension Buffer Overflow Vulnerability in PHP EXIF Extension Buffer Overflow Vulnerability in PHP EXIF Extension Remote Code Execution Vulnerability in PHP FPM Module PHP link() Function Vulnerability: Embedded Null Byte Termination PHP DirectoryIterator Class Vulnerability: Embedded Null Byte Termination Memory Disclosure Vulnerability in PHP bcmath Extension Buffer Overflow Vulnerability in PHP EXIF Extension Memory Exhaustion and Disk Space Accumulation Vulnerability in PHP File Uploads Double-Free Vulnerability in PHP mail() Function on Windows Outlook for Android Email Spoofing Vulnerability Buffer Overflow Vulnerability in PHP EXIF Extension Arbitrary SQL Command Execution in Vtiger CRM before 7.1.0 hotfix3 Buffer Overflow Vulnerability in Das U-Boot 2016.11-rc1 through 2019.04 Chakra Scripting Engine Remote Code Execution Vulnerability Vulnerability: Slowloris HTTP Denial of Service in ASUS HG100 Firmware up to 1.05.12 Unauthenticated Control of IoT Devices via HG100 Firmware Vulnerability OS Command Injection Vulnerability in SUNNET WMPro v5.0 and v5.1 for eLearning System via /teach/course/doajaxfileupload.php Unauthenticated Access Control Vulnerability in SmartHome App Allows Unauthorized Control of IoT Devices Remote Credential Disclosure Vulnerability in Advan VD-1 Firmware Versions up to 230 Insecure HTTP URL Vulnerability in Gradle's JavaScript and CoffeeScript Plugins SSRF Vulnerability in LightOpenID through 1.3.1 via Crafted OpenID 2.0 Assertion Request Bypass of Protection Mechanism in libxslt through 1.1.33 Improper Handling of Standard Conforming Strings in Sequelize Version 5 before 5.3.0 Chakra Scripting Engine Remote Code Execution Vulnerability Improper Application of HTTP Proxy Settings in WebKitGTK and WPE WebKit Leads to Deanonymization Arbitrary Code Execution Vulnerability in SPIP 3.1 and 3.2 Signed Integer Overflow in lighttpd before 1.4.54 Allows Denial of Service Remote Code Execution Vulnerability in PRTG Network Monitor before 19.4.54.1506 Arbitrary File Placement Vulnerability in PRTG Network Monitor Arbitrary Command Execution in Cribl UI 1.5.0 CSRF Vulnerability in FastAdmin V1.0.0.20190111_beta Allows Unauthorized Addition of Admin User CSRF Vulnerability in MKCMS V5.0 Allows Unauthorized Addition of Admin User Windows RDP Client Memory Disclosure Vulnerability Remote Code Execution via Deserialization in Sitecore Experience Platform (XP) prior to 9.1.1 Default Username and Password Vulnerability in Dentsply Sirona Sidexis 4.3.1 and Earlier Directory Traversal Vulnerability in DKPro Core API Allows Overwriting of Local Files Stored XSS vulnerability in GAuth 0.9.9 beta allows for repeated popups and cookie disclosure. Kernel Mode Driver Vulnerability in Intel(R) i915 Graphics for Linux Intel(R) AMT Subsystem Vulnerability: Unauthenticated Privilege Escalation via Physical Access Insufficient Input Validation in Intel(R) CSME and Intel(R) TXE Subsystems: Privilege Escalation, Information Disclosure, and Denial of Service Vulnerability Escalation of Privilege Vulnerability in Intel(R) AMT Subsystem Denial of Service Vulnerability in Intel(R) Graphics Driver Microsoft Office Javascript Spoofing Vulnerability Timing-based Cryptographic Vulnerability in Intel Subsystems MDSUM: Information Disclosure Vulnerability via Uncacheable Memory Insufficient Password Protection in Open CIT Attestation Database: Potential Information Disclosure Vulnerability Unquoted Service Path Vulnerability in Intel(R) SCS Discovery Utility Insufficient Input Validation in Intel (R) NUC Kit Firmware: Potential Privilege Escalation, DoS, and Information Disclosure Vulnerability Insufficient Access Control in Intel(R) Driver & Support Assistant Allows Information Disclosure via Local Access Memory Protection Vulnerability in Intel(R) Ethernet I218 Adapter Driver for Windows* 10 Privilege Escalation via Improper Directory Permissions in Intel Management Engine Consumer Driver Installer Insufficient Input Validation in MdeModulePkg in EDKII: Potential for Privilege Escalation, DoS, and Information Disclosure via Physical Access Microsoft Excel Remote Code Execution Vulnerability Intel(R) AMT Subsystem Insufficient Input Validation Vulnerability Information Disclosure Vulnerability in Intel(R) CSME and Intel(R) TXE Information Disclosure Vulnerability in Intel(R) DAL and Intel(R) TXE Software Firmware Update Software Vulnerability in Intel(R) CSME: Potential Privilege Escalation via Local Access Insufficient Input Validation in Intel(R) CSME and TXE Software: Local Privilege Escalation Vulnerability Privilege Escalation and Information Disclosure Vulnerability in Intel(R) CSME Subsystem Insufficient Session Validation Vulnerability in Intel(R) CSME and Intel(R) TXE Intel(R) AMT Subsystem Vulnerability: Unauthenticated Privilege Escalation via Network Access Privilege Escalation Vulnerability in Intel(R) CSME Subsystem Denial of Service Vulnerability in Intel(R) SPS Subsystem Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111) Authentication Bypass Vulnerability in Intel(R) CSME and Intel(R) TXE Potential Privilege Escalation via Pointer Corruption in Intel Graphics Drivers Kernel Mode Driver Memory Corruption Vulnerability in Intel(R) Graphics Driver Buffer Overflow Vulnerability in Intel(R) Graphics Driver Allows Information Disclosure via Local Access Denial of Service Vulnerability in Intel(R) Driver & Support Assistant version 19.3.12.3 and earlier Privilege Escalation Vulnerability in Intel(R) Omni-Path Fabric Manager GUI Insufficient Session Validation in Intel(R) RWC3 Service API: Potential Privilege Escalation via Network Access Memory Disclosure Vulnerability in Microsoft Excel Path Traversal Vulnerability in Intel(R) Active System Console Installer Privilege Escalation via Improper File Permissions in Intel(R) Media SDK Installer Insufficient Session Validation in Intel(R) NUC Kit Firmware: Privilege Escalation, DoS, and Information Disclosure Vulnerability Critical Vulnerability in Intel(R) NUC Kit Firmware Allows Privilege Escalation and Information Disclosure Vulnerability: Insufficient Input Validation in Intel(R) NUC Kit Firmware Vulnerability: Pointer Corruption in Intel(R) NUC Kit System Firmware Buffer Overflow Vulnerability in Intel(R) NUC Kit Firmware: Potential Privilege Escalation, Denial of Service, and Information Disclosure Vulnerability: Insufficient Input Validation in Intel(R) NUC Kit Firmware Critical Vulnerability in Intel(R) NUC Kit Firmware Allows Privilege Escalation and Information Disclosure .NET Framework Remote Code Execution Vulnerability Intel(R) AMT Subsystem Logic Issue Vulnerability Cross-Site Scripting Vulnerability in Intel(R) AMT Subsystem Improper Access Control in Intel(R) Processor Diagnostic Tool: Potential Privilege Escalation, Information Disclosure, and Denial of Service TSX Asynchronous Abort: Speculative Execution Side Channel Vulnerability Vulnerability: Insufficient Access Control in System Firmware for Intel Processors Vulnerability: Insufficient Input Validation in Intel Processors Firmware Denial of Service Vulnerability in Intel Xeon Scalable Processors' Voltage Modulation Interface Insufficient Session Validation in Intel(R) NUC System Firmware: Privilege Escalation, DoS, and Information Disclosure Vulnerability Privilege Escalation Vulnerability in Intel(R) Authenticate Software Installer Vulnerability: Improper File Verification in Intel® Driver & Support Assistant Escalation of Privilege Vulnerability in Intel® Driver & Support Assistant Privilege Escalation Vulnerability in Intel Hardware Abstraction Driver for MEInfo, TXEInfo, INTEL-SA-00086 Detection Tool, and INTEL-SA-00125 Detection Tool Privilege Escalation Vulnerability in Intel(R) Remote Displays SDK Installer Vulnerability: Memory Corruption in Intel(R) WIFI Drivers Allows Privilege Escalation and Information Disclosure Vulnerability: Memory Corruption in Intel(R) WIFI Drivers Allows Privilege Escalation and Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Software Extension DLL Allows for Privilege Escalation and Information Disclosure Improper Directory Permissions in Intel(R) PROSet/Wireless WiFi Software: Potential Denial of Service and Information Disclosure Vulnerability Improper Directory Permissions in Intel(R) PROSet/Wireless WiFi Software: Potential Denial of Service and Information Disclosure Vulnerability Intel(R) PROSet/Wireless WiFi Software Logic Errors Vulnerability Voltage Settings Vulnerability in Intel(R) Processors: Potential Privilege Escalation and Information Disclosure via Local Access Windows GDI Memory Disclosure Vulnerability Insufficient Access Control in SEMA Driver for Intel(R) Computing Improvement Program: Potential Privilege Escalation, Denial of Service, and Information Disclosure Insufficient Access Control in Intel(R) Processor Identification Utility for Windows: Potential Privilege Escalation, Denial of Service, and Information Disclosure Denial of Service Vulnerability in Linux Kernel Driver for Intel FPGA SDK for OpenCL Pro Edition Privilege Escalation Vulnerability in Intel(R) Easy Streaming Wizard Installer Privilege Escalation Vulnerability in Intel(R) Smart Connect Technology Installer for Intel(R) NUC Title: Intel Baseboard Management Controller Firmware Vulnerability: Insufficient Session Validation Enables Information Disclosure and Denial of Service DirectWrite Remote Code Execution Vulnerability Intel(R) Baseboard Management Controller Firmware Authentication Bypass Vulnerability Heap Corruption Vulnerability in Intel(R) Baseboard Management Controller Firmware Intel Baseboard Management Controller Firmware Out-of-Bound Read Vulnerability Title: Intel Baseboard Management Controller Firmware Vulnerability: Insufficient Session Validation Enables Information Disclosure and Denial of Service Intel(R) Baseboard Management Controller Firmware Vulnerability: Unauthorized Information Disclosure via Network Access Title: Unauthenticated Denial of Service Vulnerability in Intel(R) Baseboard Management Controller Firmware Intel(R) Baseboard Management Controller Firmware Unauthenticated Denial of Service Vulnerability Intel Baseboard Management Controller Firmware Stack Overflow Vulnerability Intel(R) Baseboard Management Controller Firmware Information Disclosure Vulnerability DirectWrite Remote Code Execution Vulnerability Title: Unauthenticated Denial of Service Vulnerability in Intel(R) Baseboard Management Controller Firmware Unauthenticated Network Access Vulnerability in Intel(R) Baseboard Management Controller Firmware Intel(R) Baseboard Management Controller Firmware Memory Corruption Vulnerability Race Condition Vulnerability in Intel (R) DDIO Cache Allocation and RDMA: Potential Information Disclosure via Adjacent Access Arbitrary File Upload Vulnerability in WP Live Chat Support Pro Plugin LDAP Class of GONICUS GOsa: Incorrect Access Control Vulnerability Authentication Bypass by Spoofing in ONOS v2.0 and earlier: Exploiting Access Control and Host Mobility Vulnerability DirectWrite Remote Code Execution Vulnerability Race condition vulnerability in Linux kernel allows local users to bypass ASLR on setuid programs Race condition vulnerability in Linux kernel allows bypassing ASLR on setuid a.out programs Cross-Site Scripting (XSS) Vulnerability in InfinitumIT DirectAdmin v1.561 Allows Administration Panel Takeover Authentication Bypass Vulnerability in ValuePLUS Integrated University Management System (IUMS) Allows Remote Attackers to Gain Administrator Privileges Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sitecore CMS 9.0.1 and Earlier Stored XSS Vulnerability in Dolibarr ERP/CRM 9.0.1 via Uploaded Files DirectWrite Remote Code Execution Vulnerability Arbitrary Binary Execution Vulnerability in Dolibarr ERP/CRM 9.0.1 Code Execution Vulnerability in Dolibarr ERP/CRM 9.0.1 Website Module Default Admin User Vulnerability Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities in TIBCO ActiveMatrix BPM and TIBCO Silver Fabric Vulnerability in TIBCO Spotfire Statistics Services Web Interface Allows Unauthorized Access to Sensitive Information Reflected Cross-Site Scripting (XSS) Vulnerability in TIBCO Spotfire Analytics Platform and Server Integrity Undermining Vulnerability in TIBCO Spotfire Analytics Platform and Server Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities in TIBCO LogLogic Enterprise Virtual Appliance and Log Management Intelligence OAuth Authorization Privilege Escalation Vulnerability in TIBCO API Exchange Gateway Access Control Failure in TIBCO FTL Realm Configuration Component DirectWrite Remote Code Execution Vulnerability Remote Code Execution Vulnerability in TIBCO Enterprise Runtime for R - Server Edition and TIBCO Spotfire Analytics Platform for AWS Marketplace Remote Code Execution Vulnerability in TIBCO Enterprise Runtime for R - Server Edition and TIBCO Spotfire Analytics Platform Multiple Cross-Site Scripting (XSS) Vulnerabilities in TIBCO MDM Server Component Session Token Replay and Spoofing Vulnerability in Pulse Secure Pulse Desktop Client and Network Connect Arbitrary Code Execution via Writable Configuration File in Combodo iTop BMC Smart Reporting 7.3 20180418 - Authenticated XXE Vulnerability in Import Functionality Arbitrary Command Execution in Bonobo Git Server Privilege Escalation via Extra Parameters in Bonobo Git Server AccountController Predictable Device IDs in Shenzhen Yunni Technology iLnkP2P: Exploiting a Flaw in UID Generation Algorithm DirectWrite Remote Code Execution Vulnerability iLnkP2P Authentication Flaw: Remote Interception of Cleartext Traffic and Device Credentials Buffer Overflow Vulnerability in GPAC 0.7.1's gf_import_message() Buffer Overflow Vulnerability in gf_bin128_parse Function in GPAC 0.7.1 Unrestricted File Upload Vulnerability in SupportCandy Plugin for WordPress Remote OS Command Injection in HARMAN AMX MVP5150 v2.87.13 Devices XSS Vulnerability in CMS Made Simple 2.2.10 via Add Article in Content Manager Unvalidated Input in MirrorAddress Parameter in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 Remote Code Execution via Mishandled Mirror Repo URL Settings in Gitea DirectWrite Remote Code Execution Vulnerability Symlink Vulnerability in Avast Antivirus Allows Arbitrary File Renaming Arbitrary File Upload and Authentication Bypass in GetSimple CMS Unauthenticated User Information Leakage in EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 Unauthenticated User Information Leakage in EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 Dragonblood: Authentication Spoofing Vulnerability in FreeRADIUS Dragonblood: FreeRADIUS Vulnerability in Scalar Verification and Curve Point Validation CRLF Injection Vulnerability in urllib3 Library DirectWrite Remote Code Execution Vulnerability Unverified TLS Certificate Vulnerability in Cohesity DataPlatform Kubernetes Vulnerability: Ineffective Clearing of Service Account Credentials in rest.AnonymousClientConfig() World-writeable permissions in kubectl cache directory in Kubernetes v1.8.x-v1.14.x Container RunAsRoot Vulnerability in kubelet v1.13.6 and v1.14.2 Arbitrary Code Execution via kubectl cp Command Kubernetes kube-apiserver Cluster-Scoped Custom Resource Access Vulnerability Unauthenticated Debugging Endpoint Exposes Sensitive Information in Kubelet Healthz Port Arbitrary Code Execution via kubectl cp Command Speculative Memory Access Vulnerability Kubernetes Client-go Library Vulnerability: Unauthorized Disclosure of Credentials via Request Header Logging Kubernetes kubectl cp Command Symlink Vulnerability Credential Leakage in Kubernetes kube-controller-manager Kubernetes API Server Denial of Service Vulnerability Excessive CPU Consumption Vulnerability in Kubernetes API Server Unauthorized Data Access and Volume Manipulation in Kubernetes CSI Sidecar Containers ADFS Extranet Lockout Bypass Vulnerability Improper Escaping in Cloud Foundry UAA Allows Privilege Escalation and Information Disclosure Open Redirect Vulnerability in Spring Security OAuth DirectWrite Remote Code Execution Vulnerability Arbitrary Scope Creation Vulnerability in Cloud Foundry UAA Information Disclosure Vulnerability in Cloud Foundry BOSH Director Vulnerability: Authentication Bypass via Null Password in Spring Security Information Leakage in Pivotal Container Services (PKS) Logging XSS Vulnerability in Cloud Foundry UAA Versions Prior to 74.0.0 CSV Formula Injection Vulnerability in Pivotal Application Manager Unsecured HTTP Request Vulnerability in Pivotal Apps Manager LDAP Injection Vulnerability in Cloud Foundry NFS Volume Service Privilege Escalation and Scope Control Vulnerability in CF UAA Privilege Escalation via Scope Manipulation in CF UAA DirectWrite Remote Code Execution Vulnerability Privilege Escalation through Invitations in Pivotal Apps Manager Cross-Site Scripting (XSS) Vulnerability in Pivotal RabbitMQ and RabbitMQ for PCF SCIM Injection Vulnerability in Cloud Foundry UAA Sensitive Information Exposure in Cloud Foundry SMB Volume Logs Authorization Header Leakage in Pivotal Reactor Netty Remote Code Execution in VMware GemFire and VMware Tanzu GemFire JMX Service Denial of Service Vulnerability in Pivotal RabbitMQ and RabbitMQ for Pivotal Platform Man-in-the-Middle Attack on JMX Interface in Pivotal tc Server and tc Runtimes Cloud Foundry Routing Nonce Validation Vulnerability Windows AppX Deployment Service (AppXSVC) Hard Link Elevation of Privilege Vulnerability Information Leakage: Logging of Query Parameters in Cloud Foundry UAA Cross-Site Scripting (XSS) Vulnerability in Pivotal RabbitMQ and RabbitMQ for PCF Authentication Credentials Logging Vulnerability in Pivotal Ops Manager Information Leakage: Client Secret Credentials Exposed in Cloud Foundry UAA Logging Unauthorized Access to Global Service Brokers in Cloud Foundry Cloud Controller API (CAPI) Windows AppX Deployment Service (AppXSVC) Hard Link Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Persistent XSS vulnerability in Zimbra Collaboration before 8.8.12 Patch 1 Remote Code Execution via Command Injection in Motorola CX2 and M2 Firmware Download Function Win32k Memory Object Handling Elevation of Privilege Vulnerability Unauthenticated Remote Telnet Access Vulnerability in Motorola CX2 1.01 and M2 1.01 Routers Unauthenticated Information Disclosure in Motorola CX2 and M2 Routers Remote Code Execution via Command Injection in Motorola CX2 and M2 1.01 Uninitialized HMAC Keys Vulnerability in HAProxy Improper SSL Certificate Verification in urllib3 Library Arbitrary PHP Code Execution Vulnerability in Symfony VarExport Component Authentication Bypass Vulnerability in Topcon Positioning Net-G5 GNSS Receiver Local File Inclusion Vulnerability in Topcon Positioning Net-G5 GNSS Receiver Firmware 5.2.2 Privilege Escalation via Insecure Permissions in Singularity 3.1.0 to 3.2.0-rc2 Internet Explorer Scripting Engine Memory Corruption Vulnerability NTP Vulnerability: Off-Path Attacks via Port 123 Arbitrary User Account Takeover in MKCMS 5.0 via ucenter/repass.php Authentication Bypass Vulnerability in Tzumi Electronics Klic Lock Application 1.0.9 Allows Unauthorized Access and Unlocking of Tzumi Electronics Klic Smart Padlock Model 5686 Remote Retrieval of Wi-Fi Password in Sony Bravia Smart TVs via Photo Sharing Plus Application FFmpeg HEVC Decoder Remote Denial of Service Vulnerability Out-of-array Access Vulnerability in FFmpeg MPEG-4 Video Decoder Microsoft Office SharePoint XSS Vulnerability Email Domain Bypass Vulnerability in Matrix Sydent Vulnerability: Unauthorized TCP Dump Capture on Samsung P(9.0) Phones Torpedo Query before 2.5.3 SQL Injection Vulnerability Arbitrary Code Execution via .htaccess File Upload in Pluck 4.7.8 Cross-Site Scripting (XSS) Vulnerability in Citrix SD-WAN Center and NetScaler SD-WAN Center Cleartext Password Storage and Retrieval Vulnerability in CloudBees Jenkins Operations Center 2.150.2.3 Remote Code Execution Vulnerability in TeamSpeak 3 Client (Versions before 3.2.5) via Qt Framework Command Injection Vulnerability in EnGenius EWS660AP Router Firmware 2.0.284 Template Injection Vulnerability in EA Origin 10.5.36 on Windows Command Injection Vulnerability in Poly HDX 3.1.13 Arbitrary Code Execution via CalDAV PUT Operation with Long iCalendar Property Name Object.prototype Pollution in jQuery before 3.4.0 Arbitrary Web Script Injection in I, Librarian 4.10 via display.php Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Buffer Overflow Vulnerability in iptables-restore Allows Code Execution Privilege Escalation and Application Takeover in Zoho ManageEngine Remote Access Plus 10.0.258 SQL Injection Vulnerability in ROCBOSS V2.2.1 via PostController.php SQL Injection Vulnerability in Snare Central 7.4.5 and Earlier: Remote Code Execution via AgentConsole/UserGroupQuery.php ShowUser Parameter OS Command Injection Vulnerability in Snare Central before 7.4.5 via ServerConf/DataManagement/DiskManager.php Stack-based Buffer Overflow in atftpd Denial of Service Vulnerability in atftpd 0.7.1 Insecure HTTP Basic Authentication in AUO Solar Data Recorder Stored XSS Vulnerability in AUO Solar Data Recorder 1.3.0 via protect/config.htm addr Parameter Carel pCOWeb Cleartext Password Storage Vulnerability Microsoft Exchange Server Spoofing Vulnerability Stored XSS Vulnerability in Carel pCOWeb (prior to B1.2.4) via System Contact Field Buffer Overflow Vulnerability in BWA 0.7.17 r1198 MediaInfoLib: Out-of-Bounds Read Vulnerability in File__Tags_Helper::Synched_Test Out-of-Bounds Read Vulnerability in MediaInfoLib CSRF Vulnerability in 74CMS v5.0.1 Allows Unauthorized Addition of Admin User CSRF Vulnerability in Msvod v10 Allows Unauthorized User Information Modification Arbitrary PHP Code Execution in SOY CMS v3.0.2 Arbitrary File Upload Vulnerability in WCMS v0.3.2 via WCMS Finder Action Arbitrary File Read and Potential Code Execution in ProjectSend r1053 Chakra Scripting Engine Remote Code Execution Vulnerability Bypassing Master-Password Feature in ES File Explorer Allows Remote FTP Access User Credentials Disclosure in Medha WiFi FTP Server Application Insecure Storage of Confidential Information in Zalora Android App (Version 6.15.1) Denial of Service Vulnerability in OWASP ModSecurity Core Rule Set (CRS) Denial of Service (ReDOS) Vulnerability in OWASP ModSecurity Core Rule Set (CRS) Denial of Service Vulnerability in OWASP ModSecurity Core Rule Set (CRS) 3.1.0 Chakra Scripting Engine Remote Code Execution Vulnerability Denial of Service Vulnerability in OWASP ModSecurity Core Rule Set (CRS) Denial of Service Vulnerability in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0 XXE Vulnerability in BlogEngine.NET 3.3.7 and Earlier via apml File in syndication.axd Privilege Escalation via Password Change in M/Monit Buffer Overflow Vulnerability in MailCarrier 2.51 Allows Remote Code Execution Privilege Escalation via Permissive Access Rights in Avira Free Security Suite 10 Local File Inclusion Vulnerability in Rapid4 RapidFlows Enterprise Application Builder 4.5M.23 Multiple Cross-Site Scripting (XSS) Vulnerabilities in UliCMS 2019.2 and 2019.1 OS Command Injection Vulnerability in TRENDnet TEW-651BR, TEW-652BRP, and TEW-652BRU Devices Chakra Scripting Engine Remote Code Execution Vulnerability Buffer Overflow Vulnerability in TRENDnet TEW-651BR, TEW-652BRP, and TEW-652BRU Devices Arbitrary Code Execution Vulnerability in SiteServer CMS 6.9.0 Unencrypted Storage of Credentials in Gradle Enterprise Build Cache Nodes Password Reflection in Gradle Enterprise Build Cache Nodes Insecure HTTP Resolution of Gradle Build Artifacts in arrow-kt before 0.9.0 Insecure Dependency Resolution in OpenAPI Generator Cross-Site Scripting (XSS) Vulnerability in Subrion CMS 4.2.1 via _core/en/contacts/ Information Disclosure Vulnerability in FusionPBX Operator Panel Module Remote Code Execution via XSS in FusionPBX Operator Panel Command Injection and Remote Code Execution in FusionPBX Operator Panel Chakra Scripting Engine Remote Code Execution Vulnerability Command Injection Vulnerability in FusionPBX Backup Module Stack-based Buffer Overflow in Artifex MuJS 1.0.5's Number#toFixed() and numtostr Implementations Denial of Service Vulnerability in Artifex MuJS 1.0.5 Unlimited Recursion Vulnerability in Artifex MuJS 1.0.5 Vulnerability: Unauthorized Administrative Access on Intelbras IWR 3000N 1.5.0 Devices Denial of Service Vulnerability in Intelbras IWR 3000N 1.5.0 Devices CSRF Vulnerability in Intelbras IWR 3000N 1.5.0 Devices Allows Complete Router Control Buffer Overflow Vulnerability in TRENDnet TV-IP110WN Cameras Buffer Overflow Vulnerability in TRENDnet TEW-632BRP 1.010B32 Router's apply.cgi via SOAPACTION:HNAP1 Interface Denial of Service Vulnerability in WeChat Android Application through Emoji File Replacement .NET Framework File Creation Elevation of Privilege Vulnerability XSS Vulnerability in iCMS 7.0.14 via admincp.php?app=config Tab Parameter XSS Vulnerability in iCMS 7.0.14 via search.app.php XSS Vulnerability in I, Librarian 4.10 via export.php export_files Parameter Reflected XSS Vulnerability in CentOS Web Panel's Add DNS Zone Screen Windows Graphics Component Memory Disclosure Vulnerability Windows Font Library Remote Code Execution Vulnerability Liferay Portal CE 7.1.2 GA3 OS Command Execution Vulnerability Arbitrary File Upload and Remote Code Execution in OpenKM 6.3.2 - 6.3.7 Arbitrary File Upload Vulnerability in ATutor 2.2.4 Arbitrary Code Execution via Avatar Upload in CutePHP CuteNews 2.1.2 Zoho ManageEngine Applications Manager Unauthenticated SQL Injection Vulnerability XSS Vulnerability in I, Librarian 4.10 via notes.php notes Parameter Windows Font Library Remote Code Execution Vulnerability Title: WhatsNS 4.0 Index.php?question/ajaxadd.html SQL Injection Vulnerability WhatsNS 4.0 SQL Injection Vulnerability via index.php?inform/add.html qid Parameter Vulnerability: SQL Injection in whatsns 4.0 admin_category/remove.html Persistent Cross-Site Scripting (XSS) in Tildeslash Monit before 5.25.3 via Manipulation of Authorization Header Buffer Over-read Vulnerability in Tildeslash Monit Allows Memory Retrieval and Denial of Service Gila CMS 1.10.1 - Arbitrary PHP Code Execution via fm/save CSRF Multiple CSRF Vulnerabilities in MicroPyramid Django CRM 0.2.1 Arbitrary File Overwriting Vulnerability in SmtpTransport in CakePHP 3.7.6 Uninitialized Memory Use in GNOME Evince TIFF Document Backend Jet Database Engine Remote Code Execution Vulnerability Thumbnailer Escape Vulnerability in GNOME gnome-desktop Vulnerability: Sandbox Escape in GNOME Nautilus Thumbnailer Memory Leak Vulnerability in libarchive 3.3.4-dev via Crafted ZIP File Missing Security Headers in Couchbase Server Views REST API (port 8092) in Versions 5.5.0 and 5.1.2 Username Leakage in Couchbase Server Logs Unauthenticated Access to System Diagnostic Profile in Couchbase Server 6.0.0 and 5.5.0 Buffer Overrun Vulnerability in Couchbase Server 4.6.3 and 5.5.0 SQL Injection and Remote Code Execution in Zoho ManageEngine Applications Manager Jet Database Engine Remote Code Execution Vulnerability Uncontrolled Resource Consumption Vulnerability in ImageMagick's Cineon Parsing Component Use-after-free vulnerability in libheif 1.4.0's heif::HeifContext::Image::set_alpha_channel in heif_context.h Denial-of-Service Vulnerability in ImageMagick's XWD Image Parsing Component Denial of Service in GraphicsMagick 1.3.31 via Crafted XWD Image File Denial of Service in GraphicsMagick 1.3.31 via Crafted XWD Image File Integer Overflow Vulnerability in Whoopsie: Out-of-Bounds Write and Potential Code Execution Integer Overflow Vulnerability in Linux Kernel TCP SACK Handling TCP SACK Fragmentation Vulnerability Linux Kernel Default MSS Hard-Coded to 48 Bytes Denial of Service Vulnerability Microsoft Graphics Component Information Disclosure Vulnerability Insecure Repository and Unauthenticated Package Installation Vulnerability in pc-kernel Snap Build Process Privilege Escalation Vulnerability in apport TOCTTOU Vulnerability in Apport Allows Arbitrary Directory Write Privilege Escalation via Apport Mishandling of Container Crash Dumps Integer Overflow in bson_ensure_space: A Vulnerability Discovered by Kevin Backhouse in whoopsie World-writable directory vulnerability in Apport's lock file allows users to prevent crash handling Multiple Race Conditions in Siemens R3964 Line Discipline Driver Linux Kernel Reference Count Overflow Vulnerability Account Access and Data Manipulation via Persistent HTTP GET Request Hash Link Replay Privilege Escalation via Crafted HTTP PUT Request in SimplyBook.me Enterprise Windows Font Library Remote Code Execution Vulnerability Kernel Pool Corruption Vulnerability in Npcap 0.992 Insecure Logging of User Passwords in ProjectSend Memory Overflow Vulnerability in VeryPDF 4.1: Code Execution via pdfocx.ocx IMAP Server Crash Vulnerability in Dovecot 2.3.3 through 2.3.5.2 Insecure Cookie Generation in Couchbase Server 5.1.1 Unauthenticated and Unauthorized Access to default Bucket in Couchbase Server Remote Cluster Certificate Validation Bypass in Couchbase Server 5.0.0 Uninitialized Value Vulnerability in WavPack Library IMAP Server in Dovecot 2.3.3 through 2.3.5.2: Submission-Login Component Crash Vulnerability Windows Font Library Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Dovecot and Pigeonhole Protocol Processing Improper Ownership Assignment in snap-confine Allows Unauthorized Access to Private /tmp Directory CWD Restore Permission Bypass in snap-confine Zotonic Mod_Admin XSS Vulnerability Heap-based Buffer Overflow in WritePDBImage Function of GraphicsMagick Heap-based Buffer Overflow in GraphicsMagick's WriteMATLABImage Function Cross-Site Scripting (XSS) Vulnerability in Pulse Secure Pulse Connect Secure (PCS) Application Launcher Page Directory Traversal Vulnerability in Pulse Secure Pulse Connect Secure (PCS) Arbitrary Code Execution via Incorrect Access Control in Pulse Secure Pulse Connect Secure and Pulse Policy Secure Windows Font Library Remote Code Execution Vulnerability Arbitrary File Reading Vulnerability in Pulse Secure Pulse Connect Secure (PCS) XSS Vulnerability in Zoho ManageEngine ADSelfService Plus Mobile App API SQL Injection Vulnerability in Contao 4.x Reflected XSS Vulnerability in CMS Made Simple File Manager Invalidation of User Email Tokens Vulnerability in Flarum Arbitrary File Read Vulnerability in Gila CMS 1.10.1 Heap-based Buffer Overflow in Cypress Wireless IoT Bluetooth Component CSRF Vulnerability in WampServer's add_vhost.php Allows Unauthorized Vhost Manipulation SQL Injection Vulnerability in SEMCMS 3.8's SEMCMS_Inquiry.php XXE Vulnerability in LocalizationService.cs in nopCommerce Windows Font Library Remote Code Execution Vulnerability Content Spoofing Vulnerability in OX App Suite 7.10.1 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.0 to 7.10.2 Anviz Global M3 Outdoor RFID Access Control: Unauthenticated Command Execution and Data Exposure File Path Injection Vulnerability in Softing uaGate SI 1.60.01 Command Injection Vulnerability in Softing uaGate SI 1.60.01 CGI Script User-Writable Default Executable Path Vulnerability in Softing uaGate SI 1.60.01 Microsoft Graphics Component Information Disclosure Vulnerability Arbitrary Web Script Injection Vulnerability in ProjectSend before r1070 Remote Command Execution Vulnerability in Linksys WiFi Extender Products Kalki Kalkitech SYNC3000 Substation DCU GPC Remote Code Execution Vulnerability XSS and Local File Inclusion Vulnerability in osTicket User Importer Arbitrary File Access Vulnerability in Pulse Secure Pulse Connect Secure Command Injection Vulnerability in Pulse Secure Pulse Connect Secure and Pulse Policy Secure Windows Graphics Component Memory Disclosure Vulnerability Session Hijacking Vulnerability in Pulse Secure Products Authentication Leak in Pulse Secure Pulse Connect Secure Versions 9.0RX, 8.3RX, and 8.2RX Stack Buffer Overflow in Pulse Secure Pulse Connect Secure and Pulse Policy Secure Cross-Site Scripting (XSS) Vulnerability in Pulse Secure and Pulse Policy Secure Web Console Information Disclosure in GitLab Community and Enterprise Edition Information Disclosure Vulnerability in GitLab Community Edition 11.9.x and 11.10.x Race Condition Vulnerability in GitLab Community and Enterprise Edition Improper Encoding of Branch Name in GitLab Merge Request Notification Emails Unauthorized Comment Posting on Confidential Issues in GitLab Information Disclosure Vulnerability in GitLab Community and Enterprise Edition Jet Database Engine Remote Code Execution Vulnerability Improper Certificate Validation in Citrix and NetScaler SD-WAN Privilege Escalation Vulnerability in Code42 Enterprise and Crashplan for Small Business Proxy Auto-Configuration File Eval Injection Vulnerability in Code42 Enterprise and Crashplan for Small Business Client Privilege Escalation Vulnerability in Code42 for Enterprise through 6.8.4 Missing SSL Certificate Validation in Audible Android App Allows Denial of Service Attacks Fragmentation Reassembly State Validation Vulnerability in EAP-pwd Implementation XSS Vulnerability in Pagure before 5.6 via templates/blame.html CSRF and Local File Inclusion Vulnerability in WebDorado Contact Form Builder Plugin for WordPress Reflected XSS Vulnerability in HRworks V 1.16.1 Login Component Jet Database Engine Remote Code Execution Vulnerability Buffer Overflow Vulnerability in Hisilicon Streaming Server Allows Remote Code Execution Denial of Service Vulnerability in Chuango 433 MHz Burglar-Alarm Product Line HumHub 1.3.12 Cross-Site Scripting (XSS) Vulnerability in index.php POST Request Print My Blog Plugin for WordPress 1.6.7 SSRF Vulnerability SQL Injection Vulnerability in AikCms v2.0 via $_GET['del'] Parameter File Upload Vulnerability in AikCms v2.0 CSRF Vulnerability in Veeam ONE Reporter 9.5.0.3201 Jet Database Engine Remote Code Execution Vulnerability SSRF Vulnerability in Simple Machines Forum (SMF) before 2.0.17 Gitea 1.8.0 Vulnerability: Bypassing 2FA Enrollment for User Accounts Buffer Overflow in dhcpcd's dhcp6_findna Function Inference of Secrets through Latency Attacks in dhcpcd (before 7.2.1) 1-Byte Read Overflow Vulnerability in dhcpcd's dhcp.c Windows Graphics Component Memory Disclosure Vulnerability Arbitrary Plugin Installation and Remote Code Execution in Atlassian Crowd and Crowd Data Center Server-side Template Injection Vulnerability in Jira Server and Data Center Remote Code Execution Vulnerability in Atlassian Sourcetree for Windows URI Handlers Denial of Service Vulnerability in Jira Issue Search Component Cross-Site Scripting (XSS) Vulnerability in Jira's MigratePriorityScheme Resource Open Redirect Vulnerability in Jira Versions 7.13.6 to 8.3.1 Jira AddResolution.jspa CSRF Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Jira ViewLogging Class Jira ViewSystemInfo Class CSRF Garbage Collection Vulnerability Open Redirect Vulnerability in Jira ChangeSharedFilterOwner Resource Windows Kernel Object Handling Elevation of Privilege Vulnerability CSRF and Local File Inclusion Vulnerability in 10Web Form Maker Plugin for WordPress CSRF and Local File Inclusion Vulnerability in WebDorado Contact Form Plugin for WordPress Reflected XSS Vulnerability in WeBid 1.2.2 Arbitrary Code Execution via $rewrite Filter Option in Adblock Plus Arbitrary Code Execution via Open Redirect in AdBlock's $rewrite Filter Option Arbitrary Code Execution via Open Redirect in uBlock before 0.9.5.15 NULL Pointer Dereference Vulnerability in Memcached Heap-based Buffer Over-read in ImageMagick 7.0.8-43 Q16's WriteTIFFImage Function Heap-based Buffer Over-read in WritePNMImage Function of ImageMagick 7.0.8-40 Q16 Race condition vulnerability in Linux kernel's coredump implementation SQL Injection Vulnerability in OpenProject Activities API Remote Directory Traversal Vulnerability in ProSyst mBS SDK and Bosch IoT Gateway Software Stack Trace Leakage in Remote Access to Backup & Restore HTTP Traversal Vulnerability in ProSyst mBS SDK and Bosch IoT Gateway Software Unauthenticated Reflected XSS Vulnerability in Quest KACE Systems Management Appliance Information Disclosure Vulnerability in GitLab API Endpoints Sensitive Information Disclosure Vulnerability in doorGets 7.0 Sensitive Information Disclosure Vulnerability in doorGets 7.0 Sensitive Information Disclosure Vulnerability in doorGets 7.0's /fileman/php/renamefile.php Sensitive Information Disclosure Vulnerability in doorGets 7.0's /fileman/php/movefile.php Microsoft Defender Elevation of Privilege: Arbitrary File Deletion Vulnerability Sensitive Information Disclosure Vulnerability in doorGets 7.0 Sensitive Information Disclosure Vulnerability in doorGets 7.0 /fileman/php/download.php Arbitrary File Deletion Vulnerability in doorGets 7.0 SQL Injection Vulnerability in /doorgets/app/views/ajax/contactView.php SQL Injection Vulnerability in doorGets 7.0: Remote Unauthorized Access to Database Arbitrary File Upload Vulnerability in /fileman/php/upload.php in doorGets 7.0 Sensitive Information Disclosure Vulnerability in doorGets 7.0 Setup Files CSRF Vulnerability in DoorGets 7.0 Allows Unauthorized Modification of Google Analytics Code Default Administrator Credential Vulnerability in doorGets 7.0 SQL Injection Vulnerability in DoorGets 7.0: Unauthorized Database Access via Analytics Configuration Windows ALPC Elevation of Privilege Vulnerability SQL Injection Vulnerability in doorGets 7.0: Unauthorized Database Access via modulecategory_add_titre SQL Injection Vulnerability in DoorGets 7.0: Unauthorized Access to Database Sensitive Information SQL Injection Vulnerability in doorGets 7.0: Unauthorized Database Access via modulecategory_edit_titre SQL Injection Vulnerability in DoorGets 7.0: Remote Privilege Escalation and Database Exposure Arbitrary File Deletion Vulnerability in DoorGets 7.0 SQL Injection Vulnerability in /doorgets/app/requests/user/emailingRequest.php Web Site Physical Path Leakage Vulnerability in doorGets 7.0 Shell Injection Vulnerability in gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 File-read bypass vulnerability in QlikView and Qlik Sense installations Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Manager 2.x before 2.14.13 CAB File Signature Validation Bypass Vulnerability Unscoped Variable Access Control Vulnerability in Octopus Deploy HoneyPress Vulnerability: Fingerprinting and Hostname Exposure Incorrect Access Control in Citrix Workspace App before 1904 for Windows Zcash 2.x Vulnerability: Sapling Wood-Chipper Attack NULL Pointer Dereference in rec_rset_get_props Function NULL Pointer Dereference in GNU recutils 1.8: Crash in rec_field_name_equal_p Stack-based Buffer Overflow in rec_type_check_enum Function Windows Kernel Object Handling Elevation of Privilege Vulnerability Heap-based Buffer Overflow in rec_fex_parse_str_simple function Fingerprinting Vulnerability in Anomali Agave (formerly Drupot) 1.0.0 Log Poisoning Vulnerability in OneShield Policy (Dragon Core) Framework Persistent XSS Vulnerability in OneShield Policy (Dragon Core) Framework Privilege Escalation through DLL Hijacking in F-Secure Installers Micro Focus Service Manager Remote Command Execution and Information Disclosure Vulnerability XSS Vulnerability in Micro Focus NetIQ Software Allows for Self Service Password Reset Exploitation Information Leakage Vulnerability in Micro Focus NetIQ Self Service Password Reset Software Cross-Site Scripting (XSS) Vulnerability in Micro Focus Fortify Software Security Center Server NetIQ Advanced Authentication Framework: Man in the Middle (MITM) Vulnerability Critical Reflected XSS Vulnerability in Micro Focus Enterprise Developer and Enterprise Server Authorization Bypass Vulnerability in Micro Focus Self Service Password Reset (SSPR) Remote Access Control Bypass in Micro Focus Content Manager: Exploiting CheckIn Manipulation Vulnerability Arbitrary File Read Vulnerability in Micro Focus Verastream Host Integrator (VHI) Unrestricted File Upload Vulnerability in Micro Focus ArcSight Logger Stored XSS Vulnerability in Micro Focus ArcSight Logger: Exploiting Improper Input Neutralization Critical Cross-Site Request Forgery Vulnerability in Micro Focus ArcSight Logger Versions Below 7.0 Information Exposure in Micro Focus Content Manager with Oracle Database NTLM MIC Bypass Vulnerability in Microsoft Windows Privileges Escalation in Micro Focus Data Protector Unauthorized Access and Data Modification Vulnerability in Micro Focus Service Manager Versions 9.30-9.62 Information Exposure through Error Message in Micro Focus Service Manager Clear Text Credentials Vulnerability in Micro Focus Service Manager Clear Text Password Exposure in Micro Focus Service Manager Versions 9.30-9.62 Sensitive Data Exposure Vulnerability in Micro Focus Service Manager Insecure Deserialization Vulnerability in Micro Focus Service Manager Unauthenticated Access to Contact Information in Micro Focus Service Manager HTTP Cookie Vulnerability in Micro Focus Service Manager and Chat Server Unauthenticated Data Modification Vulnerability in Micro Focus Service Manager Windows Defender Application Control Security Feature Bypass Vulnerability Critical Man-in-the-Middle Vulnerability in Micro Focus Self Service Password Reset Insecure Ownership and Symlink Vulnerability in groonga-httpd Package for Debian Stored XSS Vulnerability in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 XML External Entity (XXE) Injection Vulnerability in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 SQL Injection Vulnerability in Zoho ManageEngine Firewall Analyzer's Default Reports Feature Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability Remote Code Execution in KonaKart 8.9.0.0 via Product Category Image Upload Buffer Overflow Vulnerability in MailCarrier 2.51 SMTP Response Service GRO Packet of Death Vulnerability in Linux Kernel 5.x Improper Access Control in Bosch VRM Component Allows Arbitrary Certificate Access Persistent Cryptographic Parameters Vulnerability in Western Digital SanDisk X300, X300s, X400, and X600 Devices Vulnerability: Execution of Malicious PE Files via DICOM Part 10 File Format Missing SSL Certificate Validation in ASUSTOR exFAT Driver ASUSTOR exFAT Driver Remote Code Execution Vulnerability Win32k Kernel-Mode Object Handling Elevation of Privilege Vulnerability Lack of srand Call in gen_rand_uuid Function in Das U-Boot Allows UUID Value Determination Use-After-Free Vulnerability in XMLHttpRequest Event Loop Handling Use-After-Free Vulnerability in Thunderbird and Firefox Buffer Overflow Vulnerability in WebGL on Linux Graphics Drivers Windows Sandbox Memory Leak Vulnerability Cursor Spoofing Vulnerability in Firefox < 67 Java Web Start Files Not Prompted as Executable Downloads in Firefox < 67 Extension Installation Prompt Spoofing Vulnerability in Firefox < 67 Drag-and-Drop Bookmark Hijacking Vulnerability Address Bar Spoofing Vulnerability in Firefox < 67 Windows NTFS Sandbox Escape: Reparse Point Elevation of Privilege Vulnerability Local File Disclosure Vulnerability in Internet Explorer and Firefox Webcal: Protocol Handler XSS Vulnerability in Firefox < 67 Local File Access Vulnerability in Internet Explorer: Exploiting Hyperlinks to Open Files Heap Buffer Overflow in Thunderbird's iCal Parser Heap Buffer Overflow in Thunderbird's iCal Implementation Stack Buffer Overflow in Thunderbird's iCal Implementation Type Confusion Vulnerability in Thunderbird's iCal Implementation Type Confusion Vulnerability in Array.pop() Allows for Exploitable Crashes Arbitrary Code Execution via Insufficient Parameter Vetting in Prompt:Open IPC Message Memory Corruption Vulnerabilities in Firefox 67 and Firefox ESR 60.7 SymCrypt OAEP Decryption Information Disclosure Vulnerability Memory Corruption Vulnerability in Firefox 67 Cross-Origin Script Injection via Reused Inner Window CORS Bypass Vulnerability in NPAPI Plugins Allows CSRF Attacks Use-After-Free Vulnerability in HTTP/2 Stream Closure Necko Child Thread Access Vulnerability in Firefox < 68 Cross-Site Scripting (XSS) Vulnerability in Firefox ESR, Firefox, and Thunderbird Sandbox Bypass Vulnerability in Firefox < 68 Caret Character Spoofing Vulnerability in Firefox ESR, Firefox, and Thunderbird Unsanitized Content Injection in Activity Stream Out-of-Bounds Read Vulnerability in NSS Library when Importing Curve25519 Private Key Azure Active Directory (AAD) Microsoft Account (MSA) Login Session Information Disclosure Vulnerability Whitespace Bypass Vulnerability in Firefox < 68 Domain Spoofing Vulnerability in Firefox < 68: Unicode Latin 'kra' Character Spoofing Origin Attribute Ignored During Add-On Installation in Firefox < 68 Unnecessary Remote Troubleshooting Permission in Retired Site Redirect: Potential Attack Vector in Firefox < 68 Bypassing Safebrowsing Protections in Firefox < 68 Vulnerability: Forced Use of PKCS#1 v1.5 Signatures in TLS 1.3 HTTP Alternative Services Header (Alt-Svc) Vulnerability in Firefox < 68 Segmentation Fault Vulnerability in Firefox ESR, Firefox, and Thunderbird PsmServiceExtHost.dll Memory Object Handling Elevation of Privilege Vulnerability Local File Access Vulnerability in Firefox and Thunderbird Clipboard Password Theft Vulnerability in Firefox Memory Corruption Vulnerability in Firefox 68 Memory Corruption Vulnerability in Firefox 68 and Firefox ESR 68 Privilege Escalation and File Manipulation Vulnerability in Mozilla Maintenance Service Wildcard Host Bypass in Content Security Policy (CSP) Directives CSP Bypass Vulnerability in Firefox < 69 and Firefox ESR < 68.1 Vulnerability: Plaintext Leakage in Encrypted S/MIME Parts in Thunderbird PsmServiceExtHost.dll Memory Object Handling Elevation of Privilege Vulnerability Memory Corruption Vulnerabilities in Firefox 68, Firefox ESR 68, and Firefox 60.8 Universal Cross-site Scripting (UXSS) Vulnerability in Firefox < 69 Same-Origin Policy Violation in Cached Image Content: Cross-Origin Image Theft Vulnerability Cross-Origin Information Exposure through Timing Side-Channel Attacks in Firefox and Thunderbird HTML Injection Vulnerability in Certain HTML Elements Block Cipher Encryption Vulnerability in Thunderbird, Firefox ESR, and Firefox Use-After-Free Vulnerability in Video Element Manipulation HSTS Setting Removal Bug in Firefox: Pre-load List Vulnerability WebRTC Permissions Persistence Vulnerability in Firefox WebRTC getUserMedia API Vulnerability: Silent Camera Fingerprinting in Firefox Windows Elevation of Privilege Vulnerability in psmsrv.dll Type Confusion Vulnerability in Spidermonkey: Non-Exploitable Crash in Firefox Arbitrary Log File Write Vulnerability in Firefox Use-after-free vulnerability in IndexedDB key value deletion in Firefox and Thunderbird Privilege Escalation via Firefox Installer Vulnerability Pointer Hijacking Vulnerability in Firefox < 69.0.1 Vulnerability: Misleading Digital Signature Validation in Thunderbird Use-after-free vulnerability in Firefox < 71 due to improper refcounting of soft token session objects Use-after-free vulnerability in Firefox, Thunderbird, and Firefox ESR Memory Corruption Vulnerability in Firefox 68 with 360 Total Security Installed Stack Buffer Overflow in HMAC Output Handling DirectX Memory Object Handling Vulnerability Stack buffer overflow in nrappkit during WebRTC signaling Data URI Bypass Vulnerability in Firefox, Thunderbird, and Firefox ESR Cross-Origin DOM Method Access Vulnerability in Firefox, Thunderbird, and Firefox ESR Null Byte Handling Vulnerability in Firefox and Thunderbird Allows XSS Attacks and Entity Masking Memory Corruption Vulnerabilities in Firefox 69 and Firefox ESR 68.1 Firefox Content Process Vulnerability: Unauthorized Permission Granting Buffer Over-read Vulnerability in dhcpcd's D6_OPTION_PD_EXCLUDE Feature Remote File and Service Enumeration through SSRF in phpBB SQL Injection Vulnerability in phpMyAdmin Designer Feature Privilege Escalation Vulnerability in TeamViewer 14.2.2558 Windows RPCSS.dll Memory Object Handling Elevation of Privilege Vulnerability Vulnerability: Insecure Dependency Resolution in Eclipse Buildship Unused RPATHs in AIX builds of Eclipse OpenJ9 before 0.15.0: Code Injection and Privilege Elevation Vulnerability Arbitrary Write Vulnerability in Eclipse OpenJ9's String.getBytes() Method RPATH Vulnerability in AIX Builds of Eclipse OMR Prior to 0.1 Loop Versioning Bug in Eclipse OMR Prior to 0.1: Potential Field Value Privatization Failure Privatization Failure in Loop Versioning Vulnerability in Eclipse OpenJ9 Reflected XSS Vulnerability in Eclipse BIRT Report Viewer TLS Host Name Verification Bypass in Eclipse Paho Java Client Library 1.2.0 Use After Free Vulnerability in Eclipse Mosquitto MQTT v5 Client Stack Overflow Vulnerability in Eclipse Mosquitto MQTT Broker Windows SSDP Service Elevation of Privilege Vulnerability Improper Access Control in Odoo Community and Enterprise 13.0: Remote Privilege Escalation via Crafted RPC Requests Account Privilege Escalation via Crafted Links in Odoo Community and Enterprise 12.0 and Earlier Privilege Escalation via Improper Access Control in Odoo Community and Enterprise 14.0 and earlier Improper Access Control in Mail Module Allows Unauthorized Subscription to Channels Arbitrary Message Access Vulnerability in Odoo Community and Enterprise 14.0 and earlier Improper Access Control in Mail Module Allows Unauthorized Access and Subscription Arbitrary Content Modification Vulnerability in Odoo Community and Enterprise 13.0 and Earlier Windows Unistore.dll Elevation of Privilege Vulnerability Windows WCMSVC.dll Elevation of Privilege Vulnerability Insecure Permissions in OX App Suite 7.10.1 and earlier Vulnerability: Media Deletion in WooCommerce Checkout Manager Plugin Weak PRNG in Ratpack versions before 1.6.1 allows session ID sequence determination Cross-Site Scripting (XSS) Vulnerability in Joomla! before 3.9.6 Remote Desktop Services Remote Code Execution Vulnerability Use-after-free vulnerability in Linux kernel before 5.0.7 allows for Denial of Service Use-after-free vulnerability in Linux kernel before 5.0.4 allows unauthorized read access to /proc/ioports after removal of ipmi_si module Persistent XSS Vulnerability in MISP before 2.4.107 Allows JavaScript Injection via Discussion Interface Persistent XSS via javascript:// links in MISP before 2.4.107 Persistent XSS via Image Names in Titles in MISP before 2.4.107 Race Condition Leading to Use-After-Free in rds_tcp_kill_sock Privilege Escalation via Incorrect Access Control in OPNsense and pfSense WebUI Stored Cross-Site Scripting (XSS) in Alkacon OpenCMS v10.5.4 and Earlier CSV Injection Vulnerability in Alkacon OpenCMS v10.5.4 and earlier Remote Desktop Services Remote Code Execution Vulnerability Synology Calendar Information Exposure Vulnerability Arbitrary SQL Command Execution in Synology Photo Station Arbitrary File Upload Vulnerability in Synology Photo Station CRLF Injection Vulnerability in Synology Router Manager (SRM) Network Center Arbitrary Web Script Injection in Synology Calendar Event Editor Arbitrary File Upload Vulnerability in Synology Moments Arbitrary Web Script Injection in Synology Note Station Cross-site scripting (XSS) vulnerability in Chart in Synology Office before 3.1.4-2771 Remote Code Execution Vulnerability in Synology Calendar VBScript Engine Remote Code Execution Vulnerability PharStreamWrapper Package Vulnerability: Bypassing Deserialization Protection Mechanism Directory Traversal Vulnerability in PharStreamWrapper Package for TYPO3 Remote Code Execution in TYPO3 Image Processing Applications Uninitialized Memory Disclosure in ext4 Extents Tree Block Out-of-Bounds Access Vulnerability in cJSON (before 1.7.11) due to \x00 in String Literal Out-of-Bounds Access Vulnerability in cJSON before 1.7.11 Cleartext Mail Content Vulnerability in Rediffmail Android App Segmentation Fault Vulnerability in njs through 0.3.1 Heap-based Buffer Overflow in njs through 0.3.1: Vulnerability in NGINX Heap-based Buffer Overflow in njs through 0.3.1: Array.prototype.push Vulnerability Windows Core Shell COM Server Registrar Elevation of Privilege Vulnerability Flaw in Salsa20 Cryptography Library Allows Keystream Reuse and Predictability OpenPGP Message Forgery Vulnerability in Go Cryptography Libraries Predictable Random Number Generation in Matrix Sydent and Synapse Reflective Server-Side XSS Vulnerability in MailPoet Plugin for WordPress RICOH SP 4520DN HTML Injection Vulnerability RICOH SP 4510DN HTML Injection Vulnerability XSS and HTML Injection Vulnerability in dotCMS 5.1.1 via /servlets/ajax_file_upload?fieldName=binary3 Improper Privilege Management Vulnerability in ALEOS: Root Escalation via Command Shell AT Command API Abuse Vulnerability in ALEOS Versions Before 4.13.0, 4.9.5, 4.4.9 Stack Overflow Vulnerability in ALEOS AT Command APIs (Before 4.11.0) Enables Code Execution Stack Corruption Vulnerability in Windows Subsystem for Linux AT Command Interface Stack Overflow Vulnerability in ALEOS before 4.11.0 Remote Code Execution via Buffer Overflow in Sierra Wireless ALEOS Out-of-Bounds Reads Vulnerability in ACEView Service of ALEOS AT Command Interface Command Injection Vulnerabilities in ALEOS Versions Before 4.11.0 and 4.9.4 Default RPC Server Vulnerability in ALEOS Versions 4.12.0, 4.9.5, and 4.4.9 Nonce Reuse Vulnerability in ACEView Service Allows Message Replay Information Disclosure Vulnerability in AceManager of ALEOS before 4.12.0, 4.9.5, and 4.4.9 Multiple Buffer Overflow Vulnerabilities in AceManager Web API of ALEOS Buffer Overflow Vulnerability in ALEOS SMS Handler API: Potential Root Code Execution Windows WCMSVC.dll Elevation of Privilege Vulnerability Traffic Proxying Vulnerability in ALEOS SSH Service Realtek NDIS Driver rt640x64.sys Buffer Size Vulnerability Arbitrary Kernel Write Vulnerability in SoftEther VPN Server Yuzo Related Posts Plugin 5.12.94 for WordPress XSS Vulnerability XmlLite Runtime Denial of Service Vulnerability XSS Vulnerability in Serendipity before 2.1.5 via Mishandled EXIF Data XSS Vulnerability in Custom Field Suite Plugin for WordPress CSV Injection Vulnerability in WordPress Popup Plugin Buffer Overflow in DoPreSharedKeys in wolfSSL 4.0.0 Privilege Escalation Vulnerability in Blue Prism Robotic Process Automation 6.4.0.8445 Reflected XSS Vulnerability in PrestaShop 1.7.5.2 Installation Script Unauthenticated Credential Theft via Crafted ESSID in PIX-Link Repeater/Router LV-WR09 (v28K.MiniRouter.20180616) Firmware Integer Overflow Vulnerability in XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 Cameras Directory Traversal Vulnerability in WEBrick Gem 1.4.2 for Ruby LNK Remote Code Execution Vulnerability in Microsoft Windows SQL Injection Vulnerability in CommSy 8.6.5 via cid Parameter Arbitrary Content Injection Vulnerability in Rancher 2.1.4 Login Component Information Disclosure Vulnerability in Linux Kernel HIDP Sock IOCTL Function Cleartext Password Vulnerability in eyeDisk's Unlock Feature WaspThemes Visual CSS Style Editor Plugin CSRF Vulnerability File Upload Vulnerability in SimplyBook.me Privilege Escalation Vulnerability in Go 1.12.5 on Windows Denial of Service Vulnerability in Sony BRAVIA Smart TV Devices via Crafted Web Page over HbbTV Denial of Service Vulnerability in Sony Bravia Smart TV Devices App Pairing Mechanism Privilege Escalation Vulnerability in Bosch Smart Home Controller Improper Access Control in Bosch Smart Home Controller (SHC) JSON-RPC Interface Incorrect Privilege Assignment Vulnerability in Bosch Smart Home Controller (SHC) API Improper Access Control Vulnerability in Bosch Smart Home Controller Backup Mechanism Improper Access Control Vulnerability in Bosch Smart Home Controller (SHC) JSON-RPC Interface Privilege Escalation Vulnerability in Bosch Smart Home Controller (SHC) Pairing Mechanism Server-Side Request Forgery (SSRF) Vulnerability in Backup & Restore Functionality Reverse Engineering Vulnerability in Bosch Access Professional Edition (APE) 3.8 Allows Unauthorized APE Administration Privileges Unauthenticated Access to Sensitive Data via Windows SMB Protocol in Bosch Access Professional Edition (APE) 3.8 Windows Image Elevation of Privilege Vulnerability Cross-Origin Security Bypass Vulnerability in Microsoft Browsers Vulnerability: Out of Bounds Write in Proxygen's Structured HTTP Headers Parsing Race Condition Vulnerability in Zstandard Compression Functions Unbounded Buffer Allocation Vulnerability in Mcrouter Padding-based Memory Exhaustion Vulnerability in Fizz JPEG APP12 Block Marker Boundary Check Vulnerability JPEG Header Processing Vulnerability in GD Extension WhatsApp Integer Overflow Vulnerability in Media Parsing Libraries Cross-Site Scripting Vulnerability in WhatsApp Desktop Versions Prior to v0.3.4932 Boundary Check Vulnerability in number_format Function Allows Remote Code Execution Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution Invalid Free Vulnerability in mb_detect_order WhatsApp MP4 Parsing Stack-Based Buffer Overflow Vulnerability Double Free Vulnerability in android-gif-drawable Library Allows Remote Code Execution Heap Buffer Overflow Vulnerability in libpl_droidsonroids_gif Out-of-Bounds Read Vulnerability in AsyncSSLSocket in Folly Out-of-bounds Memory Access Vulnerability in HHVM Null Byte Truncation Vulnerability in APC Functions Stack Exhaustion Vulnerability in Mcrouter Prior to v0.41.0 Denial of Service Vulnerability in Java Facebook Thrift Servers Denial of Service Vulnerability in Golang Facebook Thrift Servers Internet Explorer Scripting Engine Memory Corruption Vulnerability HPACK Header Table Corruption Vulnerability in Proxygen Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Remote Credential Disclosure Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Chakra Scripting Engine Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Chakra Scripting Engine Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Privilege Escalation Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Chakra Scripting Engine Remote Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability SyncController.dll Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Cross Site Scripting Vulnerability in HPE Integrated Lights-Out (iLO) Servers Critical Remote Buffer Overflow Vulnerability in HPE Integrated Lights-Out (iLO) Servers Title: HPE Intelligent Management Center (IMC) PLAT SQL Injection Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Local Unauthorized Elevation of Privilege Vulnerability in HPE Smart Update Manager (SUM) prior to v8.4 Critical Remote Unauthorized Access Vulnerability in HPE Smart Update Manager (SUM) Prior to Version 8.3.5 Remote Denial of Service Vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module) Outlook Remote Code Execution Vulnerability Unauthorized Remote Access and Data Exposure Vulnerability in HPE UIoT Versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 Remote Information Disclosure Vulnerability in HPE 3PAR Service Processor (SP) 4.1-4.4 Remote Cross-Site Scripting Vulnerability in HPE OneView for VMware vCenter 9.5 Unauthenticated File Manipulation Vulnerability in HPE SimpliVity Nodes Unauthenticated Remote Execution of Manifest Files in HPE SimpliVity Nodes Unauthorized Remote Access and Data Exposure Vulnerability in HPE UIoT version 1.2.4.2 Elevated Privileges Vulnerability in HPE Nimble Storage Systems Cross Site Scripting Vulnerability in HPE enhanced Internet Usage Manager (eIUM) Versions 8.3 and 9.0 Multiple Remote Vulnerabilities in HPE Superdome Flex Server: Bypassing Security Restrictions and Accessing Information Disclosure and Denial of Service Remote Arbitrary File Download and Cross-Site Scripting Vulnerabilities in HPE OpenCall Media Platform (OCMP) Outlook Object Memory Handling Remote Code Execution Vulnerability Potential Remote Access Restriction Bypass in HPE MSE Msg Gw Application E-LTU Remote Session Reuse Vulnerability in HPE MSA SAN Storage Remote Session Reuse Vulnerability in HPE MSA SAN Storage Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1206) Remote Code Execution Vulnerability in MapR CLDB Code Session Object Information Disclosure in Microsoft SharePoint Microsoft Office SharePoint XSS Vulnerability Outlook Message Processing Elevation of Privilege Vulnerability Regular Expression Denial of Service (ReDoS) Vulnerability in lib/common/html_re.js of remarkable 1.7.1 Privilege Escalation via Insecure Permissions in Panda Products XSS Vulnerability in remarkable 1.7.1 via URL Filtering Mishandling Buffer Overflow Vulnerability in Citrix NetScaler Gateway and Application Delivery Controller LemonLDAP::NG -2.0.3 Access Control Vulnerability XSS Vulnerability in Gridea v0.8.0 Allows Arbitrary Code Execution Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1202) Windows Server DHCP Service Memory Corruption Vulnerability NULL Dereference Vulnerability in QEMU's ahci_commit_buf Function Infinite Loop Vulnerability in QEMU SCSI Adapter Emulator VBScript Object Memory Handling Remote Code Execution Vulnerability Memory Safety Vulnerability in Rust Programming Language Standard Library Arbitrary File Read Vulnerability in FasterXML jackson-databind Unprotected Intent Vulnerability in Samsung S9+, S10, and XCover 4 P(9.0) Devices Lync 2013 Information Disclosure Vulnerability Command Injection Vulnerability in Netskope Client Service Cross-Site Scripting (XSS) Vulnerability in Horde Groupware Webmail Edition 5.2.22 CSRF Vulnerability in Horde Trean Bookmark Tags Parameter Telerik Fiddler v5.0.20182.28034 Hash Verification Bypass Vulnerability Vulnerability: Man-in-the-Middle Attack in Heimdal Client Side PKINIT Key Exchange Verification Arbitrary Code Execution Vulnerability in PHP-Fusion 9.03.00's edit_profile.php Denial of Service Vulnerability in LibNyoci 0.07.00rc1: coap_decode_option in coap.c Unauthenticated File Upload and Exploration Vulnerability in Kentico 11-12 Pre-Authentication Command Injection Vulnerability in TP-Link M7350 V3 Configuration Interface Post-Authentication Command Injection Vulnerabilities in TP-Link M7350 V3 Unauthenticated Access to Log Files and Service Restart in Supervisor Use After Free vulnerability in MiniUPnP MiniSSDPd 1.4 and 1.5 allows remote code execution Heap Information Leak Vulnerability in MiniUPnP MiniUPnPd through 2.1 Denial of Service Vulnerability in MiniUPnP MiniUPnPd through 2.1: NULL Pointer Dereference in GetOutboundPinholeTimeout Denial of Service Vulnerability in MiniUPnP MiniUPnPd through 2.1: NULL Pointer Dereference in GetOutboundPinholeTimeout Git for Visual Studio Configuration File Parsing Elevation of Privilege Vulnerability NULL Pointer Dereference Vulnerability in MiniUPnP MiniUPnPd through 2.1 NULL Pointer Dereference Vulnerability in MiniUPnP MiniUPnPd through 2.1 Arbitrary Command Execution Vulnerability in ONAP SDNC Arbitrary Command Execution in ONAP SDNC Arbitrary Code Execution Vulnerability in ONAP HOLMES Arbitrary Code Execution Vulnerability in ONAP SDC Arbitrary Code Execution Vulnerability in ONAP SDC Arbitrary Code Execution Vulnerability in ONAP SDC Arbitrary Code Execution Vulnerability in ONAP SDC Arbitrary Code Execution Vulnerability in ONAP SDC Windows Server DHCP Service Memory Corruption Vulnerability Arbitrary Code Execution Vulnerability in ONAP VNFSDK Padding Oracle Attack Vulnerability in ONAP Portal User Password Retrieval Vulnerability in ONAP Portal Arbitrary Command Execution Vulnerability in ONAP SDNC Arbitrary File Read/Write Vulnerability in ONAP APPC Unauthenticated Access Vulnerability in ONAP Logging through Dublin Unauthenticated Access Vulnerability in ONAP DCAE through Dublin Unauthenticated Access Vulnerability in ONAP OOM through Dublin Unauthenticated Access Vulnerability in ONAP SO through Dublin Unauthenticated Access Vulnerability in ONAP MSB through Dublin Windows Server DHCP Service Memory Corruption Vulnerability Unauthenticated Access Vulnerability in ONAP CLI through Dublin Arbitrary User Impersonation Vulnerability in ONAP APPC and SDC Arbitrary Command Execution Vulnerability in ONAP SDNC Local Privilege Escalation Vulnerability in Multiple Zoho ManageEngine Products CSV Injection in Workday Export Feature Remote Code Execution Vulnerability in PaperCut MF and NG Application Server XSS Vulnerability in BoostIO Boostnote 0.11.15 via Mermaid Label Directory Traversal Vulnerability in Typora 0.9.9.24.6 on macOS Directory Traversal Vulnerability in MacDown 0.7.1 Allows Arbitrary Program Execution Cross-Site Scripting (XSS) Vulnerability in eZ Platform Admin UI Windows Common Log File System Driver Elevation of Privilege Vulnerability Directory Traversal Vulnerability in Progress Ipswitch WS_FTP Server 2018 before 8.6.1 Path Traversal and Remote Code Execution Vulnerability in Progress ipswitch WS_FTP Server 2018 before 8.6.1 Directory Traversal Vulnerability in Progress Ipswitch WS_FTP Server 2018 before 8.6.1 Directory Traversal Vulnerability in Progress ipswitch WS_FTP Server 2018 before 8.6.1 Argument Injection Vulnerability in Sangoma Session Border Controller (SBC) 2.3.23-119 GA Web Interface Authentication Bypass Vulnerability in Sangoma Session Border Controller (SBC) 2.3.23-119 GA Web Interface Arbitrary SQL Command Execution in SilverStripe/RestfulServer and SilverStripe/Registry Modules Winsock Elevation of Privilege Vulnerability Unrestricted File Upload Vulnerability in Karamasoft UltimateEditor 1 SSRF Vulnerability in RealObjects PDFreactor before 10.1.10722 XML External Entity (XXE) Vulnerability in RealObjects PDFreactor before 10.1.10722 NULL Pointer Dereference in QEMU's interface_release_resource Function Exposure of Server Metadata in JetBrains TeamCity and UpSource Versions before 2018.2.5 Credential Disclosure via RPC Commands in JetBrains UpSource Versions Before 2018.2 Build 1293 GoHTTP GetExtension Heap-Based Buffer Overflow Stack-Based Buffer Over-read Vulnerability in GoHTTP through 2017-07-25 Memory Object Handling Vulnerability in DirectX GoHTTP sendHeader Use-After-Free Vulnerability SSRF Vulnerability in WPO WebPageTest 19.04 due to Inadequate Validation of Octal Encoded IP Addresses Unverified Update Execution Vulnerability in Upwork Time Tracker 5.2.2.716 Information Disclosure Vulnerability in GAT-Ship Web Module 1.30 Remote Code Execution Vulnerability in Status React Native Desktop before v0.57.8_mobile_ui Command Execution Vulnerability in MiCollab and MiCollab AWV Cross-Site Scripting (XSS) Vulnerability in Emerson Network Power Liebert Challenger 5.1E0.5 Devices via statusstr Parameter in httpGetSet/httpGet.htm Remote Code Execution Vulnerability in Four-Faith Wireless Mobile Router F3x24 v1.0 Arbitrary File Upload and Directory Traversal Vulnerability in ATutor 2.2.4 Chakra Scripting Engine Remote Code Execution Vulnerability Arbitrary File Upload and Remote Command Execution Vulnerability in ATutor through 2.2.4 Insecure Storage of Cleartext Credentials in Dropbox Desktop Application Arbitrary Code Execution via Modified File URL Syntax in Typora 0.9.9.21.1 (1913) Remote Code Execution in MacDown 0.7.1 (870) via file:\\\ URI in HREF Attribute Privilege Escalation Vulnerability in hide.me macOS VPN Helper Tool NULL Pointer Dereference in Zeek Network Security Monitor's Kerberos Protocol Parser Leading to Denial of Service (DoS) Privilege Escalation via Service Reconfiguration in HTC VIVEPORT Insecure Directory Permissions in HTC VIVEPORT Desktop Service Leading to Privilege Escalation via DLL Hijacking Outlook iOS Email Spoofing Vulnerability Arbitrary Code Execution Vulnerability in SmartBear ReadyAPI and SoapUI Privilege Escalation Vulnerability in SolarWinds Serv-U for Linux Remote Code Execution via Directory Traversal in Safescan Timemoto and TA-8000 Series Version 1.0 Remote File Read Vulnerability in Safescan Timemoto TM-616 and TA-8000 Series XSS Vulnerability in BoostIO Boostnote 0.11.15 via Flowchart, Sequence, Gallery, or Chart Label in MarkdownPreview.js Arbitrary File Upload and Remote Command Execution in eLabFTW 1.8.5 Cross-Site Scripting (XSS) Vulnerability in Sylius Products XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 via SearchN.do Search Field Windows Transaction Manager Memory Object Handling Vulnerability Cross-Site Scripting (XSS) Vulnerability in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.747 via testacc/fileManager2.php fm_current_dir or filename parameter SQL Injection Vulnerability in H3C H3Cloud OS (All Versions) via ear/grid_event sidx Parameter XSS Vulnerability in TP-Link TL-WR840N v5 00000005 Devices via Network Name Arbitrary SQL Command Execution Vulnerability in Zoho ManageEngine NetFlow Analyzer 12.3 Stack-Based Buffer Over-Read Vulnerability in GoHttp via Long User-Agent Header Microsoft Browser Security Zone Validation Bypass Vulnerability Session Fixation Vulnerability in SilverStripe Change Password Form Unauthenticated Admin Access Vulnerability in SilverStripe through 4.3.3 SilverStripe 4.3.3 Vulnerability: Flash Clipboard Reflected XSS Heap-Based Buffer Overflow in njs through 0.3.1: A Critical Vulnerability in NGINX Heap-Based Buffer Over-Read Vulnerability in njs through 0.3.1 Heap-Based Buffer Overflow in njs_function_native_call in njs/njs_function.c Privilege Escalation and Information Disclosure in Yubico pam-u2f 1.0.7 Internet Explorer Scripting Engine Memory Corruption Vulnerability File Descriptor Inheritance Vulnerability in Yubico pam-u2f 1.0.7 Heap Overflow Vulnerability in FreeImage 3.18.0 PluginTIFF.cpp Stack Exhaustion Vulnerability in FreeImage 3.18.0 when Reading Special JXR Files Stack Exhaustion Vulnerability in FreeImage 3.18.0 TIFFReadDirectory Function Out-of-Bounds Access in FreeImage 3.18.0 due to Mishandling of OpenJPEG j2k_read_ppm_v3 Function Full Path Disclosure Vulnerability in Matomo v3.9.1 Heap-based Buffer Overflow in IMG_LoadPCX_RW function NULL Pointer Dereference in SDL stdio_read Function NULL Pointer Dereference in IMG_LoadPCX_RW function Invalid Free Error in SDL_SetError_REAL Function Remote Desktop Services Remote Code Execution Vulnerability Out-of-Bounds Read Vulnerability in SDL2 and SDL2_image SEGV Vulnerability in SDL2 and SDL2_image Out-of-Bounds Read Vulnerability in SDL 2.0.9 Buffer Overflow Vulnerability in Hanwah Techwin SRN-x Devices Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Vulnerability: Lack of CSRF Protection in WP Booking System Plugin 1.5.1 for WordPress Windows RDP Server Memory Disclosure Vulnerability Insecure Deserialization Vulnerability in Virim Plugin 0.4 for WordPress Insecure Deserialization Vulnerability in Carts Guru Plugin for WordPress Istio 1.1.x through 1.1.6 Incorrect Access Control Vulnerability Incorrect Access Control for Protected Files in SilverStripe through 4.3.3 Denial of Service Vulnerability in SilverStripe 4.3.3 QEMU 3.0.0 Integer Overflow Vulnerability in qga/commands*.c Files Remote Code Execution via Malicious Email in OTRS Windows RDP Server Memory Disclosure Vulnerability Stored XSS Vulnerability in IdentityServer4 RequestLoggerMiddleware SQL Injection Vulnerability in UCMS 1.4.7 via sadmin/ceditpost.php Arbitrary Post Viewing Vulnerability in Zoho ManageEngine ServiceDesk Plus through 10.5 CSRF Vulnerability in My Little Forum before 2.4.20 Allows Unauthorized Post Deletion Unauthenticated Access Control Vulnerability in Tecson Tankspion and GOKs SmartBox 4 Vulnerability: Wind River VxWorks TCP Component Buffer Overflow (Issue 1 of 4) Buffer Overflow in IPv4 Component: IPNET Stack Overflow Vulnerability Buffer Overflow in VxWorks DHCP Client Component: IPNET Heap Overflow Vulnerability Session Fixation Vulnerability in Wind River VxWorks TCP Component IPNET Security Vulnerability: Denial of Service via NULL Dereference in IGMP Parsing Remote Desktop Services Remote Code Execution Vulnerability Buffer Overflow in TCP Component: IPNET Security Vulnerability Buffer Overflow in Wind River VxWorks TCP Component: IPNET Urgent Pointer State Confusion Vulnerability Vulnerability: Incorrect Access Control in VxWorks RARP Client Component Buffer Overflow in TCP Component: IPNET Security Vulnerability Incorrect Access Control in IPv4 Assignment by ipdhcpc DHCP Client Component in Wind River VxWorks Memory Leak in IGMPv3 Client Component in Wind River VxWorks Arbitrary Code Execution Vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 PGP Signature Spoofing Vulnerability in Enigmail before 2.0.11 Windows Kernel Object Memory Handling Vulnerability Excessive Permissions Vulnerability in OpenText Brava! Enterprise and Brava! Server Unrestricted File Upload Vulnerability in Sandline Centraleyezer (On Premises) Command Injection Vulnerability in OpenWrt LuCI Web Application CSRF Vulnerability in OutSystems Platform 10 through 11 for Content Modifications and File Uploads Unprivileged Users Can Gain Admin Access in Rancher Management Plane through Node Driver Options GrandNode 4.40 LetsEncryptController Path Traversal Vulnerability Path Traversal Vulnerability in Blogifier 2.3 before 2019-05-11 Address Bar Spoofing Vulnerability in Opera for Android Nagios XI 5.6.1 SQL Injection Vulnerability in login.php?forgotpass Windows Kernel Object Memory Handling Vulnerability Uncontrolled Search Path Element in PC-Doctor Toolbox before 7.3 Unauthenticated Firmware Update Vulnerability in VStarcam 100T and 200V Devices Unauthenticated Remote Command Execution in VStarcam Firmware Update Dynamics On-Premise v9 Elevation of Privilege Vulnerability Vulnerability: Domain Impersonation in GNU libidn2 Incorrect Access Control in HashiCorp Consul 1.4.0 through 1.5.0 Allows Unauthorized Key Deletion Critical Vulnerability: Incorrect Access Control in Citrix AppDNA before 7 1906.1.0.472 Heap-based Buffer Over-read in JPXStream::init in Poppler Vulnerability: Denial of Service in Wireshark Dissection Engine Use of an Externally Controlled Format String Vulnerability in scopd on Motorola Routers CX2 1.01 and M2 1.01 Out-of-Bounds Write Vulnerability in Leanify 0.4.3 Stored XSS Vulnerability in Sandline Centraleyezer (On Premises) Category Name Field Hyper-V Network Switch Input Validation Vulnerability OAuth Authorization Token Hijacking Vulnerability Root Password Reset Vulnerability in Percona Server 5.6.44-85.0-1 Packages Arbitrary Command Execution and File Read Vulnerability in Rancher 2 through 2.2.3 Vulnerability: Weak Administrator Password Hash in EZCast Pro II Clickable JavaScript Link Vulnerability in Django AdminURLFieldWidget dotCMS Path Traversal Vulnerability in ZIP Archive Extraction Server SSL/TLS Certificate Validation Vulnerability in Rome SDK ExaGrid Appliance Firmware v4.8.1.1044.P50 Directory Traversal Vulnerability Unrestricted File Upload in Sandline Centraleyezer (On Premises) Leads to Stored XSS Libreswan 3.27 Vulnerability: Assertion Failure and IKE Daemon Restart Cross-Site Scripting (XSS) Vulnerability in Shave before 2.5.3 Local File Inclusion Vulnerability in Deltek Maconomy 2.2.5 via Absolute Path Traversal Reflected Cross-Site Scripting (XSS) Vulnerability in Samsung SCX-824 Printers Improper Impersonation in Diagnostics Hub Standard Collector Service: Elevation of Privilege Vulnerability Invalid Pointer Write DoS Vulnerability in Hosting Controller HC10 10.14 Command Injection Vulnerability in Akuvox R50P VoIP Phone Configuration Web Interface Buffer Overflow Vulnerabilities in Htek UC902 VoIP Phone Web Management Interface Arbitrary Code Execution via Manipulated Ringtone Upload in Akuvox R50P VoIP Phone 50.0.6.156 Insecure Telnet Access with Hardcoded Credentials in Akuvox R50P VoIP Phone 50.0.6.156 Command Injection Vulnerability in Atcom A10W VoIP Phone Firmware 2.6.1a2421 Memory Object Handling Vulnerability in Microsoft Exchange Server XXE vulnerability in PHPOffice PhpSpreadsheet before 1.8.0 Azure Stack Spoofing Vulnerability Cross-Site Scripting (XSS) Vulnerability in Kiboko Hostel Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in miniOrange SAML SP Single Sign On Plugin for WordPress Stored XSS Vulnerability in pfSense 2.4.4-p3 via acme_accountkeys_edit.php Action SQL Injection Vulnerability in zzcms 2019 via daohang or img POST parameter SQL Injection Vulnerability in zzcms 2019 via /admin/dl_sendsms.php Windows Text Service Framework Elevation of Privilege Vulnerability SQL Injection Vulnerability in zzcms 2019 via dl_download.php SQL Injection Vulnerability in zzcms 2019 via Trailing Comma in id Parameter SQL Injection Vulnerability in zzcms 2019: Exploiting dl_sendmail.php SQL Injection Vulnerability in zzcms 2019: Exploiting /admin/dl_sendmail.php via id Parameter SQL Injection Vulnerability in zzcms 2019: Admin Authority SQL Injection in /admin/showbad.php SQL Injection Vulnerability in zzcms 2019: /user/dls_print.php (id parameter) SQL Injection Vulnerability in zzcms 2019: Exploiting /user/dls_download.php via id parameter SQL Injection Vulnerability in zzcms 2019: Admin Authority SQL Injection in deluser.php SQL Injection Vulnerability in zzcms 2019: Exploiting dl_sendsms.php SQL Injection Vulnerability in zzcms 2019: Admin Authority SQL Injection via id Parameter in /admin/ztliuyan_sendmail.php VBScript Object Memory Handling Remote Code Execution Vulnerability Stack-based Buffer Over-read Vulnerability in Xpdf 4.01.01 Cross-Site Scripting (XSS) Vulnerability in EmpireCMS 7.5.0 via e/member/doaction.php Cross-Site Scripting (XSS) Vulnerability in EmpireCMS 7.5.0 via HTTP Referer Header in e/member/doaction.php CSRF Vulnerability in JN-Jones MyBB-2FA Plugin Allows Unauthorized Deactivation of Two-Factor Authentication XSS and Arbitrary File Loading Vulnerability in Newton Application for Android XSS and Arbitrary File Loading Vulnerability in Nine Application for Android XSS and Arbitrary File Loading Vulnerability in BlueMail for Android XSS and Arbitrary File Loading Vulnerability in Edison Mail for Android XSS and Arbitrary File Loading Vulnerability in TypeApp for Android Chakra Scripting Engine Remote Code Execution Vulnerability XSS and Arbitrary File Loading Vulnerability in Spark Application for Android SQL Injection Vulnerability in Petraware pTransformer ADC Remote Disclosure of Administrator Passwords in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5 SQL Injection Vulnerability in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5 Open Directory Vulnerability in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5 Hard-coded Encryption Key Vulnerability in Ivanti LANDESK Management Suite Arbitrary File Upload Vulnerability in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5 Unchecked kmalloc in ip6_ra_control leading to potential denial of service Memory Leak in con_insert_unipair Function in Linux Kernel VBScript Object Memory Handling Remote Code Execution Vulnerability EFI Subsystem Memory Allocation Failure Vulnerability Unchecked kmalloc in ip_ra_control leading to potential denial of service Unchecked kstrdup in drm_load_edid_firmware leading to potential NULL pointer dereference and system crash Information Exposure Vulnerability in Tor Browser Polymorphic Deserialization Vulnerability in FasterXML Jackson-Databind 2.x SQL Injection Vulnerability in Ampache Search Engine Stored XSS in Ampache's LocalPlay add instance functionality HTTP Request Injection Vulnerability in Twisted Web ClearText Transmission Vulnerability in Anviz Access Control Devices Anviz Access Control Devices Vulnerability: Unauthorized Access to Credentials via Port TCP/5010 VBScript Object Memory Handling Remote Code Execution Vulnerability Anviz Access Control Devices Vulnerability: Unauthorized Remote Query of Private Information Insufficient Logging of Door Open Requests in Anviz Management System for Access Control Anviz Access Control Devices: Remote Command Execution without Password Vulnerability in Anviz Access Control Devices: Exploitable Replay Attacks on Open Door Requests Unverified Password Change Vulnerability in Anviz Access Control Devices Unauthenticated Access to Map Images in Webbukkit Dynmap 3.0-beta-3 or Below Cross-Site Scripting Vulnerability in Apache Ranger's Policy Import Functionality Arbitrary JavaScript Execution Vulnerability in Apache Airflow Classic UI Plaintext Secret Disclosure in Apache Kafka Connect Jet Database Engine Remote Code Execution Vulnerability Caching Mechanism Vulnerability in Apache Santuario XML Security for Java XML Resource Consumption Vulnerability in Solr Update Handler (a.k.a. Lol Bomb) Infinite Loop Denial of Service Vulnerability in Apache Commons Compress 1.15 to 1.18 Apache JSPWiki InfoContent.jsp XSS Vulnerability LDAP Authentication Bypass in Apache Traffic Control 3.0.0 and 3.0.1 Apache CXF Denial of Service Vulnerability Apache JSPWiki Plugin Link XSS Vulnerability Uninitialized Memory Bug in Apache Arrow 0.14.0 to 0.14.1 Insecure Remote JMX Monitoring in Apache Solr Jet Database Engine Remote Code Execution Vulnerability Uninitialized Memory Vulnerability in Apache Arrow Versions 0.12.0 to 0.14.1 Null Pointer Dereference Vulnerability in libapreq2 Multipart Parser Unauthorized Access to Database Metadata in Apache Incubator Superset Unauthorized Database Name Disclosure in Apache Incubator Superset before 0.32 XML External Entity (XXE) Processing Vulnerability in Apache POI up to 4.1.0 Vulnerability: Injection Attacks in DeltaSpike WindowHandler.js with ClientSideWindowStrategy Arbitrary JavaScript Execution and Local File Disclosure Vulnerability in Airflow Metadata Database Apache Tomcat JMX Remote Lifecycle Listener Man-in-the-Middle Vulnerability OpenId Connect Access Token Service Vulnerability Jet Database Engine Remote Code Execution Vulnerability Excessive Resource Consumption Vulnerability in Apache SpamAssassin Authentication Token Invalidation Vulnerability in NiFi Versions 1.0.0 to 1.9.2 Padding Attack Vulnerability in Apache Shiro's Remember Me Configuration Apache CXF OpenId Connect JWK Keys Service Exposes Private and Secret Key Credentials Apache OFBiz 17.12.01 Vulnerability: Host Header Injection Unauthenticated Access to Backend Screens via setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 Non-persistent XSS vulnerability in Zimbra Collaboration Admin Console (before 8.8.15 Patch 1) Bypassing Mandatory External Authentication Provider Sign-In Restrictions Improper Access Control in GitLab Community and Enterprise Edition Allows Unauthorized Access to Confidential Issue Details Jet Database Engine Remote Code Execution Vulnerability Remote Command Injection Vulnerability in GitLab Community and Enterprise Edition 11.11 Improper Access Control in GitLab Community and Enterprise Edition Allows Restricted Users to Access Private Milestone Metadata Information Disclosure Vulnerability in GitLab Community and Enterprise Edition Improper Input Validation in GitLab Community and Enterprise Edition: Creating Internal Projects in Private Groups Leads to Permission Issues URL Slug Guessing Vulnerability in GitLab Allows Information Disclosure Samba AD DC DNS Management Server NULL Pointer Dereference Vulnerability Samba 4.10.x: AD DC LDAP Server Denial of Service Vulnerability Incomplete CSRF Mitigation in SilverStripe GraphQL Mutations Improper Use of Temporary Directories in Bubblewrap Allows for Privilege Escalation DirectWrite Memory Disclosure Vulnerability Unauthenticated Command Injection Vulnerability in Sitecore Rocks Plugin Bypass of Protected Branches Restriction Rules in GitLab Persistent XSS Vulnerability on Child Epics in GitLab Enterprise Edition 11.7 through 11.11 Server-Side Request Forgery (SSRF) Vulnerabilities in GitLab Community and Enterprise Edition Persistent XSS Vulnerability in GitLab Wiki Pages Cross-Site Scripting (XSS) Vulnerability in GitLab Community and Enterprise Edition 8.4 through 11.11 Information Exposure through Error Message in GitLab Community and Enterprise Edition 8.3 through 11.11 Insecure File Ownership Handling in GNOME gvfs Race Conditions in GNOME gvfs Backend Admin Privilege Escalation Vulnerability in GNOME gvfs DirectWrite Memory Disclosure Vulnerability Improper File Permission Handling during Copy Operation in GNOME GLib Information Disclosure in Containous Traefik 1.7.x through 1.7.11 Stored XSS Vulnerability in MicroStrategy Web (before 10.1 patch 10) due to Missing Input Validation in FLTB Parameter Potential vulnerability in wcd9335_codec_enable_dec in Linux kernel through 5.1.5 Unchecked kstrndup in sunxi_divs_clk_setup leading to potential denial of service Double Fetch Vulnerability in Linux Kernel's MPT3COMMAND Case Directory Listing Vulnerability in FileRun 2019.05.21 Directory Listing Vulnerability in FileRun 2019.05.21 Directory Listing Vulnerability in FileRun 2019.05.21 Jet Database Engine Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Web Port 1.19.1 via /access/setup Type Parameter Cross-Site Scripting (XSS) Vulnerability in Web Port 1.19.1 via /log Type Parameter LibreNMS 1.50.1 Multiple Graphing Vulnerabilities Local File Inclusion Vulnerability in LibreNMS 1.50.1 SQL Injection Vulnerability in LibreNMS 1.50.1 CSRF Vulnerability in Wikimedia MediaWiki 1.32.1 MediaWiki Incorrect Access Control Vulnerability in Special:ChangeEmail Bypassing Re-authentication Vulnerability in Wikimedia MediaWiki 1.27.0 through 1.32.1 Incorrect Access Control in MediaWiki through 1.32.1: Exposed Suppressed Username or Log in Special:EditTags Jet Database Engine Remote Code Execution Vulnerability Incorrect Access Control in Wikimedia MediaWiki through 1.32.1: Exposed Suppressed Log in RevisionDelete Page XSS Vulnerability in Wikimedia MediaWiki 1.30.0 through 1.32.1 Bypassing IP Range Blocks via API in Wikimedia MediaWiki Title: Denial of Service Vulnerability in Wikimedia MediaWiki 1.27.0 through 1.32.1 Information Leak in Wikimedia MediaWiki 1.23.0 through 1.32.1 Stored XSS Vulnerability in MicroStrategy Web 10.4.6 and earlier versions Authentication Bypass Vulnerability in Zoho ManageEngine ADSelfService Plus Remote File Inclusion Vulnerability in Supra Smart Cloud TV's openLiveURL Function Path Traversal Vulnerability in 20|20 Storage LocalStorageProvider Jet Database Engine Remote Code Execution Vulnerability Denial of Service Vulnerability in BACnet Protocol Stack through 0.8.6 NULL Pointer Dereference in GPAC 0.7.1: GetESD Function Vulnerability NULL Pointer Dereference in GPAC 0.7.1: gf_isom_get_original_format_type Vulnerability Heap-based Buffer Overflow in GPAC 0.7.1 Command Injection Vulnerability in Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 Devices Jet Database Engine Remote Code Execution Vulnerability Reverse Tabnabbing Vulnerability in Simple Machines Forum (SMF) Arbitrary Command Execution with Root Privileges in OnApp for XEN/KVM Hypervisors Arbitrary Event Creation and Information Disclosure Vulnerability in Gallagher Command Centre Stack-based Buffer Over-read Vulnerability in Xpdf 4.01.01 Improper Access Control in Gardener Seed Clusters Allows Information Disclosure Out-of-Bounds Write Vulnerability in Tiny C Compiler 0.9.27 Default Skipping of Root CA Certificate Verification in Gobot MQTT Subsystem Information Disclosure Vulnerability in OTRS Customer Frontend Unauthenticated REST API Access Vulnerability in WP Live Chat Support Plugin Firejail before 0.9.60 Vulnerability: Binary Truncation Jet Database Engine Remote Code Execution Vulnerability Bluetooth Low Energy Command Spoofing Vulnerability in Xiaomi M365 Scooter CSRF Vulnerability in MOBOTIX S14 MX-V4.2.1.61 Cameras Allows Unauthorized Account Creation Keystroke Injection Vulnerability in Inateck BCST-60 Wireless Barcode Scanner Keystroke Injection Vulnerability in Inateck WP2002 Wireless Presenter Unencrypted and Unauthenticated Data Communication Vulnerability in Inateck WP1001 v1.3C Wireless Presenter Keystroke Injection Vulnerability in Logitech R700 Laser Presentation Remote R-R0010 XSS Vulnerability in PHPRelativePath 1.0.2 via RelativePath.Example1.php Path Parameter DirectWrite Memory Disclosure Vulnerability Authentication Bypass Vulnerability in NETGEAR Nighthawk X10-R900's NETGEAR Genie SOAP API Arbitrary Command Execution Vulnerability in NETGEAR Nighthawk X10-R9000 Stored XSS Vulnerability in NETGEAR Nighthawk X10-R900 (CVE-2021-XXXX) Stored XSS Vulnerability in NETGEAR Nighthawk X10-R900 (CVE-2021-XXXX) Out-of-Bounds Read Vulnerability in Xpdf 4.01.01's FlateStream::getChar() Function SQL Injection Vulnerability in Slickquiz Plugin for WordPress Unauthenticated Cross-Site Scripting (XSS) Vulnerability in SlickQuiz WordPress Plugin Buffer Overflow Vulnerability in Anviz CrossChex Access Control Management Software 4.3.8.0 and 4.3.12 Stack Buffer Overflow in Squid's ESIExpression::Evaluate Windows GDI Memory Disclosure Vulnerability Vulnerability: Username Delimitation in Squid Caching Proxy Heap Overflow Vulnerability in Squid ESI Parsing Privilege Escalation Vulnerability in Squid Bypassing Access Controls in Squid URN Handling URL Encoding Bypass Vulnerability in Squid Squid Digest Authentication Header Parsing Vulnerability Heap-based Buffer Overflow in Squid URN Response Handling Heap-based Buffer Overflow in Squid HTTP Proxy Server FTP Server Triggered Heap Memory Disclosure in Squid Squid Proxy Server Basic Authentication Header Parsing Vulnerability Windows AppX Deployment Server Junction Handling Elevation of Privilege Vulnerability Vulnerability: Incorrect Access Control in stdonato Dashboard Plugin for GLPI Insyde Software Tools Access Control Vulnerability XSS Vulnerability in Zoho ManageEngine AssetExplorer's SearchN.do Search Field XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 SiteLookup.do Search Field XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus Purchase Component Uninitialized Memory Disclosure in Windows Hyper-V XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 10.5 via WorkOrder.do Search Field XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 via SearchN.do UserConfigID Parameter XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 9.3 via PurchaseRequest.do serviceRequestId Parameter Remote Code Execution in Bludit 3.9.0 via Logo Upload Vulnerability Hardcoded Private Keys in WAGO 852-303, 852-1305, and 852-1505 Devices File Handling Vulnerability in Microsoft Defender Leads to Denial of Service Hardcoded User and Password Vulnerability in WAGO 852-303, 852-1305, and 852-1505 Devices Arbitrary Memory Overwrite Vulnerability in SweetScape 010 Editor 9.0.1 Integer Overflow Vulnerability in SweetScape 010 Editor 9.0.1: Potential Denial of Service Arbitrary Memory Overwrite Vulnerability in SweetScape 010 Editor 9.0.1 Denial of Service Vulnerability in SweetScape 010 Editor 9.0.1 Denial of Service Vulnerability in SweetScape 010 Editor 9.0.1 Win32k Object Handling Elevation of Privilege Vulnerability Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0: Remote Code Execution with Admin Privileges Database Backup File Disclosure Vulnerability in DouCo DouPHP v1.5 Release 20190516 Stored XSS Vulnerability in WP Statistics Plugin for WordPress Stack-based Overflow Vulnerability in logMess Function in Open TFTP Server MT 1.65 and Earlier Stack-based Overflow Vulnerability in logMess Function in Open TFTP Server SP 1.66 and Earlier Arbitrary Command Execution Vulnerability in Viber Desktop (Windows) Microsoft SharePoint Remote Code Execution Vulnerability SQL Injection Vulnerability in Xpert Solution Server Status by Hostname/IP Plugin 4.6 for WordPress Arbitrary File Overwrite Vulnerability in London Trust Media Private Internet Access (PIA) VPN Client for macOS Arbitrary Code Execution Vulnerability in PIA VPN Client for Windows Privilege Escalation Vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS DLL Injection Vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows Privilege Escalation Vulnerability in PIA VPN Client v82 for Linux Privilege Escalation Vulnerability in PIA VPN Client for macOS Privilege Escalation Vulnerability in PIA VPN Client for macOS Privilege Escalation via OpenVPN's --route-pre-down Parameter Privilege Escalation Vulnerability in PIA VPN Client for Linux and macOS Azure Active Directory Authentication Library On-Behalf-Of Flow Elevation of Privilege Vulnerability Reflective Cross-site scripting (XSS) vulnerability in Zyxel ZyWall, USG, and UAG devices via err_msg parameter in free_time_failed.cgi Unrestricted Guest Account Generation in Zyxel UAG, USG, and ZyWall Devices Cross-Site Scripting (XSS) Vulnerability in Apcupsd 0.3.91_5 Arbitrary Command Execution in Apcupsd_status.php Denial of Service Vulnerability in Espressif ESP-IDF and ESP8266_NONOS_SDK Zero Pairwise Master Key (PMK) Installation Vulnerability in Espressif ESP-IDF and ESP8266_NONOS_SDK Denial of Service Vulnerability in Espressif ESP8266_NONOS_SDK Writable Seccomp Filters in Firejail: Bypassing Intended Restrictions Microsoft SharePoint Cross-Site Request Forgery (CSRF) Vulnerability Command Injection Vulnerability in NETGEAR Insight Cloud Firmware Evernote Web Clipper Extension UXSS Vulnerability Local File Inclusion Vulnerability in IceWarp Mail Server through 10.4.4 via Webmail/Calendar/Minimizer/Index.php Vulnerability: Incorrect Access Control in DOSBox 0.74-2 XSS Vulnerability in Zoho ManageEngine AssetExplorer via RCSettings.do rdsName Parameter XSS Vulnerability in Zoho ManageEngine AssetExplorer via SoftwareListView.do XSS Vulnerability in Zoho ManageEngine AssetExplorer via ResourcesAttachments.jsp SQL Injection Vulnerability in SuiteCRM 7.8.x - 7.11.x (Issue 1 of 3) SQL Injection Vulnerability in SuiteCRM 7.10.x and 7.11.x SharePoint Elevation of Privilege Vulnerability SQL Injection Vulnerability in SuiteCRM 7.8.x, 7.10.x, and 7.11.x (Issue 2 of 3) SQL Injection Vulnerability in SuiteCRM 7.8.x, 7.10.x, and 7.11.x Microsoft SharePoint Cross-Site Request Forgery (CSRF) Vulnerability Memory Allocation Vulnerability in Bitdefender BOX Firmware Arbitrary Code Execution Vulnerability in Bitdefender BOX Firmware Unchecked kstrdup in dlpar_parse_cc_property can lead to NULL pointer dereference and system crash Unchecked kstrdup_const in get_vdev_port_node_info can lead to NULL pointer dereference and system crash CSRF Vulnerability in phpMyAdmin Allows Remote Code Execution Access Escalation through Permission Cache Pollution in SilverStripe CMS Incorrect Access Control via the exec driver in HashiCorp Nomad 0.9.0 through 0.9.1 SQL Injection Vulnerability in Cisco SD-WAN Solution vManage Microsoft Office SharePoint XSS Vulnerability Arbitrary Value Injection Vulnerability in Cisco HyperFlex Software Statistics Collection Service Title: Cisco HyperFlex Software Vulnerability: Insufficient Key Management Enables Man-in-the-Middle Attacks Privilege Escalation Vulnerability in Cisco RoomOS Software File Enumeration Vulnerability in Cisco NFVIS Web Server Title: Cisco IOS XE NGWC Web Management Interface CSRF Vulnerability Zip Bomb Denial of Service Vulnerability in ClamAV Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Contact Center Express (Unified CCX) Web-Based Management Interface Unauthorized Read Access Vulnerability in Cisco Firepower Threat Defense (FTD) Software Arbitrary Command Execution Vulnerability in Cisco SD-WAN Solution's WebUI Memory Disclosure Vulnerability in Microsoft Excel Java Deserialization Vulnerability in Cisco Security Manager Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Guest Portal Cisco Finesse Server-Side Request Forgery (SSRF) Vulnerability Cisco Unified Contact Center Express Vulnerability: Server-Side Request Forgery (SSRF) Bypass Unauthenticated Remote DoS Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Unauthorized Access to Email Quarantine in Cisco Content Security Management Appliance (SMA) Software Cross-Site Request Forgery Vulnerability in Cisco Small Business Smart and Managed Switches Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Microsoft Office Input Handling Security Feature Bypass Vulnerability Cisco IOS XE Software REST API Authentication Bypass Vulnerability Cisco Identity Services Engine (ISE) Software: Cross-Site Scripting (XSS) Vulnerability in Web-Based Management Interface Title: Arbitrary Code Execution Vulnerability in Cisco Jabber Client Framework for Mac Software Cisco IOS XE Software NAT SIP ALG Vulnerability Cisco IOS and IOS XE Software Ident Protocol Handler Denial of Service Vulnerability Vulnerability: Unauthorized Access to Guest OS in Cisco IOx Application Environment Cisco IOS XE Software Image Verification Bypass Vulnerability Intune Policy Bypass Vulnerability in Microsoft Yammer App for Android Command Execution Vulnerabilities in Cisco IOS XE Software Web UI Command Execution Vulnerabilities in Cisco IOS XE Software Web UI Denial of Service Vulnerability in Cisco Catalyst 4000 Series Switches Cisco IOS XE Software Raw Socket Transport Denial of Service Vulnerability Cisco IOS and IOS XE Software SIP Library Denial of Service Vulnerability Buffer Overflow Vulnerability in Cisco IOS XE Software FTP ALG Cisco IOx Application Environment Denial of Service Vulnerability Denial of Service (DoS) Vulnerability in Cisco IOS XE Software with Unified Threat Defense (UTD) Cisco IOS XE Software Filesystem Resource Exhaustion Vulnerability Cisco IOS XE Software HTTP Server Crash Vulnerability Outlook Web App (OWA) Spoofing Vulnerability in Microsoft Exchange Server Memory Write Vulnerability in Cisco IOS XE CLI Arbitrary Command Execution Vulnerability in Cisco IOS XE Software Vulnerability: Bypassing Signature Verification in Cisco NX-OS and Cisco IOS XE Software Cisco TrustSec (CTS) PAC Provisioning Module Denial of Service Vulnerability Vulnerability in Dialer Interface Feature for ISDN Connections in Cisco IOS XE Software Unauthenticated Remote Attackers Can Read and Modify Data in Cisco IOS and IOS XE Software Directory Traversal Vulnerability in Cisco IOS XE Software's Guest Shell Stored Cross-Site Scripting (XSS) Vulnerability in Cisco IOS XE Software Stored Cross-Site Scripting (XSS) Vulnerability in Cisco IOS and Cisco IOS XE Software Cisco TrustSec RADIUS CoA Code Denial of Service Vulnerability Symbolic Link and Hard Link Vulnerability in Microsoft Compatibility Appraiser Insufficient File Permissions Vulnerability in Cisco IOS XE Software Shell Access Vulnerability in Cisco IOS XE Software Arbitrary Code Execution Vulnerability in Cisco IOS XE Software Cisco ASA and FTD Software FTP Inspection Engine Denial of Service Vulnerability Privilege Escalation Vulnerabilities in Cisco Firepower Threat Defense (FTD) Software Privilege Escalation Vulnerabilities in Cisco Firepower Threat Defense (FTD) Software OSPF Implementation Denial of Service Vulnerability in Cisco ASA and FTD Software Cisco ASA Software SSL VPN Denial of Service Vulnerability Cisco ASA and FTD Software SIP Inspection Module Denial of Service Vulnerability Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Winlogon File Path Handling Vulnerability Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary SQL Injection Vulnerabilities in Cisco Firepower Management Center (FMC) Software Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Web UI Arbitrary Command Execution Vulnerability in Cisco Firepower Management Center (FMC) Web UI Arbitrary Code Execution Vulnerability in Cisco Firepower Management Center (FMC) Software Windows ALPC Elevation of Privilege Vulnerability Arbitrary Command Injection Vulnerability in Cisco Firepower Management Center (FMC) Web UI Directory Traversal Vulnerability in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco ASA Software's Secure Copy (SCP) Feature Cisco Firepower Threat Defense (FTD) Software CLI Command Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco ASA and FTD WebVPN Portal Bypass of Malware and File Policies for RTF and RAR Files in Cisco Firepower System Software Detection Engine Bypass of Malware and File Policies for RTF and RAR Files in Cisco Firepower System Software Detection Engine WebVPN CPU Utilization Vulnerability in Cisco ASA and FTD Software Command Execution Vulnerabilities in Cisco FXOS and FTD Software Windows Store Installer Symbolic Link Attack Vulnerability Denial of Service Vulnerability in Cisco Firepower Software Unauthenticated Remote Bypass of File and Malware Inspection Policies in Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability in Cisco SPA100 Series Analog Telephone Adapters (ATAs) Web Interface Cross-Site Scripting Vulnerability in Cisco SPA122 ATA with Router Devices Arbitrary File Disclosure Vulnerability in Cisco SPA100 Series Analog Telephone Adapters (ATAs) Cross-Site Scripting (XSS) Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Cisco Email Security Appliance SPF Bypass Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Products Cisco SPA100 Series ATA Web Management Interface Information Disclosure Vulnerability Arbitrary Command Execution Vulnerability in Cisco ASR 9000 Series Routers Windows Media Elevation of Privilege Vulnerability in hdAudio.sys SQL Injection Vulnerability in Cisco Unified Communications Manager and Session Management Edition XML Entity Injection Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure Web Interface Cisco IC3000 Industrial Compute Gateway Web Management Interface Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Session Management Edition Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Session Management Edition Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business Smart and Managed Switches Incorrect Access Control Vulnerability in Picture_Manage_mvc.aspx Allows Unauthenticated File Upload Windows ALPC Elevation of Privilege Vulnerability SQL Injection Vulnerability in AUO SunVeillance Monitoring System SQL Injection Vulnerability in Teclib Fields Plugin for GLPI Stored XSS Vulnerability in Teclib News Plugin for GLPI Remote Command Execution Vulnerability in Zeroshell 3.9.0 Ubiquiti airCam 3.1.4 RTSP Service Denial of Service Vulnerability Cleartext HTTP Resolution Vulnerability in Grails before 3.3.10 Active Directory Federation Services XSS Vulnerability Uninitialized Variable Vulnerability in FFmpeg's aa_read_header Function Insecure Implementation Vulnerability in Snapview Mikogo for Windows XSS Vulnerability in Chartkick Gem (Ruby) Remote Code Execution Vulnerability in SiteVision 4 SiteVision 4 Vulnerability: Incorrect Access Control Arbitrary OS Command Execution via Modeline in Vim and Neovim Command Injection Vulnerability in JetBrains Ktor Framework before 1.2.0-rc Predictable Salt Vulnerability in UserHashedTableAuth Remote Code Execution via RAR Filename in Nextcloud ExtractionController Memory Address Initialization Vulnerability in Windows Kernel Cross-Site Scripting (XSS) Vulnerability in HAPI FHIR Testpage Overlay Module Insecure Direct Object Reference vulnerability in Bludit prior to 3.9.1 allows unauthorized password changes User Account Enumeration Vulnerability in HumHub Social Network Kit Enterprise v1.3.13 SeedDMS before 5.1.11 Unvalidated File Upload Remote Command Execution Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in SeedDMS before 5.1.11 via name field in out/out.UsrMgr.php Session ID Disclosure Vulnerability in OTRS Community Edition 5.0.x - 6.0.x Deserialization of Untrusted Data in TYPO3 8.x and 9.x Cross-Site Scripting (XSS) Vulnerability in TYPO3 8.3.0 - 8.7.26 and 9.0.0 - 9.5.7 Cookie Spoofing Vulnerability in DBusServer Privilege Escalation Vulnerability in Symantec Endpoint Protection Privilege Escalation Vulnerability in Symantec Messaging Gateway (prior to 10.7.1) Tamper Protection Bypass Vulnerability in Symantec SONAR Component Information Disclosure Vulnerability in Symantec Reporter Web UI 10.3: Unauthorized Password Access Cross-Site Scripting (XSS) Vulnerability in Symantec My VIP Portal Unintentional Information Disclosure Vulnerability in Norton Password Manager Password Protection Bypass Vulnerability in Symantec Endpoint Protection (SEP) Prior to 14.2 RU2 Privilege Escalation Vulnerability in Symantec Endpoint Protection Unsigned Code Execution Vulnerability in Symantec Endpoint Protection Privilege Escalation Vulnerability in Symantec Endpoint Protection Manager and Symantec Mail Security for MS Exchange Deserialization Vulnerability in Parso: Arbitrary Code Execution via Cache Grammar Parsing Code Injection Vulnerability in PyXDG Menu XML Parsing Ghost Touch Vulnerability: Exploiting Touchscreen Anomalies in Xiaomi Mi 5s Plus Devices Insecure Storage of Recorded Video in Security Camera CZ Android App Vulnerability: Unauthorized Manipulation of Joomla! Update Server URL CSV Injection Vulnerability in Joomla! before 3.9.7 XSS Vulnerability in Joomla! Subform Fieldtype Arbitrary Command Execution Vulnerability in D-Link DAP-1650 Devices Authentication Bypass Vulnerability in D-Link DAP-1650 Devices Cross-Site Request Forgery Vulnerability in SolarWinds Serv-U Managed File Transfer (MFT) Web Client Windows Audio Service Elevation of Privilege Vulnerability Command Injection Vulnerability in ThinStation 6.1.1 via Shell Metacharacters Arbitrary Content Embedding Vulnerability in Verint Impact 360 15.1 Stored XSS Vulnerabilities in ENTTEC Datagate Mk2 70044_update_05032019-482 High-privileged root access vulnerability in ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 Hard-coded SSH Backdoor Vulnerability in ENTTEC Devices Insecure Directory Permissions on ENTTEC Devices with Firmware 70044_update_05032019-482 Arbitrary File Overwrite Vulnerability in libqb before 1.0.5 Windows Unistore.dll Elevation of Privilege Vulnerability Command Injection Vulnerability in Belkin Wemo Enabled Crock-Pot via SetSmartDevInfo Action Insecure HTTP to HTTPS Redirection Vulnerability in Django Authorization Bypass Vulnerability in Pinboard Updates in ThoughtSpot Open Redirect Vulnerability in Verint Impact 360 15.1 Cross-Site Request Forgery (CSRF) Vulnerability in Verint Impact 360 15.1 Command Injection Vulnerability in D-Link DIR-818LW Devices Command Injection Vulnerability in D-Link DIR-818LW Devices Buffer Overflow Vulnerability in Photodex ProShow Producer v9.0.3797 Root Privilege Escalation and Permanent Device Modification Vulnerability in Actiontec T2200H T2200H-31.128L.08 Heap-based Buffer Over-read in r_egg_lang_parsechar Function of radare2 Vulnerability: Directory Traversal in Vesta Control Panel v-list-user Script Command Injection Vulnerability in Vesta Control Panel 0.9.8-24: Remote Root Privilege Escalation Vulnerability: Unauthorized Credential Reset by Organization Admins in MISP 2.4.108 Privilege Escalation via Unauthenticated D-Bus Method Calls in gvfsd Hardcoded PIN in ELM327 OBD2 Bluetooth Device Allows Arbitrary Commands to Vehicle OBD-II Bus MuJS 1.0.5 - Regular Expression Program Size Overflow Vulnerability Arbitrary Deserialization Remote Code Execution in Shopware through 5.6.x LNK Remote Code Execution Vulnerability in Microsoft Windows Stored XSS Vulnerability in SeedDMS 5.1.11 via GROUP Name in out/out.GroupMgr.php Denial of Service and Memory Access Vulnerability in radare2 through 3.5.1 Unrestricted File Upload and Remote Code Execution in Hunesion i-oneNet Lack of Update File Integrity Checking in Hunesion i-oneNet Allows for Malicious Update Exploitation Arbitrary Command Execution via NCSOFT Game Launcher Custom Protocol Handler Stack-Based Buffer Overflow Vulnerability in UniSign 2.0.4.0 and Earlier Versions Stack-based Buffer Overflow Vulnerability in Alzip 10.83 and Earlier Versions Local Privilege Escalation Vulnerability in ALTOOLS Update Service 18.1 and Earlier Versions Arbitrary File Download and Execution Vulnerability in Yes24ViewerX ActiveX Control ALSee v5.3 ~ v8.39 .PSD Parsing Out of Bounds Write Vulnerability Arbitrary Command Execution via ActiveX Control ShellOpen Method in MyBuilder Arbitrary Command Execution via Crafted Configuration File in MyBuilder Viewer Cleartext Key and Salt Vulnerability in Digital Persona U.are.U 4500 Fingerprint Reader v24 Polymorphic Typing Vulnerability in FasterXML jackson-databind 2.x through 2.9.9 Arbitrary File Copy Vulnerability in ProFTPD Mod_Copy: Remote Code Execution and Information Disclosure Arbitrary Code Execution via Crafted Module Name in ZNC Unrestricted Virtual Memory Access in PowerPC Linux Kernel NULL pointer dereference vulnerability in nfc_llcp_build_tlv function Use-after-free vulnerability in __mdiobus_register() function in Linux kernel before 5.0 allows denial of service Windows Common Log File System Driver Sandbox Bypass Vulnerability Unencrypted HTTP Communication Vulnerability in Shenzhen Jisiwei i3 Robot Vacuum Cleaner App 2.0 Predictable QR-code vulnerability in Shenzhen Jisiwei i3 Robot Vacuum Cleaner App 2.0 HTTP Header Parsing Vulnerability in Embedthis GoAhead XML Feed XSS Vulnerability in Craft CMS before 3.1.31 Unauthorized Access to Docker Registries in GitLab Enterprise 12.0.0-pre Cross-Site Request Forgery (CSRF) Vulnerability in 2by2host Widget Logic Plugin for WordPress Buffer Overflow Vulnerability in res_pjsip_messaging in Digium Asterisk Versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0, and Earlier Remote Code Execution via Origin URI Scheme Injection Buffer Overflow Vulnerability in radare2 RParse API Memory Object Disclosure Vulnerability in Microsoft Graphics Components Nested Video MyCode Persistent XSS Vulnerability in MyBB before 1.8.21 MyBB Theme Import Stylesheet Name Remote Code Execution Vulnerability DOM Injection Vulnerability in HT2 Labs Learning Locker 3.15.1 Out-of-Bounds Write Vulnerability in xml_memory_writer::write in Leanify 0.4.3 URL/Link Forgery Vulnerability in Bobronix JEditor for Jira Information Disclosure Vulnerability in Java API of accesuniversitat.gencat.cat 1.7.5 SQL Injection Vulnerability in SchedMD Slurm 17.11.x, 18.08.0-18.08.7, and 19.05.0 Arbitrary Command Execution Vulnerability in OrangeHRM 4.3.1 and Earlier DirectX Memory Handling Vulnerability Arbitrary Command Execution with Root Privileges in Webmin Package Updates Module ZIP Extraction Vulnerability in JetBrains TeamCity Reflected XSS Vulnerability Patched in JetBrains TeamCity 2018.2.2 Stored JavaScript Injection Vulnerability in JetBrains TeamCity 2018.2.3 Stored JavaScript Injection Vulnerability in JetBrains TeamCity 2018.2.3 Unencrypted Connection Vulnerability in JetBrains TeamCity 2018.2.3 Unauthorized Access to JetBrains TeamCity Settings in Versions Prior to 2018.2.2 Cleartext Password Exposure in JetBrains Hub SMTPSettings Audit Events Win32k Object Handling Elevation of Privilege Vulnerability Query Injection Vulnerability Patched in JetBrains YouTrack 2018.4.49168 CSRF Vulnerability in JetBrains YouTrack Admin Endpoint SSRF Vulnerability Patched in JetBrains YouTrack 2018.4.49168 Squid cachemgr.cgi Denial of Service Vulnerability Unverified Certificate Vulnerability in Twisted XMPP Support Windows GDI Memory Disclosure Vulnerability Stored HTML Injection in SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) via Web Console Settings SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) Information Leakage Vulnerability Double Free Vulnerability in cmd_mount of radare2 through 3.5.1 Insecure Direct Object Reference and Authorization Bypass in JetBrains YouTrack (Fixed in 2018.4.49168) Privilege Escalation Vulnerability in JetBrains YouTrack Issue Attachments Remote Command Execution in MISP 2.4.109 via Super Administrator Privileges Vulnerability: Out-Of-Bounds Read, Information Disclosure, and Remote Code Execution in PHOENIX CONTACT PC Worx and Config+ Windows Network Connectivity Assistant Elevation of Privilege Vulnerability Uninitialized Pointer Vulnerability in PHOENIX CONTACT PC Worx and Config+ Use-After-Free and Remote Code Execution Vulnerability in PHOENIX CONTACT PC Worx and Config+ SQL Injection Vulnerability in dotCMS before 5.1.6 via view_unpushed_bundles.jsp Double Free Vulnerability in VLC Media Player's Matroska Demuxer Unprivileged Member Package Injection Vulnerability in Alpine Linux abuild Insecure Permissions in Zoho ManageEngine Suite: Privilege Escalation Vulnerability Clickjacking Vulnerability in BCN Quark Quarking Password Manager 3.1.84: Allowing * within web_accessible_resources NULL pointer dereference vulnerability in i915_gem_userptr_get_pages in Linux kernel 4.15.0 on Ubuntu 18.04.2 Incorrect Access Control in KeyIdentity LinOTP before 2.10.5.3 Unauthenticated Privilege Escalation in SailPoint Desktop Password Reset 7.2 Windows Update Delivery Optimization Elevation of Privilege Vulnerability Unauthenticated Database Operations in RedwoodHQ 2.5.5 User Mode Write AV Vulnerability in Alternate Pic View 2.600 Read Access Violation Vulnerability in Alternate Pic View 2.600 Corrupted Exception Handler Chain Vulnerability in Alternate Pic View 2.600 Heap Corruption Vulnerability in Edraw Max 7.9.3 Read Access Violation Vulnerability in Edraw Max 7.9.3 User Mode Write AV Vulnerability in Delta Electronics DeviceNet Builder 2.04 User Mode Write AV Vulnerability in Delta Electronics DeviceNet Builder 2.04 Windows Remote Desktop Client Remote Code Execution Vulnerability Out-of-Bounds Write Vulnerability in BZ2_decompress in bzip2 Directory Traversal Vulnerability in Pydio Cells before 1.5.0 Allows Privilege Escalation Incomplete Cleanup of User Data Allows Data Restoration by New User Sensitive Information Exposure in Pydio Cells before 1.5.0 via Unicode Name Field Flush-and-Reload Side-Channel Vulnerability in Libgcrypt 1.8.4 AES C Implementation XSS Vulnerability in FileRun 2019.05.21 Windows Remote Desktop Client Remote Code Execution Vulnerability Authentication Token Extraction Vulnerability in Redbrick Shift through 3.4.3 Email Extraction Vulnerability in Redbrick Shift through 3.4.3 Email Extraction Vulnerability in Redbrick Shift through 3.4.3 Authentication Token Extraction Vulnerability in Redbrick Shift through 3.4.3 Reflected XSS Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 SQL Injection Vulnerability in Quest KACE Systems Management Appliance Server Center version 9.1.317 Unauthenticated Access to Video Archive on Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 Devices Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Hardcoded Root Password Vulnerability in Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 Devices Arbitrary File Read Vulnerability in GraphicsMagick before 1.3.32 CSRF Vulnerability in phpMyAdmin 4.9.0.1 Allows Unauthorized Server Deletion CSRF Bypass Vulnerability in MailEnable Enterprise Premium 10.23 XML External Entity Injection (XXE) Vulnerability in MailEnable Enterprise Premium 10.23 Directory Traversal Vulnerabilities in MailEnable Enterprise Premium 10.23 Inadequate Access Control Vulnerability in MailEnable Enterprise Premium 10.23 Stored and Reflected Cross-Site Scripting (XSS) Vulnerability in MailEnable Enterprise Premium 10.23 QEMU QMP Command Injection Vulnerability QEMU 4.0.0 and Earlier: QMP Guest_Exec Command OS Command Injection Vulnerability Windows SMB Client Driver Memory Object Disclosure Vulnerability Arbitrary Web Script Injection Vulnerability in WIKINDX MENU.php Stored XSS Vulnerability in SeedDMS 5.1.11: Autocomplete Search Form Escaping Issue Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability in wp-code-highlightjs Plugin XSS Vulnerability in Shopware Backend Login DNS Rebinding Vulnerability in BlueStacks App Player 2, 3, and 4 Buffer Overflow in gsudo Allows Local Privilege Escalation via DISPLAY Environment Variable Ineffective .htaccess Protection in Roundcube Component of Analogic Poste.io 2.1.6 Allows Unauthorized Access to Logs SQL Injection Vulnerability in LiveZilla Server before 8.0.1.1 via p_ext_rse parameter in server.php Windows Secure Boot Security Feature Bypass Vulnerability Denial of Service Vulnerability in LiveZilla Server 8.0.1.1: Memory Consumption in knowledgebase.php Vulnerability: Brute-Force and Dictionary Attack on AutoPi Wi-Fi/NB and 4G/LTE Devices TTLock Vulnerability: Unrestricted Guest Access in Offline Cloud Connection Scenarios TTLock Devices: Password-Reset Vulnerability and Sensitive Information Disclosure Vulnerability: Unrestricted Guest Access in Glue Smart Lock 2.7.8 Devices SQL Injection Vulnerability in Elcom CMS before 10.7 via EventSearchByState.aspx and EventSearchAdv.aspx Polycom UC Software: Remote Code Execution and DoS Vulnerability Arbitrary Code Execution via XSS in pfSense 2.4.4-p2 and 2.4.4-p3 Unsafe Data Input Vulnerability in Microsoft SharePoint Cross-Site Scripting (XSS) Vulnerability in TeamPass 2.1.27.35 via Crafted CSV File Import Critical Heap-Based Buffer Overflow in Mongoose's parse_mqtt() Function Inconsistent Failure Delay Vulnerability in Dropbear 2011.54 through 2018.76 SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, NetPath 1.1.3) Authenticated XSS Vulnerability via Crafted onerror Attribute in ALERT Action Buffer Over-read Vulnerability in Xpdf 4.01.01's FoFiType1C::convertToType1 Function Heap-Based Buffer Over-Read Vulnerability in Xpdf 4.01.01 SSRF Vulnerability in Zoho ManageEngine AssetExplorer 6.2.0 and Earlier Unsafe Data Input Vulnerability in Microsoft SharePoint SQL Injection Vulnerability in LiveZilla Server before 8.0.1.1 via p_dt_s_d Parameter CSV Injection Vulnerability in LiveZilla Server Export Function XSS Vulnerability in LiveZilla Server 8.0.1.1 and Earlier via Accept-Language Header XSS Vulnerability in LiveZilla Server's chat.php Create Ticket Action XSS Vulnerability in LiveZilla Server Ticket.php Subject Field Arbitrary Code Execution Vulnerability in FeHelper (CVE-2019-XXXX) Incorrect Access Control in Stephan Mooltipass Moolticute through 0.42.1 Vulnerability in Sonic Robo Blast 2 (SRB2) Plugin Allows Remote Crash in Doomseeker Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in SquirrelMail 1.4.22 and 1.5.x Unrestricted File Upload Vulnerability in BKS EBK Ethernet-Buskoppler Pro before 3.01 Heap-based Buffer Over-read in GNU Binutils 2.32 Excessive Iteration Denial of Service Vulnerability in OpenJPEG 2.3.1 NULL Pointer Dereference Vulnerability in ImageMagick 7.0.8-34 Memory Leak Vulnerability in ImageMagick 7.0.8-34's WriteDPXImage Function Memory Leak in ImageMagick's ReadPCLImage Function Uninitialized Value Vulnerability in ImageMagick 7.0.8-34 WriteJP2Image Function Uninitialized Value Vulnerability in ImageMagick 7.0.8-34's ReadPANGOImage Function Uninitialized Value Vulnerability in ImageMagick 7.0.8-34's SyncImageSettings Function Chakra Scripting Engine Remote Code Execution Vulnerability Integer Overflow in SWFInput_readSBits Function in Ming 0.4.8 Fill Overflow Vulnerability in Ming (libming) 0.4.8 Heap Buffer Overflow and Underflow in libming 0.4.8's decompileCAST Function in util/decompile.c NULL Pointer Dereference Vulnerability in Linux Kernel NFC Netlink Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 1 of 6) Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 2 of 6) Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 3 of 6) Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 4 of 6) SQL Injection Vulnerability in Citrix SD-WAN and NetScaler SD-WAN Edge HTML Information Disclosure Vulnerability Directory Traversal Vulnerability in Citrix SD-WAN and NetScaler SD-WAN Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 5 of 6) Improper Input Validation in Citrix and NetScaler SD-WAN (Issue 6 of 6) SSRF Vulnerability in Zoho ManageEngine AssetExplorer 6.2.0 via AJaxServlet Access Token Mishandling in Istio 1.2.2: Exploitable Segmentation Fault in jwt_authenticator.cc XML Import Mappings Vulnerability: Unsafe DOCTYPE Declarations in Mendix 7.23.5 and Earlier Privilege Escalation via Environment Variable Injection in Loopchain C-Lightning Vulnerability: Incorrect Access Control Leads to Fund Loss Incorrect Access Control in Lightning Network Daemon (lnd) before 0.7 leads to fund loss vulnerability. Chakra Scripting Engine Remote Code Execution Vulnerability Eclair 0.3 Vulnerability: Loss of Funds Due to Incorrect Access Control Unauthorized Comment Addition in GitLab Snippets Unauthorized Access to Pipeline Information in GitLab Community and Enterprise Edition 11.10 through 12.0.2 GitLab CI Vulnerability: Uncontrolled Resource Consumption in Parser Improper Handling of Encoded Characters Leads to Comments Section Inaccessibility (Issue 1 of 2) Unauthorized Disclosure of Restricted User, Group, and Repository Metadata in GitLab Incorrect Access Control Allows Unauthorized Access to Merge Request Information Uncontrolled Resource Consumption in GitLab Community and Enterprise Edition 11.11 through 12.0.2 Improper Permission Settings in GitLab Community and Enterprise Edition Allows Unauthorized Access to Uploaded Files .NET Core Denial of Service Vulnerability GitLab Enterprise Edition 8.3 through 12.0.2 Color Codes Decoder Resource Depletion Vulnerability Excessive Algorithmic Complexity in GitLab Merge Requests Template Names Enumeration Insecure Directory and File Permissions in GNOME GLib (glib2.0) Local Privilege Escalation Vulnerability in Little Snitch Versions 4.3.0 to 4.3.2 Vulnerability in Little Snitch Privileged Helper Tool Allows Persistence ASP.NET Core Elevation of Privilege Vulnerability Tightrope Media Carousel before 7.1.3 Vulnerability: SSRF in CarouselAPI/v0/fetch?url= Unprotected Storage of Administrative Passwords in Bond JetSelect Vulnerability: Privilege Escalation in Bond JetSelect through Password Reversal HTML Password Field Obfuscation Vulnerability in Bond JetSelect Arbitrary Command Execution in Centreon Monitoring System Improper Input Validation in Compal CH7465LG Cable Modem Allows Remote Command Execution SQL Injection Vulnerability in OXID eShop 6.0.x and 6.1.x SQL Injection Vulnerability in Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 Remote Code Execution and File Deletion Vulnerability in eID Client Web Server Stored Cross-site scripting (XSS) vulnerabilities in REDCap 8 and 9 before 8.10.20 and 9.1.2 Windows AppX Deployment Server Junction Handling Elevation of Privilege Vulnerability Uncontrolled Admin Access and Information Disclosure in eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' XML External Entity (XXE) Vulnerability in LemonLDAP::NG Notification Server NULL Pointer Dereference Vulnerability in FlightCrew Library License Key Exposure during Data Upload in CISOfy Lynis Local Privilege Escalation in Artica Pandora FMS 7.0 NG before 735 Open Redirect Vulnerability in mod_auth_mellon through 0.14.2 via login?ReturnTo= substring Use After Free Vulnerability in Irssi with SASL Login Insecure LD_LIBRARY_PATH Handling in ToaruOS Linker Arbitrary Kernel Page Mapping Vulnerability in ToaruOS Denial of Service Vulnerability in ToaruOS Kernel/sys/syscall.c Arbitrary Kernel Page Mapping Vulnerability in ToaruOS 1.10.10 Team Foundation Server Cross-site Scripting Vulnerability Persistent Denial of Service Vulnerability in SKS Keyserver Network Command Injection Vulnerability in Pi-Hole 4.3 Live Decryption Vulnerability in Logitech Unifying Devices: Exploiting Sniffed Pairing for Keyboard Receiver Logitech Unifying Devices Vulnerability: Keystroke Injection and Encryption Bypass Logitech R500 Presentation Clicker Vulnerability: AES Key Disclosure and Keystroke Injection Logitech Unifying Devices Vulnerability: Live Decryption of RF Transmissions via AES Key Dumping CSRF Vulnerability in CyberPanel Allows Unauthorized Modification of Administrator Credentials OpenLDAP Server Privilege Escalation Vulnerability Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability File Disclosure and Remote File Inclusion Vulnerability in Sahi Pro 8.0.0 Reflected XSS Vulnerability in Sahi Pro 8.0.0 Script Manager Arena Buffer Over-read Vulnerability in njs through 0.3.3 HTML Injection in Panel Drilldown Links in Grafana before 6.2.5 Local Privilege Escalation to SYSTEM via Insecure ProgramData Folder in extenua SilverSHielD 6.x Chakra Scripting Engine Remote Code Execution Vulnerability Stored XSS Vulnerability in CyberPower PowerPanel Business Edition 3.4.0 Agent/Center Component CSRF Vulnerability in CyberPower PowerPanel Business Edition 3.4.0 Agent/Center Component Stored XSS vulnerability in ZoneMinder 1.32.3 Filters Page (Name Field) Memory Exhaustion Vulnerability in MikroTik Router FTP Daemon Tor Browser Information Exposure Vulnerability SQL Injection Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 XSS Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 SQL Injection Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 SQL Injection Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 Chakra Scripting Engine Remote Code Execution Vulnerability XSS Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 XSS Vulnerability in Quest KACE Systems Management Appliance Server Center 9.1.317 Remote Code Execution in Chamilo LMS 1.11.8 and 2.x through Unauthenticated File Upload XnView Classic 2.48 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in XnView Classic 2.48 User Mode Write AV Vulnerability in XnView Classic 2.48 SQL Injection Vulnerability in CSZ CMS 1.2.2: Bypassing CSRF Protection in member/login/check Endpoint Windows Hyper-V Network Switch Privilege Escalation Vulnerability Insecure Storage of User Wallet Keystore in TronLink Wallet 2.2.0 Insecure Input Verification in Cat Runner Decorate Home API Insecure Password Logging in TronLink Wallet 2.2.0 Insecure Storage of Confidential Information in Momo Application 2.1.9 for Android Windows Hyper-V Network Switch Privilege Escalation Vulnerability Insecure Storage of Confidential Information in Send Anywhere Android App Unauthenticated Access and Data Modification Vulnerability in D-Link DIR-600M Devices Infinite Recursion Vulnerability in Das U-Boot Versions through 2019.07-rc4 Stack Overflow Vulnerability in Das U-Boot Versions 2016.11-rc1 through 2019.07-rc4 Double-Free Vulnerability in Das U-Boot Versions 2019.07-rc1 through 2019.07-rc4 Stack Buffer Overflow in Das U-Boot Versions 2016.09 through 2019.07-rc4 Multiple Integer Overflows in MATIO Library (Versions < 1.5.16) Integer Overflow Denial of Service Vulnerability in Exiv2 Integer Overflow Vulnerability in Exiv2: Denial of Service via Crafted PNG Image Windows Imaging API Remote Code Execution Vulnerability Integer Overflow and Out-of-Bounds Read Vulnerability in Exiv2 (CVE-2020-13139) WebPImage::decodeChunks Integer Overflow Vulnerability Uncontrolled Memory Allocation Vulnerability in Exiv2 through 0.27.1 Denial of Service Vulnerability in Exiv2 through 0.27.1 via Invalid Data Location in CRW Image File Denial of Service Vulnerability in Exiv2 HTTP Module Integer Overflow in libssh2's kex_method_diffie_hellman_group_exchange_sha256_key_exchange Java Deserialization Vulnerability in MuleSoft Mule Community Edition Runtime Engine before 3.8 Uninitialized Read Vulnerability in xsl:number Format Strings in libxslt 1.1.33 Stack Data Read Vulnerability in libxslt 1.1.33 Arbitrary Memory Leakage Vulnerability in Amazon FreeRTOS MQTT Message Handling SSRF Vulnerability in GitLab Enterprise Edition: Incorrect Access Control in GitHub Project Integration Cross Site Scripting (XSS) Vulnerability in Patchwork v1.1 through v2.1.x Uncontrolled Recursion Vulnerability in Foxit Reader 9.6.0.25114 and Earlier Uncontrolled Recursion Vulnerabilities in Foxit Reader 9.6.0.25114 and Earlier PIE Compilation Vulnerability in Tencent Habo Allows Evasion of Dynamic Malware Analysis Integer Overflow Vulnerability in NATS Server 2.0.2 and Earlier XSS Vulnerability in mxGraph Plugin for draw.io Diagrams Command Injection Vulnerability in D-Link DIR-823G Firmware 1.02B03 Stack Consumption Vulnerability in Motorola Router CX2L MWR04L 1.01 scopd via TCP and UDP Ports 8010 and 8080 SQL Server Management Studio Information Disclosure Vulnerability Remote Command Execution in Super Micro SuperDoctor 5 via NRPE Stack Overflow Vulnerability in ZeroMQ libzmq Memory Leak Vulnerability in ImageMagick's ReadBMPImage Function Memory Leak Vulnerability in ImageMagick's ReadVIFFImage Function Uninitialized Value Vulnerability in ImageMagick's ReadCUTImage Function Integer Overflow Vulnerability in ImageMagick's TIFFSeekCustomStream Function Memory Leak Vulnerability in ImageMagick's ReadPSImage Function Command Injection in Docker Build Process via Remote Git URLs Cortana Lock Screen File Access Vulnerability in Windows 10 Mobile JUCI ACL Misconfiguration in Inteno EG200 Routers Allows Extraction of 3DES Key Elevation of Privilege Vulnerability in Razer Surround 1.1.63.0 Vulnerability: Unauthenticated Ownership Takeover in Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3 CSV Injection Vulnerability in myTinyTodo 1.3.3 through 1.4.3 Unvalidated Input Vulnerability in field_test Gem 0.3.0 for Ruby NULL Pointer Dereference Vulnerability in Audio File Library 0.3.6 Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Windows Error Reporting Manager Hard Link Elevation of Privilege Vulnerability Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Command Injection Vulnerability in TRENDnet TEW-827DRU Firmware Stack-Based Buffer Overflow in NDrive(1.2.2).sys in Naver Cloud Explorer Arbitrary File Overwrite Vulnerability in Naver Vaccine 2.1.4 Windows Setup Privilege Escalation Vulnerability Denial of Service Vulnerability in Asterisk Open Source through 16.4.0 Fujitsu TLS Library Man-in-the-Middle Vulnerability QEMU Network Interface Name ACL Bypass Vulnerability Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 IPP Service Account Lockout Vulnerability in Xerox Phaser 3320 V53.006.16.000 Printers Multiple Stored XSS Vulnerabilities in Xerox Web Application: Session Hijacking and Unwanted Actions Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 IPP Service Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 Printers Windows Hard Link Handling Vulnerability Xerox Phaser 3320 V53.006.16.000 Printer CSRF Vulnerability Stack-based Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 Printer's Google Cloud Print Implementation Buffer Overflow Vulnerability in Xerox Phaser 3320 V53.006.16.000 Printers' Authentication Cookie Arbitrary File Overwrite Vulnerability in fstream.DirWriter() Function Open Redirect Vulnerability in Read the Docs (Versions before 3.5.1) XXE Vulnerability in 3CX Phone System Management Console Static String Misuse in Verification Process of Django REST Registration Library Race Condition in LUKS Encryption Keyfile Creation and Permission Setting in Calamares versions 3.1 through 3.2.10 Insecure Keyfile Copying in Calamares Versions 3.1 through 3.2.10 TLS Session Spoofing Vulnerability CSV Injection Vulnerability in SolarWinds Serv-U FTP Server v15.1.7 Web UI Stored XSS Vulnerability in SolarWinds Serv-U FTP Server 15.1.7 Web UI CSRF Vulnerability in Flarum before 0.1.0-beta.9 Allows Unauthorized Admin Settings Modification Stored XSS vulnerability in MiniCMS V1.10 via tags box leading to cookie theft Unauthenticated Arbitrary File Upload Vulnerability in Symphony CMS Rich Text Formatter Extension Unauthenticated User Access Control Bypass in Knowage through 6.1.1 XSS Vulnerability in Knowage through 6.1.1 via start_url or user_id Field in ChangePwdServlet Page Windows Error Reporting File Execution Elevation of Privilege Vulnerability CAPTCHA Bypass Vulnerability in Knowage through 6.1.1 Signup Page SQL Injection Vulnerability in IntraMaps MapControl 8 via /ApplicationEngine/Search/Refine/Set Page Heap Buffer Overflow Vulnerability in Brother Printers' IPP Service Stack Buffer Overflow Vulnerability in Brother HL-L8360CDW v1.20 Printer Web Server Information Disclosure Vulnerabilities in Brother HL-L8360CDW v1.20 Printer Path Traversal Vulnerability in Kyocera Printer Web Application Buffer Overflow Vulnerability in Kyocera Printers: Remote Code Execution and Denial of Service Exploit Buffer Overflow Vulnerability in Kyocera ECOSYS M5526cdw Printer Stored XSS Vulnerability in Kyocera Printer Web Application CSRF Vulnerability in Kyocera Printers Allows Local Account Takeover Windows Authentication Handling Elevation of Privilege Vulnerability Reflected XSS Vulnerability in Kyocera Printer Web Application Allows Session Hijacking and Unwanted Actions Buffer Overflow Vulnerability in Kyocera ECOSYS M5526cdw LPD Service Buffer Overflow Vulnerability in Kyocera ECOSYS M5526cdw Printers Kyocera Printer Integer Overflow Vulnerability: Remote Code Execution and Denial of Service Multiple Buffer Overflow Vulnerabilities in Kyocera ECOSYS M5526cdw IPP Service Unauthenticated Access to Sensitive Configuration Files in Kyocera Printers Buffer Overflow Vulnerability in Kyocera Printers: Document Boxes Functionality Stack-based Buffer Overflow in dname_concatenate() function in NSD 4.2.0 Privilege Escalation via WavesSysSvc in Waves MAXX Audio Rancher 2 through 2.2.4 Cross-Site Websocket Hijacking Vulnerability Windows CloudStore File DACL Elevation of Privilege Vulnerability Heap Buffer Overflow in stb_vorbis: Arbitrary Code Execution via Crafted Ogg Vorbis File Division by Zero Vulnerability in stb_vorbis: Denial of Service via Crafted Ogg Vorbis File NULL Pointer Dereference Vulnerability in stb_vorbis: Denial of Service via Crafted Ogg Vorbis File Windows Authentication Handling Elevation of Privilege Vulnerability Uninitialized Stack Variables Vulnerability in stb_vorbis: Denial of Service and Information Disclosure Stack Buffer Overflow in stb_vorbis: Denial of Service and Arbitrary Code Execution Out-of-Bounds Read Vulnerability in stb_vorbis Allows Denial of Service and Information Disclosure Denial of Service Vulnerability in stb_vorbis through 2019-03-04 Use-After-Free Vulnerability in Oniguruma 6.9.2 Allows Information Disclosure, Denial of Service, and Possible Code Execution NULL Pointer Dereference Vulnerability in Oniguruma 6.9.2 Race condition vulnerability in deepin-clone allows for arbitrary file system mounting and denial of unmount Symlink Attack Vulnerability in deepin-clone Privilege Escalation via Symlink Attack in deepin-clone Symlink Attack Vulnerability in deepin-clone Windows Update Client Privilege Escalation Vulnerability Denial of Service Vulnerability in Info-ZIP UnZip 6.0: The 'Better Zip Bomb' Issue Race Condition Vulnerability in Linux Kernel Allows Use-After-Free Access to LDT Entry XSS Vulnerability in Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5 Search Engine XSS Vulnerability in Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5 Login Form Multiple Reflected and Stored XSS Vulnerabilities in Alkacon OpenCms 10.5.4 and 10.5.5 Management Interface Multiple Local File Inclusion Vulnerabilities in Alkacon OpenCms 10.5.4 and 10.5.5 Memory Allocation Failure in Bento4 1.5.1.0 Leads to Crashes Cross-Site Scripting (XSS) Vulnerability in User Picture of GLPI before 9.4.3 IPv6 Flowlabel Information Disclosure Vulnerability Password Reset Vulnerability in GLPI Directory Traversal Vulnerability in FlightCrew v0.9.2 and Older IrfanView 4.52 User Mode Write AV Vulnerability IrfanView 4.52 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in FastStone Image Viewer 7.0 User Mode Write AV Vulnerability in FastStone Image Viewer 7.0 User Mode Write AV Vulnerability in FastStone Image Viewer 7.0 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability User Mode Write AV Vulnerability in ACDSee Free 1.1.21 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 User Mode Write AV Vulnerability in ACDSee Free 1.1.21 XnView Classic 2.48 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in XnView Classic 2.48 User Mode Write AV Vulnerability in XnView Classic 2.48 User Mode Write AV Vulnerability in XnView Classic 2.48 XnView Classic 2.48 User Mode Write AV Vulnerability XnView Classic 2.48 User Mode Write AV Vulnerability XnView Classic 2.48 User Mode Write AV Vulnerability Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability XnView Classic 2.48 User Mode Write AV Vulnerability XnView Classic 2.48 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in XnView Classic 2.48 Insufficient Compartmentalization in D-link DIR-825AC G1 Devices Allows Cross-Router Data Encoding via DHCP Transaction ID Field Insufficient Compartmentalization in D-link DIR-825AC G1 Devices: Exploiting IGMP Protocol for Unauthorized Data Transfer ARP Forwarding Vulnerability in D-link DIR-825AC G1 Devices Allows Covert Channel Communication Insufficient Compartmentalization in TP-Link Archer C3200 V1 and Archer C2 V1 Devices: Cross-Router Data Encoding Vulnerability Insufficient Compartmentalization in TP-Link Archer C3200 V1 and Archer C2 V1 Devices: Unauthorized Data Transfer via IGMP Protocol Insufficient Compartmentalization and ARP Forwarding Vulnerability in TP-Link Archer C3200 V1 and Archer C2 V1 Devices Insufficient Compartmentalization in Edimax BR-6208AC V1 Devices Allows Cross-Router Data Encoding via DHCP Transaction ID Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-XXXX) Insufficient Compartmentalization in Edimax BR-6208AC V1 Devices Allows Unauthorized Data Transfer between Host and Guest Networks Insufficient Compartmentalization in Edimax BR-6208AC V1 Devices: ARP Forwarding Covert Channel Vulnerability Privilege Escalation via ptrace_link in Linux Kernel Buffer Overflow Vulnerability in Xymon CSVInfo CGI Script XSS Vulnerability in Xymon CSVInfo CGI Script Unauthenticated Blind SQL Injection in VeronaLabs wp-statistics Plugin Stack-based Buffer Overflow in TRENDnet TEW-827DRU Firmware 2.04B03 Unauthenticated Remote Setup Wizard Execution Vulnerability in TRENDnet TEW-827DRU Firmware up to 2.04B03 Multiple Command Injections in TRENDnet TEW-827DRU Firmware 2.04B03 Multiple Stack-Based Buffer Overflows in TRENDnet TEW-827DRU Firmware 2.04B03 Microsoft SharePoint Spoofing Vulnerability Stack-based Buffer Overflow in TRENDnet TEW-827DRU Firmware 2.04B03: Remote Code Execution Heap-based Buffer Overflow in Xpdf 4.01.01's DCTStream::decodeImage() Function Heap-based Buffer Over-read Vulnerability in Xpdf 4.01.01 Heap-based Buffer Over-read in Xpdf 4.01.01's FoFiType1::parse Function Host Header Injection Vulnerability in CoSoSys Endpoint Protector 5.1.0.2 Heap-based Buffer Over-read in Xpdf 4.01.01's JBIG2Stream::readTextRegionSeg() Function Out-of-Bounds Read Vulnerability in Xpdf 4.01.01's SplashXPath::strokeAdjust() Function Infinite Recursion DoS Vulnerability in Xpdf 4.01.01 Use-after-free vulnerability in Xpdf 4.01.01's JBIG2Stream::close() function Microsoft SharePoint Server Elevation of Privilege Vulnerability Heap-based Buffer Overflow in Artifex MuPDF 1.15.0's fz_append_display_node Function Heap-based Buffer Over-read Vulnerability in Xpdf 4.01.01's DCTStream::readScan() Function SQL Injection Vulnerability in webERP 4.15 Payments.php Command Execution Vulnerability in AROX School-ERP Pro: Unauthenticated User Command Execution Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Direct Memory Leaks in ImageMagick 7.0.8-50 Q16: Vulnerability in AcquireMagickMemory Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Heap-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Exploiting SetPixelViaPixelInfo in MagickCore/pixel-accessor.h Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Microsoft SharePoint Elevation of Privilege Vulnerability Heap-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Mishandling of Columns in EvaluateImages Memory Leaks in ImageMagick 7.0.8-50 Q16: Exploiting AnnotateImage Error Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Stack-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Misplaced Assignment in WritePNMImage Stack-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Misplaced strncpy and Off-by-One Error in WritePNMImage Stack-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: Exploiting Off-by-One Errors in WritePNMImage Heap-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16: EvaluateImages Vulnerability Heap-Based Buffer Overflow in ImageMagick 7.0.8-50 Q16's ComplexImage Function Memory Leaks in ImageMagick 7.0.8-50 Q16: Vulnerability in AcquireMagickMemory Microsoft Excel Remote Code Execution Vulnerability Memory Leaks in ImageMagick 7.0.8-50 Q16: Vulnerability in MagickWand/mogrify.c Memory Leaks in ImageMagick 7.0.8-50 Q16: AcquireMagickMemory Vulnerability Heap-Based Buffer Over-Read in block_cmp() Function in FFmpeg 4.1.3 Local Privilege Escalation: Credentials Exposure via libosinfo 1.5.0 Process Listing Local Privilege Escalation: Root Password Disclosure in virt-bootstrap 1.1.0 Remote Code Execution Vulnerability in Foxit Reader 9.5.0.20723 (ZDI-CAN-8656) Remote Code Execution Vulnerability in Foxit PhantomPDF 9.5.0.20723 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.5.0.20723 Remote Code Execution Vulnerability in Foxit Reader 9.5.0.20723 via util.printf Method Arbitrary Code Execution via XFA Forms Processing in Foxit Reader 9.5.0.20723 Microsoft SQL Server Reporting Services XSS Vulnerability Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Captive Portal HTML Response Remote Code Execution Vulnerability in Xiaomi Browser Arbitrary Code Execution via Xiaomi Browser Prior to 10.4.0 Arbitrary Code Execution via TIF File Handling in Foxit Studio Photo 3.6.6.909 Arbitrary Code Execution via TIFF File Handling in Foxit Studio Photo 3.6.6.909 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.909 via EPS File Handling (ZDI-CAN-8922) Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Arbitrary Code Execution via Type Confusion in Foxit Reader 9.5 Critical Remote Code Execution Vulnerability in Windows Remote Desktop Client Arbitrary Code Execution via Type Confusion in Foxit Reader 9.5.0.20723 Arbitrary Code Execution via JPG Parsing in Foxit Reader 9.5.0.20723 Arbitrary Code Execution via XFA Form Template Processing in Foxit Reader 9.6.0.25114 Arbitrary Code Execution via DXF to PDF Conversion in Foxit PhantomPDF 9.5.0.20723 Arbitrary Code Execution via DXF to PDF Conversion in Foxit PhantomPDF 9.5.0.20723 SSRF Vulnerability in SalesAgility SuiteCRM 7.10.x and 7.11.x Remote Command Execution Vulnerability in dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 Bypassing Site-Wide Basic Authentication in WESEEK GROWI Password Hash Retrieval through Unauthorized API Calls in WESEEK GROWI Stored XSS Vulnerability in MiniCMS V1.10 Allows Cookie Theft Windows Kernel Object Memory Handling Vulnerability Stored XSS vulnerability in MiniCMS V1.10 via mc-admin/post-edit.php content box Stored XSS Vulnerability in MiniCMS V1.10 Allows Cookie Theft via mc-admin/conf.php Comment Box Pre-Authentication Path Traversal Arbitrary File Download in Butor Portal Authentication Bypass Vulnerability in CRUDLab WP Like Button Plugin XSS Vulnerability in Squid's cachemgr.cgi Web Module Cross-Site Scripting (XSS) Vulnerability in MyT 1.5.1 User[username] Parameter SAML Single Sign On Plugin Account Reactivation Vulnerability Cleartext Data Source Credentials Exposure in Knowage through 6.1.1 User Password Hashes Exposed in Knowage through 6.1.1 Chakra Scripting Engine Remote Code Execution Vulnerability Double File Descriptor Close Vulnerability in libjack in JACK2 1.9.1 through 1.9.12 Static, Hard-Coded Cryptographic Secret in WolfVision Cynap Allows Remote Password Reset Code-execution backdoor vulnerability in strong_password gem 0.0.7 for Ruby Insecure Access Control in Total Defense Anti-virus 9.0.0.773 Allows Privilege Escalation Insecure Access Control in Total Defense Anti-virus 9.0.0.773 Allows Privilege Escalation Local Privilege Escalation Vulnerability in Total Defense Anti-virus 9.0.0.773 XXE vulnerability in OpenCats allows remote file read access via uploaded docx or odt files Privilege Escalation Vulnerability in CentOS Web Panel 0.9.8.836 Windows Update Client Privilege Escalation Vulnerability Authentication Bypass Vulnerability in CentOS Web Panel 0.9.8.836 Insecure Permissions Vulnerability in Smanos W100 1.0.0 Devices Stack-Based Buffer Overflow in Codedoc v3.2's add_variable Function Cross-Site Scripting (XSS) Vulnerability in Piwigo 2.9.5 via admin.php?page=notification_by_mail Cross-Site Scripting (XSS) Vulnerability in admin.php?page=account_billing in Piwigo 2.9.5 Windows Update Client Memory Handling Vulnerability CSRF Vulnerability in Ignited CMS Allows Unauthorized Administrator Addition Arbitrary PHP Code Execution via Username Field in D-Link Central WiFi Manager CWM(100) Arbitrary SQL Execution Vulnerability in D-Link Central WiFi Manager CWM(100) Cross-Site Scripting (XSS) Vulnerability in D-Link Central WiFi Manager CWM(100) Unauthenticated SQL Injection in D-Link Central WiFi Manager CWM(100) CSRF Token Hijacking and Stored XSS in phpBB 3.2.7 Remote Avatar Feature Side-Channel Vulnerability in SAE and EAP-pwd Implementations Privilege Escalation via Default Credentials on AVTECH Room Alert 3E Devices NTLMv2 Security Feature Bypass Vulnerability XSS Vulnerability in KEYNTO Team Password Manager 1.5.0 Arbitrary File Symbolic Link Vulnerability in SnagIT 2019.1.2 Username Enumeration Vulnerability in CentOS Web Panel 0.9.8.846 File and Directory Information Exposure in CentOS Web Panel 0.9.8.840 Filemanager Hidden action=9 feature in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846 allows for remote command execution Reflected XSS Vulnerability in CentOS Web Panel 0.9.8.846's filemanager2.php (fm_current_dir Parameter) Lack of XSS Protection Mechanisms in RainLoop Webmail before 1.13.0 Windows Error Reporting Manager Hard Link Elevation of Privilege Vulnerability Division by Zero Vulnerability in FFmpeg 4.1.3 Heap-Based Buffer Over-Read Vulnerability in ImageMagick 7.0.8-50 Q16 Reflected Cross-Site Scripting (XSS) Vulnerability in MindPalette NateMail 3.0.15 Default Passphrase Vulnerability in Voo Branded NETGEAR CG3700b Custom Firmware V2.02.03 Clear Text HTTP Basic Authentication Vulnerability in Voo Branded NETGEAR CG3700b Custom Firmware V2.02.03 Vulnerability: CSRF Exploit in Voo branded NETGEAR CG3700b Custom Firmware V2.02.03 Directory Traversal and Local File Inclusion Vulnerability in FlightPath 4.x and 5.0-x Unauthenticated Stored XSS in osTicket 1.10.1: Remote Code Injection via Support Ticket Creation Remote Code Execution in Dynacolor FCM-MB40 v1.2.0.0 Devices via CGI Script Injection Hard-coded SSL/TLS Key Vulnerability in Dynacolor FCM-MB40 v1.2.0.0 Devices Windows AppX Deployment Server File Creation Elevation of Privilege Vulnerability Cleartext Storage of Administrative Web-Interface Credentials in Dynacolor FCM-MB40 v1.2.0.0 CSRF Vulnerability in Dynacolor FCM-MB40 v1.2.0.0 Devices Incomplete Factory-Reset Process Allows Persistence of Backdoor on Dynacolor FCM-MB40 v1.2.0.0 Devices Broken Access Control Vulnerability in Temenos CWX Version 8.9 Allows Unauthorized User Information Viewing Default Directory Vulnerability in Python MSI Installer Insecure ADB Service Exploit: Unauthorized Access and Device Compromise Arbitrary APK Installation Vulnerability in Advan VD-1 Firmware Reflected XSS Vulnerability in Advan VD-1 Firmware Versions up to 230 Relative Path Traversal Vulnerability in Advan VD-1 Firmware (Up to Version 230) Allows Unauthorized File Downloads Union-Based SQL Injection Vulnerability in TOPMeeting 8.8 (2019/08/19) Windows Power Service Registry Restore Key Elevation of Privilege Vulnerability Exposure of Attendees' Account and Password in TOPMeeting (before version 8.8) HiNet GPON Firmware < I040GWR190731: Arbitrary Command Execution via Port 3097 Arbitrary File Read Vulnerability in HiNet GPON Firmware (CVE-2021-XXXX) SQL Injection Vulnerability in Rencontre Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Rencontre Plugin for WordPress Unauthorized Data Access Vulnerability in Search Guard Versions Prior to 24.3 with Cross Cluster Search (CCS) Enabled Authentication Bypass Vulnerability in Search Guard Versions Before 24.3 with Cross Cluster Search (CCS) Enabled Field Name Leakage in Search Guard Versions Before 24.0 Improper Anonymization of String Arrays in Search Guard Versions Before 24.0 Clear Text Value Leakage in Search Guard Versions Before 23.1 Windows Error Reporting Manager Elevation of Privilege Vulnerability Timing Side Channel Vulnerability in Search Guard Versions Before 21.0 User Password Hash Retrieval Vulnerability in Search Guard Versions Before 23.1 Kibana Plugin Redirect Vulnerability Authentication Bypass Vulnerability in Search Guard Kibana Plugin Windows Object Memory Handling Denial of Service Vulnerability Memory Object Disclosure Vulnerability in Windows Code Integrity Module Integer Overflow in parseOptions() Function in ROS Communications Packages SQL Injection Vulnerability in Sertek Xpare 3.67 Login Form Unsanitized Input Data in Sertek Xpare 3.67 Login Form Allows XSS Exploitation Zoom Client Denial of Service Vulnerability via Invalid Launch Requests Windows Kernel Object Memory Handling Vulnerability Remote Camera Activation Vulnerability in Zoom Client and RingCentral on macOS Buffer Overflow Vulnerability in Xymon through 4.3.28's history.c Buffer Overflow Vulnerability in Xymon reportlog.c Denial of Service Vulnerability in Zipios before 0.1.7 Division by Zero Vulnerability in ImageMagick 7.0.8-54 Q16's RemoveDuplicateLayers Function Stack-based Buffer Overflow Vulnerability in Xymon Alert Acknowledgment CGI Tool EAP-pwd Password Recovery Vulnerability in FreeRADIUS 3.0 through 3.0.19 Information Disclosure Vulnerability in OTRS 7.0.x through 7.0.8 Information Disclosure Vulnerability in OTRS Notification Tags Windows Object Memory Handling Denial of Service Vulnerability Insecure Direct Object Reference vulnerability in PrestaShop before 1.7.6.0 RC2 (PrestaShop bug #14444) allows for customer information leakage during checkout. Unauthenticated SQL Injection in Lansweeper before 7.1.117.4 XSS Vulnerability in Simple Link Directory Plugin for WordPress Bypassing PHP Script Uploads Rules with X.Filename in OWASP ModSecurity CRS 3.0.2 Denial of Service Vulnerability in ROS Communications Package Incorrect Access Control in Western Digital and SanDisk SSD Dashboards Arbitrary File Substitution Vulnerability in Western Digital and SanDisk SSD Dashboard Windows Object Memory Handling Denial of Service Vulnerability Out-of-Bounds Read Vulnerability in MatrixSSL before 4.2.1 XSS Vulnerabilities in PHPWind 9.1.0's index.php File Parameters Undocumented TELNET Service in BusyBox Subsystem Allows Root Access in TELESTAR and Imperial Devices Insufficient Access Control Vulnerability in TELESTAR DAB Radios MobaXterm 11.1 URI Handler Argument Injection Vulnerability XSS Vulnerability in CentOS Web Panel 0.9.8.837 Allows Low-Privilege User to Gain Root Access CSRF Vulnerability in CentOS Web Panel 0.9.8.837 Allows Unauthorized Password Change for Root Account Unfiltered HTML Vulnerability in Yoast SEO Plugin for WordPress Arbitrary Path Overwrite Vulnerability in Git's fast-import Command Injection Vulnerability in D-Link DIR-818LW Firmware 2.06betab01 Command Injection Vulnerability in D-Link DIR-818LW Firmware 2.06betab01 JWT Signature Validation Bypass in Auth0 Passport-SharePoint Buffer Overflow Vulnerability in Xymon Status-Log Viewer CGI Stack-based Buffer Overflow Vulnerability in Xymon History Viewer Stack-based Buffer Overflow in Xymon Status-Log Viewer Component Cross-Site Scripting (XSS) Vulnerability in Trape's trape.js Allows Arbitrary Code Injection SQL Injection Vulnerability in Trape (2019-05-08) via data[2] Variable in core/db.py Git for Visual Studio Remote Code Execution Vulnerability Persistent XSS Vulnerability in Sitecore 9.0 rev 171002 Media Library and File Manager Stack-based Buffer Overflow in Castle Rock SNMPc Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Zyxel XGS2210-52HP Firmware Version 4.50 OTP Bypass Vulnerability in One Identity Cloud Access Manager CSRF Vulnerability in One Identity Cloud Access Manager Missing HTTP Strict Transport Security (HSTS) in One Identity Cloud Access Manager 8.1.3 allows for MITM attacks Git for Visual Studio Remote Code Execution Vulnerability Heap-Based Buffer Over-Read in mq_parse_http function of Mongoose 6.15 Out-of-Bounds Read Vulnerability in Exiv2::MrwImage::readMetadata XSS Vulnerability in Appointment Hour Booking Plugin 1.1.44 for WordPress via E-mail Field (email_1) XSS Vulnerability in @nuxt/devalue before 1.2.3 SQL Injection Vulnerability in hidea.com AZ Admin 1.0 news_det.php?cod= Buffer Overflow Vulnerability in FreeTDS 1.1.11 Potential Information Leakage in Docker Engine Debug Mode Virtual drive path tampering vulnerability in Git for Visual Studio USE AFTER FREE vulnerability in Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier Information Exposure in Rockwell Automation Arena Simulation Software Out-of-Bounds Read Vulnerability in Fuji Electric FRENIC Loader 3.5.0.0 and Prior Multiple Out-of-Bounds Read Vulnerabilities in Delta Industrial Automation DOPSoft Use-after-free vulnerability in Delta Industrial Automation DOPSoft allows for remote code execution and information disclosure Sensitive Information Disclosure in OSIsoft PI Web API 2018 and earlier versions Cross-Site Request Forgery Protection Bypass in OSIsoft PI Web API Access Privilege Expiration Vulnerability in Pyxis ES and Pyxis Enterprise Server Buffer Overflow Vulnerability in EZ Touch Editor Versions 2.1.0 and Prior Vulnerability in Rockwell Automation Arena Simulation Software version 16.00.00 and earlier allows limited information exposure Git for Visual Studio Remote Code Execution Vulnerability Alpha5 Smart Loader Multiple Buffer Overflow Vulnerabilities Vulnerability in Rockwell Automation Arena Simulation Software version 16.00.00 and earlier allows limited information exposure Memory Corruption and Code Execution Vulnerability in EZ PLC Editor Versions 1.8.41 and Prior Unauthenticated Remote Access to Web Configuration Data in Honeywell Performance IP Cameras and NVRs Denial-of-Service Vulnerability in GE PACSystems RX3i and CPE Series Unauthenticated Remote Access to Web Configuration Data in IP-AK2 Access Control Panel Authentication Bypass Vulnerability in Datalogic AV7000 Linear Barcode Scanner (Versions < 4.6.0.0) Uninitialized Pointer Vulnerability in Rockwell Automation Arena Simulation Software Privilege Escalation Vulnerability in Niagara AX and Niagara 4 Remote Code Execution Vulnerability in Sunny WebBox Firmware Version 1.6 and Prior Vulnerability: NTFS Protections Bypass in Git on Windows Subsystem for Linux (WSL) Vulnerability: Unauthorized Firmware Upload via FTP in Philips IntelliVue WLAN Patient Monitors RFID Authentication Bypass Vulnerability in Medtronic Valleylab Energy Platforms CODESYS V3 Web Server Directory Traversal Vulnerability Vulnerability: Replay Attack on Omron PLC CJ and CS Series Remote Code Execution Vulnerability in Philips IntelliVue WLAN Patient Monitors RFID Security Read Access Vulnerability in Medtronic Valleylab FT10 and Valleylab LS10 Energy Platforms Remote Code Execution Vulnerabilities in Delta Electronics TPEditor Versions 1.94 and Prior Buffer Overflow Vulnerability in IEC870IP Driver for Vijeo Citect and Power SCADA Operation CODESYS V3 Library Manager Content Display Vulnerability Insecure Password Hashing in Medtronic Valleylab Exchange Client and Energy Platforms Git for Visual Studio Remote Code Execution Vulnerability Remote Code Execution Vulnerabilities in Delta Electronics TPEditor Versions 1.94 and Prior Improper Input Validation Vulnerability in Horner Automation Cscape 9.90 and Prior NULL Pointer Dereference Vulnerability in CODESYS V3 OPC UA Server Hard-coded Credentials Vulnerability in Medtronic Valleylab Exchange Client and Energy Platforms Remote Code Execution Vulnerabilities in Delta Electronics TPEditor Versions 1.94 and Prior Buffer Overflow Vulnerability in Horner Automation Cscape 9.90 and Prior Escalation of Privileges Vulnerability in IntelliSpace Perinatal Application Environment Unauthenticated Access Vulnerability in Advantech WISE-PaaS/RMM Stack Overflow and Remote Code Execution Vulnerability in CODESYS V3 Web Server Insufficient Authentication Mechanism Allows Unauthorized Configuration Changes in Rittal Chiller SK 3232-Series Improper Authorization Vulnerability in WebAccess Versions 8.4.1 and Prior Remote Code Execution via Path Traversal in Advantech WISE-PaaS/RMM Multiple Command Injection Vulnerabilities in WebAccess Versions 8.4.1 and Prior Hard-coded Credentials Vulnerability in Rittal Chiller SK 3232-Series Web Interface Unsecured Telnet Protocol in GE Mark VIe Controller Allows Unauthorized Access Denial-of-Service Vulnerability in Mitsubishi Electric MELSEC-Q and MELSEC-L Series CPUs Stack-based Buffer Overflow Vulnerabilities in WebAccess Versions 8.4.1 and Prior Information Exposure Vulnerability in Tasy EMR WebPortal Versions 3.02.1757 and Prior Remote Code Execution Vulnerability in WebAccess Versions 8.4.1 and Prior Pre-configured Hard-Coded Credentials in GE Mark VIe Controller Allow Root-User Access Edge HTML Information Disclosure Vulnerability D-Link DIR-655 C Devices Vulnerability: Remote Attackers Can Force Blank Password Arbitrary Command Execution in D-Link DIR-655 C Devices Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-655 C Devices CSRF Vulnerability in D-Link DIR-655 C Devices Cross-Site Scripting (XSS) Vulnerability in Ping Identity Agentless Integration Kit before 1.5 OpenLDAP SASL Authentication Bypass Vulnerability Buffer Overflow Vulnerability in ROS Communications Packages Remote Code Execution via ZoomOpener Daemon on macOS Heap-Based Buffer Overflow in CImg.h: Malformed BMP Image Allocation Vulnerability Icegram Email Subscribers & Newsletters Plugin SQL Injection Vulnerability Microsoft Browser Cookie Spoofing Vulnerability AJdG AdRotate Plugin for WordPress 5.3 and Earlier: SQL Injection Vulnerability SQL Injection Vulnerability in Vsourz Digital Advanced CF7 DB Plugin for WordPress SQL Injection Vulnerability in Adenion Blog2Social Plugin for WordPress SQL Injection Vulnerability in FolioVision FV Flowplayer Video Player Plugin for WordPress Remote Command Execution Vulnerability in MiniMagick Image Processing Library SQL Injection Vulnerability in WPEverest Everest Forms Plugin for WordPress Unauthenticated Remote Buffer Overflow in MAPLE WBT SNMP Administrator v2.0.195.15 via SNMP CE Remote Feature SQL Injection Vulnerability in Impress GiveWP Give Plugin for WordPress Jet Database Engine Remote Code Execution Vulnerability Heap-based Buffer Overflow in Marvell 88W8688 Wi-Fi Firmware Allows Remote Code Execution Stack Overflow Vulnerability in Marvell 88W8688 Wi-Fi Firmware Directory Traversal Vulnerability in FANUC Robotics Virtual Robot Controller 8.23 Remote Admin Webserver Buffer Overflow Vulnerability in FANUC Robotics Virtual Robot Controller 8.23's Remote Admin Webserver Arbitrary Web Script Injection Vulnerability in WIKINDX getPagingStart() Function Code-execution backdoor vulnerability in paranoid2 gem 1.1.6 for Ruby Jet Database Engine Remote Code Execution Vulnerability Integer Overflow and NULL Pointer Dereference in SoX 14.4.2 CSRF Protection Bypass in Mirumee Saleor 2.7.0 Arbitrary Command Execution via Sahi Pro 8.0.0 Player_setScriptFile Vulnerability Remote Command Execution in Vera Edge Home Controller 1.7.4452 via LuaUPnP Username Enumeration Vulnerability in CentOS Web Panel 0.9.8.848 Integer Underflow Vulnerability in VLC Media Player Weak Encryption of Fingerprint Images in HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Brute-Force Vulnerability in HID Global DigitalPersona U.are.U 4500 Fingerprint Reader v24 Allows Key Recovery and Biometric Information Leak Authentication Bypass Vulnerability in CentOS Web Panel 0.9.8.838 to 0.9.8.846 Opera Mini iOS UXSS Vulnerability via javascript: URL Navigation XXE Vulnerability in Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) Memory Object Disclosure Vulnerability in Microsoft Graphics Components Cross-Site WebSocket Hijacking (CSWSH) Vulnerability in python-engineio Vulnerability: Inconsistent SpamAssassin Checks for Large Email Messages in MDaemon Email Server Stack-based Buffer Overflow in TP-Link Wireless Router Archer Router Version 1.0.0 Build 20180502 rel.45702 (EU) and Earlier Stack-based Buffer Overflow in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and Earlier Heap-based Buffer Over-read in libebml's FindNextElement Heap-based Buffer Over-read Vulnerability in SDL (Simple DirectMedia Layer) Heap-Based Buffer Over-Read Vulnerability in njs through 0.3.3 Heap-based Buffer Over-read in GPAC before 0.8.0 Buffer Overflow Vulnerability in Wireshark ASN.1 BER Dissector Win32k Elevation of Privilege Vulnerability in Windows Kernel-Mode Driver Path Traversal Vulnerability in NSA Ghidra Allows Arbitrary File Overwrite Command Injection Vulnerability in ONOS 1.15.0 YangWebResource.java XXE (XML External Entity) Vulnerability in NSA Ghidra 9.0.1 and earlier Heap-Based Buffer Over-read in SDL 2.x through 2.0.9 ECDSA Timing Attack in libgcrypt20 Cryptographic Library Timing Side Channel Vulnerability in wolfSSL and wolfCrypt 4.0.0 and Earlier Timing Side Channel Vulnerability in MatrixSSL 4.2.1 and Earlier: Private Key Leakage in ECDSA Signature Generation Windows GDI Object Memory Information Disclosure Vulnerability Out-of-Bounds Write Vulnerability in Linux Kernel HID Report Generation Blind/Persistent XSS Vulnerability in Blinger.io v.1.0.2519 Directory Traversal Vulnerability in WP Fastest Cache Plugin Symlink Mishandling Vulnerability in GNU Patch Arbitrary Command Execution via Unsafe Search Paths in LogMeIn join.me OS Shell Command Injection in GNU Patch through 2.7.6 via Crafted Patch File Win32k Elevation of Privilege Vulnerability in Windows Kernel-Mode Driver Command Injection Vulnerability in qBittorrent before 4.1.7 Stored XSS vulnerability in EspoCRM before 5.6.4 allows remote code execution and injection Stored XSS Vulnerability in Firefly III Budget Name Stored XSS Vulnerability in Firefly III before 4.7.17.3 via Image File Names Firefly III before 4.7.17.3 Reflected XSS Vulnerability in Search Query Stored XSS Vulnerability in Firefly III before 4.7.17.3 via Unfiltered Image File Content Denial of Service Vulnerability in Linux Kernel on PowerPC Platform ExternalPort OS Command Injection in TP-Link M7350 Devices Microsoft IIS Server Elevation of Privilege Vulnerability InternalPort OS Command Injection Vulnerability in TP-Link M7350 Devices TP-Link M7350 PortMappingProtocol OS Command Injection Vulnerability TP-Link M7350 Devices OS Command Injection Vulnerability TriggerPort OS Command Injection in TP-Link M7350 Devices (Issue 5 of 5) Denial of Service Vulnerability in Imgix through 2019-06-19 Remote Code Execution Vulnerability in CA Common Services DIA of CA Technologies Client Automation 14 and Workload Automation AE 11.3.5, 11.3.6 Default Credential Vulnerability in CA Performance Management Default Credential Vulnerability in CA Network Flow Analysis 9.x and 10.0.x IDN Homograph Spoofing Vulnerability in Google Chrome Chakra Scripting Engine Remote Code Execution Vulnerability Chromium UI Spoofing Vulnerability: Remote Notification Spoofing in Google Chrome Chromium UI Spoofing Vulnerability: Remote Notification Spoofing in Google Chrome Bypassing Content Security Policy in Google Chrome prior to 77.0.3865.75 IDN Homograph Spoofing Vulnerability in Google Chrome Bypassing Content Security Policy in Blink in Google Chrome (CVE-2019-13699) Bypassing Multiple File Download Protection in Google Chrome (CVE-2019-13699) Cross-Origin Information Leak in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on iOS Cross-Origin Data Leakage Vulnerability in Google Chrome Developer Tools Omnibox Spoofing Vulnerability in Google Chrome (prior to 77.0.3865.75) Internet Explorer Scripting Engine Memory Corruption Vulnerability Heap Corruption Vulnerability in Google Chrome (prior to 77.0.3865.75) via Crafted HTML Page Remote Security UI Spoofing Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on iOS Cross-Origin Data Leakage Vulnerability in Google Chrome Developer Tools IDN Homograph Spoofing Vulnerability in Google Chrome Remote Code Execution Vulnerability in Google Chrome Extensions Domain Spoofing Vulnerability in Google Chrome Bypassing Site Isolation in Google Chrome: Insufficient Policy Enforcement Vulnerability Domain Spoofing Vulnerability in Google Chrome (prior to 77.0.3865.75) via Incorrect Data Validation in Downloads Remote Code Execution via Crafted PDF File Windows Secure Boot Security Feature Bypass Vulnerability TLS Vulnerability: Remote IP Address Spoofing in Google Chrome (CVE-2019-5869) Bypassing Download Restrictions in Google Chrome (CVE-2019-13699) Bypassing Same Origin Policy via Insufficient Policy Enforcement in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome Developer Tools Cross-Origin Data Leakage Vulnerability in Google Chrome (prior to 72.0.3626.81) Remote Code Execution Vulnerability in Google Chrome Prior to 77.0.3865.90 Use After Free Vulnerability in Google Chrome: Remote Heap Corruption Exploit via Crafted HTML Page Remote Code Execution Vulnerability in Google Chrome Prior to 77.0.3865.90 Remote Code Execution Vulnerability in Google Chrome Prior to 77.0.3865.90 Arbitrary Read/Write Vulnerability in Google Chrome on ChromeOS Memory Object Handling Vulnerability in Open Enclave SDK OS-level privilege escalation vulnerability in Google Chrome on ChromeOS prior to 75.0.3770.80 Omnibox Spoofing Vulnerability in Google Chrome (prior to 77.0.3865.75) Bypassing Site Isolation in Google Chrome Reader Mode Use After Free Vulnerability in IndexedDB in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome Remote Code Execution Vulnerability in Google Chrome for Android (CVE-2019-13699) Use After Free Vulnerability in Google Chrome (prior to 77.0.3865.120) Allows Remote Code Execution via Crafted HTML Page Cross-Origin Data Leakage in Google Chrome Performance APIs Heap Corruption Vulnerability in Google Chrome (prior to 73.0.3683.103) via Crafted HTML Page Remote Code Execution via Use After Free in Google Chrome Media (CVE-2019-13720) Memory Object Handling Vulnerability in Open Enclave SDK Gamepad API Out of Bounds Memory Access Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Privilege Escalation Vulnerability in Google Chrome Installer on Windows Omnibox Spoofing Vulnerability in Google Chrome on Android Bypassing Content Security Policy in Google Chrome prior to 78.0.3904.70 Cross-Origin Data Leakage via Malicious Chrome Extension PDFium Heap Corruption Vulnerability File Leakage Vulnerability in Google Chrome on Android (prior to 78.0.3904.70) via Insufficient Validation of Intents Omnibox Spoofing Vulnerability in Google Chrome on iOS Bypassing Download Restrictions in Google Chrome Prior to 78.0.3904.70 Internet Explorer Remote Code Execution Vulnerability Bypassing Download Restrictions via Crafted HTML Page in Google Chrome (CVE-2019-13720) Cross-Origin Data Leakage Vulnerability in Google Chrome Cross-Origin Data Leakage Vulnerability in Google Chrome CSS Injection Vulnerability in Color Enhancer Extension in Google Chrome Domain Spoofing Vulnerability in Google Chrome (CVE-2019-13720) Bypassing Navigation Restrictions in Google Chrome Service Workers Full Screen Mode Security UI Vulnerability in Google Chrome Domain Spoofing Vulnerability in Google Chrome (CVE-2019-13720) Full Screen Mode Security UI Vulnerability in Google Chrome Azure App Service Remote Code Execution Vulnerability WebAudio Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in PDFium in Google Chrome Heap Corruption Vulnerability in WebRTC in Google Chrome (CVE-2019-13720) WebBluetooth Use After Free Vulnerability in Google Chrome (CVE-2019-13720) Out of Bounds Memory Access Vulnerability in WebBluetooth in Google Chrome Remote Code Execution Vulnerability in Bluetooth in Google Chrome Buffer Overflow Vulnerability in Google Chrome Password Manager Bypassing Same Origin Policy in WebSockets in Google Chrome (CVE-2019-13720) Heap Corruption Vulnerability in Google Chrome (prior to 79.0.3945.79) via Crafted HTML Page WebSockets Use-After-Free Vulnerability in Google Chrome PowerShell Deserialization Remote Code Execution in Microsoft Exchange Type Confusion Vulnerability in Google Chrome (prior to 79.0.3945.79) Allows Remote Heap Corruption WebAudio Use-After-Free Vulnerability in Google Chrome Remote Code Execution Vulnerability in SQLite in Google Chrome Arbitrary Code Execution via Out of Bounds Write in Google Chrome (CVE-2019-13720) PDFium Integer Overflow Vulnerability in Google Chrome Information Disclosure Vulnerability in Google Chrome Autocomplete Bypassing Site Isolation in Google Chrome: Insufficient Policy Enforcement in Navigation Domain Spoofing Vulnerability in Google Chrome Windows Error Reporting (WER) Object Memory Disclosure Vulnerability Domain Spoofing Vulnerability in Google Chrome Bypassing Same Origin Policy via Crafted Clipboard Content in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on iOS Remote Security UI Spoofing Vulnerability in Google Chrome Cross-Origin Data Leakage via Insufficient Cookie Policy Enforcement in Google Chrome Cross-Origin Data Leakage in Google Chrome Prior to 79.0.3945.79 Omnibox Spoofing Vulnerability in Google Chrome Heap Corruption Vulnerability in Google Chrome on Android (Versions prior to 79.0.3945.79) Local Information Disclosure Vulnerability in Google Chrome Developer Tools Omnibox Spoofing Vulnerability in Google Chrome on iOS Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Insufficient Data Validation in SQLite in Google Chrome: Bypassing Defense-in-Depth Measures via Crafted HTML Page Uninitialized Data Vulnerability in SQLite in Google Chrome Remote Information Disclosure Vulnerability in SQLite in Google Chrome Remote Information Disclosure Vulnerability in SQLite in Google Chrome Bypassing Navigation Restrictions in Google Chrome Extensions Remote Code Execution via Extension Disabling in Google Chrome Domain Spoofing Vulnerability in Google Chrome Prior to Version 79.0.3945.79 Domain Spoofing Vulnerability in Google Chrome Omnibox Bypassing Navigation Restrictions in Google Chrome on Android (CVE-2019-13720) Domain Spoofing Vulnerability in Google Chrome SQL Server Management Studio Information Disclosure Vulnerability Domain Spoofing Vulnerability in Google Chrome Omnibox Local Code Spoofing Vulnerability in Google Chrome on Windows Cross-Origin Data Leakage in Google Chrome Prior to 79.0.3945.79 Type Confusion Vulnerability in Google Chrome (prior to 79.0.3945.79) Allows Remote Heap Corruption Remote Code Execution Vulnerability in Google Chrome Content Delivery Manager Remote Code Execution via Use-After-Free Vulnerability in Google Chrome's Accessibility Remote Code Execution via Use After Free in Google Chrome Media Picker Sandbox Escape via Use After Free Vulnerability in Google Chrome FileAPI Windows 10 Update Assistant Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Splwow64.exe Local Elevation of Privilege Vulnerability Windows Servicing Stack Information Disclosure Vulnerability ActiveX Installer Service Elevation of Privilege Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability NETLOGON Message Session Key Retrieval Vulnerability Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Vulnerability in Git Recursive Clones Allows Remote Code Execution Windows Certificate Dialog Elevation of Privilege Vulnerability Windows Hyper-V Remote Code Execution Vulnerability VBScript Engine Memory Object Handling Remote Code Execution Vulnerability Windows Object Memory Handling Denial of Service Vulnerability Arbitrary File Access Vulnerability in b3log Wide before 1.6.0 Heap Buffer Overflow in WICED Studio 6.2 CYW20735B1 and CYW20819A1 Remote Code Execution in Exim 4.85 through 4.92 (fixed in 4.92.1) via ${sort } Expansion SINEMA Remote Connect Server (All versions < V2.0 SP1) Password Guessing Vulnerability Privilege Escalation Vulnerability in SINEMA Remote Connect Server (All versions < V2.0 SP1) Memory Object Handling Vulnerability in Windows Kernel Vulnerability in SINEMA Remote Connect Server (All versions < V2.0 SP1) Allows CSRF Attacks Denial-of-Service Vulnerability in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1) SINEMA Remote Connect Server Vulnerability: Password Hash Disclosure Cross-Site Scripting (XSS) Vulnerability in IE/WSN-PA Link WirelessHART Gateway Clickjacking Vulnerability in SCALANCE Network Switches and Routers Denial-of-Service Vulnerability in SCALANCE S602, S612, S623, and S627-2M Denial-of-Service Vulnerability in SCALANCE S602, S612, S623, and S627-2M Denial of Service Vulnerability in Desigo PX Automation Controllers Vulnerability in SIMATIC IT UADM Allows Password Recovery and Unauthorized Access Win32k Memory Object Handling Elevation of Privilege Vulnerability XHQ Web Interface Cross-Site Request Forgery (CSRF) Vulnerability Vulnerability in XHQ Web Interface Allows Unexpected Behavior and Content Modification Unauthenticated Script Injection Vulnerability in XHQ (All versions < V6.0.0.2) Vulnerability in SCALANCE X-Series Network Devices Allows Unauthorized Access Reflected Cross-Site Scripting (XSS) Vulnerability in Siemens AG Polarion Webclient Reflected Cross-Site Scripting (XSS) Vulnerability in Siemens AG Polarion Webclient Persistent Cross-Site Scripting Vulnerability in Siemens AG Polarion Webclient IP Address Spoofing Vulnerability in APOGEE, Desigo, Nucleus, SIMOTICS, TALON, and VSTAR Devices Win32k Memory Object Handling Elevation of Privilege Vulnerability Denial of Service Vulnerability in SIMATIC Industrial Control Systems Predictable Path Names Vulnerability in OZW672 and OZW772 Web Servers Title: Buffer Overflow Vulnerability in EN100 Ethernet Modules Leads to Denial-of-Service Condition Title: Cross-Site Scripting (XSS) Vulnerability in EN100 Ethernet Modules Vulnerability in EN100 Ethernet Modules: Unauthorized Information Disclosure UART Interface Physical Access Vulnerability Profinet-IO (PNIO) Stack Denial of Service Vulnerability Clear Text Password Transmission Vulnerability in Control Center Server (CCS) Stored XSS vulnerability in SyGuestBook A5 Version 1.2 CSRF Vulnerability in SyGuestBook A5 Version 1.2 Win32k Memory Object Handling Elevation of Privilege Vulnerability Stored XSS Vulnerability in SyGuestBook A5 Version 1.2 via Comment Reply Stack-based Buffer Overflow in set_ipv4() Function in gdnsd 3.x Stack-based Buffer Overflow in set_ipv6() Function in gdnsd Bluetooth Low Energy (BLE) Authentication Bypass Vulnerability in YI M1 Mirrorless Camera V3.2-cn Memory Exhaustion Vulnerability in Mikrotik RouterOS Stack Exhaustion Vulnerability in Mikrotik RouterOS Arbitrary PHP Code Execution in Discuz!ML 3.2 through 3.4 via Modified Language Cookie SQL Injection Vulnerability in Umbraco 7.3.8 via nodeName Parameter in PageWApproveApi/GetInpectSearch Method Memory Copy into NULL Pointer Vulnerability in Bento4 1.5.1-627 Win32k Memory Object Handling Elevation of Privilege Vulnerability Denial of Service Vulnerability in libjpeg-turbo 2.0.2 CSRF Vulnerability in flatCore Allows Arbitrary .php File Upload Heap-based Buffer Over-read in lavc_CopyPicture in VideoLAN VLC media player Multiple Reflective and Stored XSS Vulnerabilities in iTop through 2.6.0 XSS Vulnerability in iTop Dashboard XML Fields Denial of Service Vulnerability in iTop Community Version SQL Injection Vulnerability in Metinfo 6.x via id Parameter in admin/index.php Windows Hyper-V Remote Code Execution Vulnerability Self-XSS in AntSword Database Configuration Allows Code Execution XSS Vulnerability in OTCMS 3.81 via mode Parameter in apiRun.php?mudi=autoRun Request XSS Vulnerability in LayerBB 1.1.3 via pm_title Variable in application/commands/new.php Arbitrary File Upload Vulnerability in LayerBB 1.1.3 CSRF Vulnerability in LayerBB 1.1.3's conversations.php/cmd/new eGain Chat 15.0.3 HTML Injection Vulnerability Unrestricted File Upload Vulnerability in eGain Chat 15.0.3 Cross-Site Scripting (XSS) Vulnerabilities in Ovidentia 8.4.3 SQL Injection Vulnerability in Ovidentia 8.4.3 via id Parameter in index.php?tg=delegat&idx=mem Request Remote Code Execution via Unblocked PHP File Upload in Directus 7 API Windows Hyper-V Remote Code Execution Vulnerability Remote Code Execution via PHP File Upload in Directus 7 API Unauthenticated Remote File Read Vulnerability in Directus 7 API Markdown Injection Vulnerability in Directus 7 Application before 7.7.0 Insufficient Anti-Automation in Directus 7 API (CVE-2021-12345) Unauthenticated Access to Uploaded Files in Directus 7 API Log File Disclosure Vulnerability in Sierra Wireless MGOS Stack-based Buffer Overflow in wfloat() function in dpic 2019.06.20 Windows Hyper-V Privileged User Input Validation Vulnerability XXE Vulnerability in Terracotta Quartz Scheduler's initDocumentParser Method Laser-Induced LED Photosensitivity Vulnerability in Pre-Rev3 Arduino Embedded Systems Out of Bound Memory Access Vulnerability in Snapdragon Platforms Memory Corruption and Information Leakage Vulnerability in Snapdragon Platforms Integer Overflow Vulnerability in Snapdragon Processors: Potential Memory Corruption and Information Leakage Memory Corruption and Information Leakage Vulnerability in Snapdragon Platforms Integer Overflow Vulnerability in Multiple Snapdragon Platforms Microsoft Access Memory Object Handling Vulnerability Memory Corruption and Information Leakage Vulnerability in Multiple Snapdragon Platforms Insecure Public Key Usage in Multiple Snapdragon Platforms Unauthorized Access to Call Status in Snapdragon Devices Null Pointer Exception Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Chipsets Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Title: Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Timing Side Channel Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking Null Pointer Dereference Vulnerability in Location Assistance Data Processing in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130 Improper Input Validation Leading to Out-of-Bounds Memory Access in Snapdragon Processors Buffer Map Vulnerability in Snapdragon Devices Multiple Read Overflows in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables: Improper Length Check Vulnerability Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables in Multiple Chipsets Vulnerability: Invalid Super Index Table Parsing in Snapdragon Processors Buffer Overflow Vulnerability in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130 Stack-based buffer overflow vulnerability in initialization of identification stage in multiple Snapdragon platforms Integer overflow vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple chipsets Heap Buffer Overflow Vulnerability in Snapdragon Platforms Potential Out-of-Bound Array Access Vulnerability in Snapdragon Platforms Multiple Read Overflows Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Memory Object Handling Vulnerability in Microsoft Office Multiple Read Overflows in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, and Wearables Processors Buffer overrun vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables in multiple Qualcomm chipsets Vulnerability: Lack of Length Check in IPv6 Header Extraction in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables Unvalidated User Input in String Copy Vulnerability in Multiple Snapdragon Platforms Stack-Use-After-Scope Vulnerability in NFC Card Emulation on Snapdragon Platforms Session Object Vulnerability in Multiple Snapdragon Platforms Potential Buffer Overflow Vulnerability in WLAN WMI Handler in Multiple Snapdragon and QCA Chipsets Unbounded Channel Length Vulnerability in Multiple Snapdragon Platforms Buffer Overwrite Vulnerability in Multiple Snapdragon Platforms Use-after-free vulnerability in graphics module in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wired Infrastructure and Networking in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Networking in various Qualcomm chipsets Memory Use After Free Vulnerability in Snapdragon Processors Multiple Read Overflows in Snapdragon Processors: Vulnerability in Decoding Tau Reject/Accept Requests Use After Free Vulnerability in Snapdragon Processors: EEPROM Query Mutex Unlocking Issue Buffer Overflow Vulnerability in Snapdragon Processors Use-After-Free Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Buffer Over-read Vulnerability in ADSP Parse Function in Snapdragon Processors Out of Bound Read Vulnerability in Snapdragon Platforms Memory Use After Free Vulnerability in Multiple Snapdragon Platforms Buffer Overrun Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Critical Out of Bound Read Vulnerability in Snapdragon Platforms Out of Bound Read Vulnerability in Fingerprint Application in Multiple Snapdragon Platforms Uninitialized Memory Access Vulnerability in Snapdragon Consumer IOT and Snapdragon Mobile Devices Critical Buffer Overflow Vulnerability in Snapdragon Auto, Consumer IoT, and Mobile Processors Improper Validation of Array Parameters Leading to Out-of-Bound Access in Snapdragon Platforms Lack of Input Validation in IPA Driver Process Route Add Rule IOCTL Out of Bound Memory Access Vulnerability in Snapdragon Platforms Stage-2 Fault Vulnerability in Snapdragon Platforms Windows UPnP Service Elevation of Privilege Vulnerability Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Integer Overflow and Buffer Overflow Vulnerability in Snapdragon Industrial IOT (MDM9206, MDM9607) Uninitialized Data Structure Vulnerability in Multiple Snapdragon Platforms Stack Out-of-Bounds Read Vulnerability in XFRM Policy Creation in Multiple Snapdragon Platforms Vulnerability: Unauthorized Code and Data Update and RAM Dump Diversion in Snapdragon Platforms Dangling Pointer Vulnerability in Snapdragon Processors Integer Overflow Vulnerability in Snapdragon Platforms Buffer Over-read Vulnerability in Snapdragon Platforms Jet Database Engine Remote Code Execution Vulnerability Uninitialized Stack Data Vulnerability in Snapdragon and Other Qualcomm Products Null-pointer dereference vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in multiple Qualcomm chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Kernel Failure Vulnerability in Multiple Snapdragon Platforms Pointer Double Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking Integer Overflow Vulnerability in Feature ID Retrieval in Snapdragon Platforms Timing side channel vulnerability in non-time-constant functions in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in multiple Qualcomm chipsets Out of Bound Access Vulnerability in Multiple Snapdragon Platforms Windows Graphics Component Elevation of Privilege Vulnerability Race condition vulnerability in PCM volume controls in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, Wired Infrastructure and Networking in various Qualcomm chipsets Vulnerability: Compromised Reset Handler Allows Bypass of Access Control in Multiple Snapdragon Platforms Race condition vulnerability leading to unhandled paging request in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in various Qualcomm chipsets RTCP Message Buffer Overflow Vulnerability Heap Overflow Vulnerability in Diag Command Handler in Snapdragon Processors Null pointer dereference vulnerability in radio interface layer of Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130 Buffer Overflow Vulnerability in Multiple Snapdragon Processors Out of Bound Memory Access Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking in Multiple Qualcomm Chipsets Unvalidated Response Buffer Length Vulnerability in Snapdragon Processors Uninitialized Variable Vulnerability in Snapdragon Processors Win32k Memory Object Handling Elevation of Privilege Vulnerability Out of Bound Write Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables Buffer Over-read Vulnerability in WLAN Module for SAR Limits Enforcement in Snapdragon Processors Buffer Over-read Vulnerability in Snapdragon Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Wired Infrastructure, and Networking in Multiple Qualcomm Chipsets Integer Underflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wired Infrastructure and Networking in Multiple Qualcomm Chipsets Potential Integer Underflow Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, and Snapdragon in QCN7605, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130 Integer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 Buffer Overflow Vulnerability in Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, QCS605 Critical Use After Free Vulnerability in Snapdragon Devices Re-provisioning Vulnerability in Keymaster Attestation Key and Device IDs after Data Erase or Factory Reset Windows Remote Procedure Call Memory Initialization Vulnerability Double Free Vulnerability in Snapdragon Processors Critical Vulnerability: Unauthorized Service Exports in Snapdragon Industrial IOT and Mobile Devices Array Out of Bounds Access Vulnerability in Snapdragon Auto, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, and Wearables in various Qualcomm chipsets Integer Overflow Vulnerability in Diag Command Handler Buffer Overflow Vulnerability in Snapdragon Processors Potential Buffer Overflow Vulnerability in WLAN Parser in Multiple Snapdragon Platforms Potential Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Networking in various Qualcomm chipsets Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Vulnerability: Disabled Register Write via Debugfs in Multiple Snapdragon Platforms Out of Bounds Read Vulnerability in Diag Event Set Mask Command Handler in Snapdragon Processors Invalid Context Pointer Vulnerability in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile (APQ8053, SC8180X, SDX55, SM8150) Memory Overflow Vulnerability in Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SM8150 DirectWrite Memory Disclosure Vulnerability Buffer Overflow Vulnerability in WLAN Firmware in Multiple Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Mobile, Voice & Music, Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130 Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Buffer overflow vulnerability in WLAN firmware during CCMP cipher suite unwrapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in various Qualcomm chipsets. Buffer Overflow Vulnerability in WLAN Firmware Information Disclosure Vulnerability in Multiple Snapdragon Platforms Vulnerability: Privilege Escalation via Altered Debug Policy Image in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 TOCTOU Race Condition and Memory Corruption Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking Windows Adobe Type Manager Font Driver (ATMFD.dll) OpenType Font Driver Information Disclosure Vulnerability Memory Padding Vulnerability in Snapdragon Auto and Snapdragon Mobile Devices Critical Vulnerability: Missing Bounds Checks in Widevine HLOS Client Across Multiple Snapdragon Platforms Memory Failure in Content Protection Module: A Critical Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 Buffer Overflow Vulnerability in Snapdragon Processors Extension Request Handling Security Bypass in Microsoft Edge Memory Corruption Vulnerability in Snapdragon Processors: Impact on Trusted Applications Out of Bound Write Vulnerability in Radio Measurement Request in Snapdragon Platforms Memory Corruption Vulnerability in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150 Out of Bound Access Vulnerability in WLAN Handler: Potential Security Risk in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking Integer overflow to buffer overflow vulnerability in WLAN parsing nonstandard NAN IE messages in multiple Snapdragon platforms and products Visual Studio Code Debug Listener Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Race Condition Vulnerability in Windows Subsystem for Linux Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Modules Installer Service File Information Disclosure Vulnerability OpenType Font Parsing Remote Code Execution Vulnerability Unbounded memcpy Vulnerability in Das U-Boot Unbounded memcpy Vulnerability in Das U-Boot (2019.07) Unbounded memcpy Vulnerability in Das U-Boot through 2019.07 Unbounded memcpy Vulnerability in Das U-Boot through 2019.07 Unbounded memcpy Vulnerability in Das U-Boot through 2019.07 Out-of-Bounds Data Read Vulnerability in Das U-Boot Unbounded memcpy Vulnerability in Das U-Boot through 2019.07 Unbounded memcpy Vulnerability in Das U-Boot Windows Elevation of Privilege Vulnerability in dssvc.dll Stack-based Buffer Overflow in nfs_handler: rpc_lookup_reply Stack-based Buffer Overflow in nfs_lookup_reply Function in Das U-Boot Stack-based Buffer Overflow in nfs_readlink_reply Function in Das U-Boot Stack-based Buffer Overflow in nfs_mount_reply Function in Das U-Boot Stack-based Buffer Overflow in nfs_umountall_reply Function Local File Inclusion Vulnerability in Nevma Adaptive Images Plugin for WordPress Arbitrary File Deletion Vulnerability in Nevma Adaptive Images Plugin for WordPress Endless Loop Crash Vulnerability in Foxit PhantomPDF NULL Pointer Dereference Vulnerability in Foxit PhantomPDF Heap Corruption Vulnerability in Foxit PhantomPDF Memory Corruption Vulnerability in Foxit PhantomPDF JavaScript Object Validation Vulnerability in Foxit PhantomPDF NULL Pointer Dereference in Foxit PhantomPDF Crash Vulnerability in Foxit PhantomPDF 8.3.11 JavaScript Denial of Service Vulnerability in Foxit PhantomPDF Crash Vulnerability in Foxit PhantomPDF 8.3.11 Arbitrary PHP File Upload Vulnerability in WP SVG Icons Plugin Windows Elevation of Privilege Vulnerability in iphlpsvc.dll Arbitrary File Read Vulnerability in BlueStacks Cross-Site Scripting (XSS) Vulnerability in 1CRM On-Premise Software 8.5.7 Default Private Key Vulnerability in Alfresco Community Edition Open Redirect Vulnerability in Alfresco Share Application Remote Code Execution via Deserialization in Alfresco Community Edition 5.2 201707 SSRF Vulnerability in OX App Suite 7.10.1 and 7.10.2 Insecure Permissions in OX App Suite through 7.10.2 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.1 and 7.10.2 Reflected POST-based XSS and CSRF Vulnerability in Xavier PHP Management Panel 3.0 Windows StartTileData.dll File Creation Elevation of Privilege Vulnerability SQL Injection Vulnerability in Viral Quiz Maker - OnionBuzz Plugin for WordPress SQL Injection Vulnerability in Viral Quiz Maker - OnionBuzz Plugin for WordPress Catastrophic Backtracking Vulnerability in Django's Truncator Slow Evaluation of Certain Inputs in Django's HTMLParser SQL Injection in JSONField and HStoreField Key Lookups Memory Exhaustion Vulnerability in Django's uri_to_iri Function Defeating Proprietary Code Read Out Protection (PCROP) on STMicroelectronics STM32 devices through CPU register observation and code execution analysis Defeating Flash Access Controls (FAC) on NXP Kinetis KV1x, KV3x, and K8x Devices through CPU Register Observation and Code Execution Analysis Defeating Proprietary Code Read Out Protection (PCROP) on STMicroelectronics STM32F7 devices via the Instruction Tightly Coupled Memory (ITCM) bus using a debug probe Defeating Flash Access Controls (FAC) on NXP Kinetis Devices: Leveraging Load Instructions to Expose Protected Code NetLogon Secure Communications Channel Bypass Vulnerability CSRF Vulnerability in WCMS v0.3.2 Allows Directory Traversal and Index.html Modification Denial of Service Vulnerability in HAProxy 2.0.2 via htx_manage_client_side_cookies Local Code Injection Vulnerability in Bitdefender Products for Windows Denial of Service in mastercactapus proxyprotocol before 0.0.2 Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Database Deletion Insecure Object Reference in CentOS Web Panel 0.9.8.851 Allows Unauthorized Access to phpMyAdmin Passwords Out-of-Bounds Write Vulnerability in mpg321 0.3.2 NULL Pointer Dereference Vulnerability in libnasm.a in NASM 2.14.xx Denial of Service Vulnerability in libdwarf: Division by Zero in dwarf_elf_load_headers.c Visual Studio Hardlink Validation Elevation of Privilege Vulnerability Heap-based Buffer Overflow in GNU libiberty's simple_object_elf_match Arbitrary File Access Vulnerability in T24 TEMENOS Channels R15.01 Arbitrary PHP Code Injection in Publisure 2.1.2 Secure Portal Authentication Bypass Vulnerability in Publisure 2.1.2 ServletController Multiple SQL Injections in Publisure 2.1.2 Secure Portal Go-Camo SSRF Vulnerability in Versions up to 1.1.4 Allows Remote Attackers to Access Internal Endpoints ZEN-31765: Local Privilege Escalation Vulnerability in Zenoss 2.5.3 XML-RPC Subsystem in Zenoss 2.5.3: Unauthenticated Information Disclosure via XXE Attacks on Port 9988 Command Injection Vulnerability in Polycom Obihai Obi1022 VoIP Phone Firmware 5.1.11 Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Command Injection Vulnerability in Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP Phone Insufficient Jamming Detection Allows Reactive Jamming Attack on ABUS Secvest FUAA50000 3.01.01 Devices Stack Consumption Vulnerability in MetadataExtractor 2.1.0 SQL Injection in OpenSNS v6.1.0 via index.php?s=/ucenter/Config/ uid parameter Buffer Overflow Vulnerability in PDFResurrect 0.15 via Crafted PDF File Cleartext Password Exposure in Octopus Deploy Versions 3.0.19 to 2019.7.2 Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Sandbox Escape Vulnerability in Comodo Antivirus, Firewall, and Internet Security Code Injection Vulnerability in Docker 19.03.x Linked Against GNU C Library XSS Vulnerability in SilverStripe asset-admin 4.0: File Title Injection via CMS Broken Access Control in SilverStripe Assets 4.0 Heap-Based Buffer Overflow in MCPP 2.7.2's do_msg() Function in support.c Stack-Based Buffer Overflow in Xfig fig2dev 3.2.7a's calc_arrow Function in bound.c XXE Vulnerability in WUSTL XNAT 1.7.5.3 via POST Request Body Unauthenticated Blind XML Injection and XXE in Axway SecureTransport REST API Unauthenticated User Enumeration Vulnerability in Knowage through 6.1.1 Scripting Engine Memory Corruption Vulnerability in Microsoft Edge EXIF Data Exposure Vulnerability in Craft CMS 2.x and 3.x Code-Execution Backdoor Found in Datagrid Gem 1.0.6 Code-execution backdoor vulnerability in simple_captcha2 gem 0.2.3 Integer Overflow and Out-of-Bounds Read in Linux Kernel Floppy Disk Driver Denial of Service Vulnerability in Linux Kernel Floppy Driver Stored XSS Vulnerability in MISP 2.4.111 Event-Graph View Vulnerability: Bypassing Policy Blacklists and Session PAM Modules in Sudo before 1.8.28 Integer Overflow in Xpdf's JBIG2Bitmap::combine Function Integer Overflow in Xpdf's JBIG2Bitmap::combine Function Internet Explorer Scripting Engine Memory Corruption Vulnerability Out of Bounds Read Vulnerability in Xpdf 4.01.01 Out of Bounds Read Vulnerability in Xpdf 4.01.01 Out of Bounds Read Vulnerability in Xpdf 4.01.01 Out of Bounds Read Vulnerability in Xpdf 4.01.01 Use-after-free vulnerability in Xpdf 4.01.01: Out-of-bounds read in JPXStream::fillReadBuf Integer Overflow in getElfSections Function in UPX 3.95 Allows Remote Denial of Service Denial of Service and Buffer Overflow Vulnerability in UPX 3.95 Cross-Site Scripting (XSS) Vulnerability in Veeam ONE Reporter 9.5.0.3201 via Add/Edit Widget Cross-Site Scripting (XSS) Vulnerability in Veeam ONE Reporter 9.5.0.3201 Ricoh SP C250DN 1.05 Authentication Method Vulnerable to Brute Force Attacks Windows Media Foundation QuickTime Media Parsing Remote Code Execution Vulnerability Multiple Buffer Overflows in Ricoh Printers' HTTP Cookie Parsing Incorrect Access Control in Ricoh SP C250DN 1.06 Devices Debug Port Vulnerability on Ricoh SP C250DN 1.06 Devices Denial of Service Vulnerability in Ricoh SP C250DN 1.05 Devices CSRF Vulnerability in Ricoh SP C250DN 1.06 Devices Multiple Buffer Overflows in Ricoh Printers' HTTP Parameter Settings Incorrect Access Control Vulnerability in Ricoh SP C250DN 1.06 Devices Multiple Buffer Overflows in Ricoh Printers' HTTP Parameter Settings Parsing Buffer Overflow Vulnerabilities in Ricoh Printers' LPD Service Hardcoded FTP Credentials in Ricoh SP C250DN 1.05 Devices Denial of Service Vulnerability in Ricoh SP C250DN 1.05 Devices via Crafted IPP Packets Local File Inclusion Vulnerability in Aptana Jaxer 1.0.3.4547's Wikilite Source Code Viewer SQL Injection Vulnerability in 10Web Photo Gallery Plugin for WordPress SQL Injection Vulnerability in Imagely NextGEN Gallery Plugin for WordPress Arbitrary Web Script Injection in SunHater KCFinder 3.20-test1 and Earlier DSA Nonce Bias Vulnerability in wolfSSL and wolfCrypt 4.1.0 and Earlier Timing Side Channel Vulnerability in ECDSA Signature Generation Unencrypted Transmission of Private Data in TikTok (formerly Musical.ly) Application DirectWrite Memory Disclosure Vulnerability Windows Pathname Drive Name Mishandling in Pallets Werkzeug before 0.15.5 Stack-Based Buffer Overflow in SSDP Responder 1.x through 1.5 Privilege Escalation Vulnerability in AndyOS Andy Versions up to 46.11.113 CSRF Vulnerability in Custom Simple Rss Plugin 2.0.6 for WordPress Allows Unauthorized Settings Modification CSRF Vulnerability in Simple Membership Plugin's Bulk Operation Section Stored XSS Vulnerability in EspoCRM Create Task Windows Graphics Component Elevation of Privilege Vulnerability Stored XSS Vulnerability in EspoCRM Create Case Stored XSS Vulnerability in EspoCRM Create User Weak SSH Ciphers Vulnerability on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Pre-Authenticated Denial of Service Vulnerability in D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Insecure SSL Certificate and RSA Private Key Extraction Vulnerability Post-Authenticated Denial of Service Vulnerability in D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Post-Authenticated Config File Dump Vulnerability in D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Command Injection Vulnerability in D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Post-Authentication XSS Vulnerability on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 Devices Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 Android App ContentProvider Data Access Vulnerability Win32k Elevation of Privilege Vulnerability Stored XSS Vulnerability in TemaTres 3.0 via value parameter in vocab/admin.php?vocabulario_id=list URI Reflected XSS vulnerability in TemaTres 3.0 via vocab/admin.php?doAdmin=bulkReplace URI Remote Privilege Escalation in TemaTres 3.0: Unauthorized Creation of Administrator Account CSRF Vulnerability in Schben Adive 2.0.7 Allows Unauthorized Password Change Arbitrary Administrator Account Creation in Schben Adive 2.0.7 SQL Injection Vulnerability in BearDev JoomSport Plugin 3.3 for WordPress Stored XSS Vulnerability in EspoCRM 5.6.4 via Unfiltered User-Supplied Data in api/v1/Document Functionality Windows Graphics Component Elevation of Privilege Vulnerability Stored XSS Vulnerability in EspoCRM 5.6.4 Knowledge Base User Password Hash Enumeration Vulnerability in EspoCRM 5.6.4 CSV Injection Vulnerability in Joget Workflow 6.0.20 Side Channel Vulnerability in Trezor One Devices: Power Consumption Analysis of Row-Based OLED Display Side Channel Vulnerability: Power Consumption Analysis of OLED Display on Ledger Nano S and Nano X Devices Side Channel Vulnerability in ShapeShift KeepKey Devices: Exploiting Power Consumption of Row-Based OLED Display Side Channel Vulnerability in Coldcard MK1 and MK2 Devices: Power Consumption Analysis of Row-Based OLED Display Side Channel Vulnerability in Mooltipass Mini Devices Allows PIN Recovery via Power Consumption Measurements Side Channel Vulnerability in Archos Safe-T Devices: Exploiting Row-Based OLED Display Power Consumption Side Channel Vulnerability in BC Vault Devices: Exploiting Power Consumption of Row-Based SSD1309 OLED Display Win32k Kernel Information Disclosure Vulnerability Side Channel Vulnerability in Hyundai Pay Kasse HK-1000 Devices Allows Secret Data Recovery via USB Power Consumption Measurements Directory Traversal Vulnerability in Openbravo ERP before 3.0PR19Q1.3 Remote Code Execution Vulnerability in NETGEAR WNDR3400v3 Routers XSS Vulnerability in Email Subscribers & Newsletters Plugin 4.1.6 for WordPress WordPress Intercom Plugin Exposes Slack Access Token, Enabling Unauthorized Access Slack Access Token Leakage in WP SlackSync Plugin for WordPress Slack-Chat through 1.5.5 Vulnerability: Access Token Leak Exposes Sensitive Slack Information Heap-Based Buffer Over-Read Vulnerability in Exiv2 0.27.99.0 Exiv2 0.27.99.0 Denial of Service Vulnerability in PngImage::readMetadata() Windows Graphics Component Elevation of Privilege Vulnerability Out-of-Bounds Read Vulnerability in Exiv2::MrwImage::readMetadata() in mrwimage.cpp Infinite Loop Vulnerability in Libav 12.3's mov_probe Function Infinite Loop Vulnerability in Libav 12.3's wv_read_block_header() Function Heap-based Buffer Over-read in libpng via Crafted FLIF File Heap-Based Buffer Overflow in libslirp 4.0.0: Mishandling of First Fragment in ip_reass Remote Code Execution Vulnerability in FasterXML jackson-databind before 2.9.9.2 with ehcache Windows Graphics Component Elevation of Privilege Vulnerability Out-of-Bounds Read Vulnerability in libopenmpt Allows Crash During Playback NULL Pointer Dereference Vulnerability in libopenmpt before 0.4.3 Assertion Failure in libopenmpt: Debug STLs File Parsing Vulnerability Assertion Failure Vulnerability in libopenmpt before 0.4.2 with Debug STLs Stored XSS Vulnerability in cPanel WHM Tomcat Manager Interface (SEC-504) Self XSS vulnerability in cPanel and webmail master templates (SEC-506) Unauthenticated File Creation Vulnerability in cPanel (SEC-507) Local Privilege Escalation Vulnerability in cPanel (SEC-510) Windows GDI Memory Disclosure Vulnerability Stored XSS Vulnerability in cPanel WHM Modify Account Interface (SEC-512) Inadequate Reseller Package Creation ACL Enforcement in cPanel (SEC-514) Remote Code Execution Vulnerability in cPanel (SEC-501) Insecure cpphp Execution in cPanel Allows Local Code Execution (SEC-486) Root Account Privilege Escalation via fetch_ssl_certificates_for_fqdns API in cPanel (SEC-489) World-readable permissions for Queueprocd log in cPanel before 80.0.5 (SEC-494) Spoofed Log Data Insertion Vulnerability in cPanel API Analytics (SEC-495) Arbitrary File Modification Vulnerability in cPanel (SEC-496) Arbitrary Code Execution Vulnerability in cPanel (SEC-498) Insecure File Operations in cPanel SSL Certificate-Storage Feature (SEC-477) Win32k Kernel Information Disclosure Vulnerability Local Privilege Escalation in cPanel (SEC-479) Remote Code Execution Vulnerability in cPanel API1 addforward (SEC-480) Insecure Terminal Capability Determination in cPanel (SEC-481) Open Mail Relay Vulnerability in cPanel (SEC-483) Root Account File-Read Vulnerability in cPanel (SEC-484) cPanel Demo Account Code Execution Vulnerability (SEC-487) Stored XSS in cPanel BoxTrapper Queue Listing (SEC-493) cPanel Vulnerability: Information Disclosure to OpenID Providers (SEC-415) OpenID Provider Linking Vulnerability in cPanel (SEC-460) Arbitrary File-Read Vulnerability in cPanel (SEC-466) Win32k Graphics Remote Code Execution Vulnerability Format-String Injection Vulnerability in cPanel Email store_filter UAPI (SEC-472) Insecure File Writing Vulnerability in cPanel (SEC-473) Format-String Injection Vulnerability in cPanel's DCV Check_Domains_Via_DNS UAPI (SEC-474) Vulnerability: File-Write Operations as Shared Users during Connection Resets in cPanel (SEC-476) Userdata Cache Conflict Vulnerability in cPanel (SEC-478) Persistent Cross-Site Scripting (XSS) Vulnerability in Veritas Resiliency Platform (VRP) Allows Injection of Malicious Script Arbitrary Command Execution Vulnerability in Veritas Resiliency Platform (VRP) Arbitrary Command Execution Vulnerability in Veritas Resiliency Platform (VRP) Directory Traversal Vulnerability in Veritas Resiliency Platform (VRP) Allows Unauthorized File Overwrite URL Validation Bypass Vulnerability in Microsoft Office TortoiseSVN 1.12.1 Excel Workbook Remote Code Execution Vulnerability Remote Code Execution (RCE) Vulnerability in CUx-Daemon Addon for eQ-3 Homematic CCU-Firmware Local File Inclusion (LFI) Vulnerability in CUx-Daemon 1.11a of eQ-3 Homematic CCU-Firmware 2.35.16 - 2.45.6 Cross-Site Scripting (XSS) Vulnerability in WEB STUDIO Ultimate Loan Manager 2.0 Microsoft SharePoint SMB Hash Disclosure Vulnerability SQL Injection Vulnerability in YouPHPTube Plugin AuditTable.php Heap-based Buffer Overflow in MatrixSSL DTLS Server WebSocket Authentication Bypass Vulnerability in Loom Desktop for Mac up to 0.16.0 Information Leakage in OpenStack Nova API Response Heap-based Buffer Over-read in VLC Media Player 3.0.7.1 via Crafted .ogg File Heap-Based Buffer Over-Read Vulnerability in VLC Media Player 3.0.7.1 Polymorphic Typing Issue in FasterXML jackson-databind 2.x Remote Denial of Service Vulnerability in Libav 12.3 Denial of Service Vulnerability in Libav 12.3: avio_seek Infinite Loop Division by Zero Vulnerability in Libav 12.3 Integer Overflow in apply_relocations in readelf.c in GNU Binutils 2.32 Cross Site Scripting (XSS) Vulnerability in Cloudera Manager Office Online Cross-Origin Communication Spoofing Vulnerability Directory Traversal Vulnerability in Repetier-Server 0.8 through 0.91 Allows Remote Code Execution Remote Code Execution via XML Data Structure Validation Bypass in Repetier-Server 0.8 through 0.91 Directory Traversal Vulnerability in Sigil before 0.9.16 Privilege Escalation via Modified Domus and Logged Fields in Comelit App lejos de casa (web) 2.8.0 Vertical Privilege Escalation in SuiteCRM 7.11.x and 7.10.x Stored XSS Vulnerability in Opengear Console Server Firmware Releases Prior to 4.5.0 Stack-based Buffer Overflow in VIVOTEK IP Camera Devices with Firmware Before 0x20x via Crafted HTTP Header Denial of Service Vulnerability in VIVOTEK IP Camera Devices Integer Overflow Vulnerability in nfdump 1.6.17 and Earlier: Remote Denial of Service Memory Disclosure Vulnerability in Microsoft Excel Out-of-Bounds Read Vulnerability in libmodbus (VD-1302) Out-of-Bounds Read Vulnerability in libmodbus (VD-1301) Heap-Based Buffer Overflow in XMFile::read in MilkyTracker 1.02.00 Heap-Based Buffer Overflow in fmt_mtm_load_song() Function in Schism Tracker 20190722 Vulnerability: PHP Object Injection in GOsa_Filter_Settings Cookie Remote Code Execution Vulnerability in Social Photo Gallery Plugin for WordPress Buffer Overflow Vulnerability in GnuCOBOL 2.2 via Crafted COBOL Source Code Stored Cross-Site Scripting (XSS) Vulnerability in Nexus Repository Manager before 3.18.0 Office Online Cross-Origin Communication Spoofing Vulnerability XSS Vulnerability in UserPro Plugin for WordPress via Instagram PHP API XSS Vulnerability in TestLink 1.9.19 via error.php message parameter XSS Vulnerability in Zurmo 3.2.7-2 via app/index.php/zurmo/default PATH_INFO Authentication Bypass and Privilege Escalation Vulnerability in eQ-3 Homematic CCU2 and CCU3 Denial of Service Vulnerability in eQ-3 Homematic CCU3 3.47.15 and Prior Authentication Bypass and Unauthorized Access in eQ-3 Homematic CCU2 and CCU3 Server-Side Request Forgery (SSRF) Vulnerability in AdRem NetCrunch 10.6.0.4587: Unauthorized SMB Requests Improper Credential Storage in AdRem NetCrunch 10.6.0.4587 Stored Cross-Site Scripting (XSS) Vulnerability in AdRem NetCrunch 10.6.0.4587 Web Client Remote Code Execution Vulnerability in AdRem NetCrunch 10.6.0.4587 Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Improper Session Handling in AdRem NetCrunch 10.6.0.4587 Web Client: Authentication Bypass and Privilege Escalation Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in AdRem NetCrunch 10.6.0.4587 Web Client Allows Account Takeover Hardcoded SSL Private Key Vulnerability in AdRem NetCrunch 10.6.0.4587 Credentials Disclosure in AdRem NetCrunch 10.6.0.4587 Buffer Overflow Vulnerability in GnuCOBOL 2.2 via Crafted COBOL Source Code Microsoft Office ClickToRun Security Feature Bypass Vulnerability Out of Bounds Read Vulnerability in OpenCV's cv::predictOrdered<cv::HaarEvaluator> Function Out of Bounds Read/Write Vulnerability in OpenCV's HaarEvaluator::OptFeature::calc Function NULL pointer dereference in cv::XMLParser::parse function Divide-by-Zero Error in SplashOutputDev::tilingPatternFill Out-of-Bounds Write Vulnerability in 3proxy WebAdmin Interface Stack-Based Buffer Overflow in LoaderXM::load in MilkyTracker 1.02.00 Heap-Based Buffer Overflow in ModuleEditor::convertInstrument in MilkyTracker 1.02.00 Divide-by-Zero Vulnerability in VLC Media Player 3.0.7.1 Vulnerability: Privilege Escalation via LAN Cache Feature in Kaseya VSA RMM Default Configuration of Sphinx Technologies Sphinx 3.1.1 Exposes Unauthenticated Access Cross-Site Scripting (XSS) Vulnerability in LimeSurvey 3.17.7+190627 Improper Bounds Checking in Dnsmasq Allows Remote Code Execution Arbitrary Command Execution Vulnerability in Microvirt MEmu Lack of SSL Certificate Validation in mAadhaar Android App 1.2.7 Allows Man-in-the-Middle Attacks on FAQs and Help Requests XSS Vulnerability in pandao Editor.md 1.5.0 via Javas&#99;ript: String Cross-Site Scripting (XSS) Vulnerability in Evolution CMS 2.0.x via Description and New Category Location in Template Path Traversal Vulnerability in EMCA Energy Logserver 6.1.2 Logo File Upload Feature Integer Underflow in Amiga Oktalyzer Parser of Schism Tracker Heap-based Buffer Overflow in Schism Tracker through 20190722 via Large Number of Song Patterns in fmt_mtm_load_song Sensitive Value Exposure in Octopus Deploy Cross-Site Request Forgery Token Bypass Vulnerability in NETGEAR Nighthawk M1 (MR1100) Devices Command Execution Vulnerability on NETGEAR Nighthawk M1 (MR1100) Devices Heap-Based Buffer Overflow in GnuCOBOL 2.2's read_literal Function SQL Injection Vulnerability in OpenEMR before 5.0.2 in save.php Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Arbitrary File Download and Potential File Deletion in OpenEMR Out of Bounds Read Vulnerability in The Sleuth Kit (TSK) 4.6.6 Off-by-one Underflow Vulnerability in The Sleuth Kit (TSK) 4.6.6 Use-After-Free Vulnerability in VLC Media Player's Control Function NULL Pointer Dereference Vulnerability in VideoLAN VLC Media Player 3.0.7.1 Divide-by-Zero Vulnerability in VideoLAN VLC Media Player 3.0.7.1 Type Juggling Vulnerability in YOURLS API Component Allows Login Bypass Symlink Exploitation in Windows User Profile Service: Elevation of Privilege Vulnerability Polymorphic Typing Vulnerability in FasterXML jackson-databind Stack-Based Buffer Overflow in GnuCOBOL 2.2's cb_encode_program_id Lack of Permission Checks in Gogs 0.11.86 API Routes Stored XSS Vulnerability in EspoCRM Allows for Cookie Theft Stored XSS via Malicious Filename in EspoCRM Attachment Stored XSS Vulnerability in EspoCRM Allows for Cookie Theft Stored XSS in Title and Breadcrumb of EspoCRM Entities Stored XSS Vulnerability in EspoCRM Edit Dashboard Feature Arbitrary Code Execution via Cross-Origin /install Request in Das Q (before 2019-08-02) EDK II Vulnerability: Privileged User Information Disclosure via Network Access BIOS Firmware Vulnerability in Intel Processors: Local Denial of Service Exploit Critical Buffer Overflow Vulnerability in Intel BIOS Firmware for 8th-10th Generation Processors BIOS Firmware Vulnerability: Denial of Service via Adjacent Access in Intel Processors Unauthenticated Denial of Service Vulnerability in EDK II OpenType Font Parsing Remote Code Execution Vulnerability DxeImageVerificationHandler() Integer Overflow Vulnerability Integer Truncation Vulnerability in EDK II: Local Privilege Escalation Vulnerability in Intel(R) SGX SDK Allows Information Disclosure and Privilege Escalation Intel(R) SGX SDK Multiple Versions Local Access Vulnerability Privilege Escalation Vulnerability in Intel(R) RST (before version 17.7.0.1006) Vulnerability: Pointer Corruption in Intel(R) NUC System Firmware Excel Macro Security Bypass Vulnerability Intel(R) NUC System Firmware Memory Corruption Vulnerability Denial of Service Vulnerability in Intel Graphics Driver Subsystem Potential Privilege Escalation Vulnerability in DxeImageVerificationHandler() for EDK II Win32k Elevation of Privilege Vulnerability Null Pointer Dereference Vulnerability in Tianocore EDK2 EDK II Use After Free Vulnerability: Potential for Privilege Escalation, Information Disclosure, and Denial of Service Denial of Service Vulnerability in EDK II via Adjacent Access Improper Access Control in Intel Graphics Driver API: Potential Information Disclosure Denial of Service Vulnerability in Intel(R) Graphics Driver API Improper Access Control in Intel Chipset Device Software INF Utility Installer: Potential Denial of Service Vulnerability Authentication Bypass Vulnerability in Intel(R) CSME Subsystem Unquoted Service Path Vulnerability in Control Center-I Version 2.1.0.0 and Earlier Outlook for Android Email Spoofing Vulnerability Uncontrolled Search Path Element Vulnerability in Intel(R) SNMP Subagent Stand-Alone Installer Privilege Escalation Vulnerability in Intel(R) RWC 3 Installer Privilege Escalation Vulnerability in Nuvoton CIR Driver Installer Privilege Escalation Vulnerability in Intel® Quartus® Prime Pro Edition License Server Installer FPGA Kernel Driver Null Pointer Dereference Vulnerability Privilege Escalation Vulnerability in Intel(R) SCS Platform Discovery Utility Installer Vulnerability: Improper Conditions Check in Multiple Intel® Processors Buffer Overflow Vulnerability in Intel(R) NUC(R) Firmware Allows Privilege Escalation Privilege Escalation Vulnerability in Intel(R) NUC(R) Firmware Memory Object Handling Vulnerability in Microsoft Word Firmware Vulnerability in Intel(R) NUC(R) Allows Local Privilege Escalation Firmware Integer Overflow Vulnerability in Intel(R) NUC(R) Enables Local Privilege Escalation Escalation of Privilege Vulnerability in Intel(R) NUC(R) Firmware Privilege Escalation Vulnerability in Intel(R) VTune(TM) Amplifier for Windows* Intel Processor Graphics: Insufficient Control Flow Vulnerability PowerPoint Object Memory Handling Remote Code Execution Vulnerability Denial of Service Vulnerability in Intel(R) Wireless Bluetooth(R) Products Improper Access Control in On-Card Storage of Intel® FPGA Programmable Acceleration Card N3000: Potential Denial of Service Vulnerability Improper Access Control in Intel® FPGA Programmable Acceleration Card N3000 PCIe Function Improper Permissions in Intel(R) DAAL: Potential Information Disclosure via Local Access Microsoft Access Memory Object Handling Vulnerability Unauthenticated Information Disclosure Vulnerability in Intel(R) Thunderbolt(TM) Controllers Memory Disclosure Vulnerability in Microsoft Excel Windows GDI Memory Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in Amazon AWS JavaScript S3 Explorer XSS Vulnerability in pandao Editor.md 1.5.0 via ABBR or SUP Element Attribute Remote Code Execution Vulnerability in Joomla! 3.9.7 and 3.9.8 Vulnerability: Unauthorized Admin Access via User Account in Yealink Phones Arbitrary Code Execution and Password Replacement Vulnerability in Yealink Phones Windows GDI Memory Disclosure Vulnerability Stack-Based Buffer Overflow in Brandy 1.20.1's fileio_openout Function Stack-Based Buffer Overflow in Brandy 1.20.1's fileio_openin Function via Crafted BASIC Source Code Vulnerability: Sub-part Wrapping Attack in Enigmail Heap-Based Buffer Overflow in Brandy 1.20.1's define_array Function via Crafted BASIC Source Code Account Takeover via GLPI Autocompletion Feature Multiple Stored XSS Vulnerabilities in Firefly III 4.7.17.4 Stored XSS Vulnerability in Firefly III 4.7.17.3 Transaction Description Field Stored XSS vulnerability in Firefly III 4.7.17.3 via unfiltered user-supplied data in asset account name Windows GDI Memory Disclosure Vulnerability Stored XSS vulnerability in Firefly III 4.7.17.3 via unfiltered user input in bill name field Local File Enumeration Vulnerability in Firefly III 4.7.17.3 Stored XSS vulnerability in Firefly III 4.7.17.5 via unfiltered user input in liability name field SAS XML Mapper 9.45 XML External Entity (XXE) Vulnerability CSRF Vulnerability in ARPrice Lite Plugin 2.2 for WordPress Win32k Graphics Remote Code Execution Vulnerability CSRF Vulnerability in Admin Renamer Extended Plugin 3.2.1 for WordPress CSRF Vulnerability in Deny All Firewall Plugin for WordPress CSRF Vulnerability in ACF: Better Search Plugin for WordPress CSRF Vulnerability in Import users from CSV with meta Plugin for WordPress DLL Hijacking Vulnerability in Trend Micro Password Manager 5.0 Local Privilege Escalation Vulnerability in Trend Micro Security 2019 (v15.0) Trend Micro Security 2019 DLL Hijacking Vulnerability DLL Hijacking Vulnerability in Trend Micro Password Manager 5.0 Repackaged Trend Micro Installers Vulnerable to DLL Hijack Exploit during Initial Product Installation Kernel Information Disclosure Vulnerability in Win32k Component Heap-Based Buffer Overflow in AdPlug 2.3.1 CxadbmfPlayer::__bmf_convert_stream() Heap-Based Buffer Overflow in AdPlug 2.3.1's CdtmLoader::load() Function Heap-Based Buffer Overflow in AdPlug 2.3.1's CmkjPlayer::load() Function Zoho ManageEngine AssetExplorer 6.2.0 XML External Entity Injection (XXE) Vulnerability Use-After-Free Vulnerability in Comodo Antivirus Sandbox Container SQL Injection Vulnerability in Sygnoos Popup Builder Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Open-School 3.0 and Community Edition 2.3 via osv/index.php?r=students/guardians/create id Parameter Vulnerability: Out-of-Bounds Writes in musl libc through 1.1.23 Buffer Overflow Vulnerability in MicroDigital N-Series Cameras OS Command Injection in MicroDigital N-series Cameras: Remote Code Execution as Root Windows Hyper-V Information Disclosure Vulnerability Arbitrary File Disclosure via Path Traversal in MicroDigital N-series Cameras Path Traversal Denial of Service Vulnerability in MicroDigital N-series Cameras SQL Injection Vulnerabilities in MicroDigital N-Series Cameras: Exploiting HTTPD for Unauthorized Admin Account Creation CSRF Vulnerability Allows Unauthorized Creation of Admin Account in MicroDigital N-Series Cameras SSRF Vulnerability in MicroDigital N-Series Cameras Improper Access Control Allows Unauthorized Admin Access on MicroDigital N-Series Cameras Buffer Overflow Vulnerability in MicroDigital N-Series Cameras Insecure Firmware Update Process Allows Remote Code Execution on MicroDigital N-Series Cameras Buffer Overflow Vulnerability in MicroDigital N-Series Cameras Cleartext Password Storage Vulnerability in MicroDigital N-Series Cameras Hyper-V Remote Code Execution Vulnerability Race Condition Vulnerability in Verifone MX900 Series Pinpad Payment Terminals with OS 30251000 Bypassing Integrity and Origin Control in Verifone VerixV Pinpad Payment Terminals Vulnerability: Unsigned Package Installation in Verifone MX900 Series Pinpad Payment Terminals Undocumented Physical Access Vulnerability in Verifone Pinpad Payment Terminals Undocumented Physical Access Mode in Verifone VerixV Pinpad Payment Terminals: The VerixV Shell.out Vulnerability Buffer Overflow Vulnerability in Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 Insecure Permissions in Verifone MX900 Series Pinpad Payment Terminals: Arbitrary Command Injection and Privilege Escalation Arbitrary Command Injection Vulnerability in Verifone MX900 Series Pinpad Payment Terminals Windows Kernel Object Memory Handling Vulnerability Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Removal of Users from phpMyAdmin Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Deletion of Email Forwarding Destinations Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Deletion of E-mail Accounts Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Email Forwarding Modification Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized DNS Record Access and Deletion Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Email Password Change Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Email Forwarding Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Sub-Domain Deletion Insecure Object Reference Vulnerability in CentOS Web Panel 0.9.8.851 Allows Unauthorized Domain Deletion Stored XSS Vulnerability in ZenTao 11.5.1 Allows Cookie Capture via Rich Text Box Heap-based Buffer Overflows in AdPlug 2.3.1's Ca2mLoader::load() Function Heap-Based Buffer Overflows in AdPlug 2.3.1's CradLoader::load() Function Heap-Based Buffer Overflows in AdPlug 2.3.1's CmtkLoader::load() Function Critical Security Vulnerability: Insecure Permissions in Ubisoft Uplay 92.0.0.6280 Windows Kernel Object Memory Handling Vulnerability Privilege Escalation Vulnerability in Valve Steam Client for Windows KDE Frameworks KConfig Code Execution via Malicious Desktop Files Command Injection Vulnerability in radare2 bin_symbols() Function KuaiFanCMS 5.0 - Remote Code Execution via eval Injection in install.php Stored XSS Vulnerability in DWSurvey's Survey Design Copy Functionality Persistent XSS vulnerability in osTicket file-upload functionality CSV Injection in osTicket Export Spreadsheets Stored XSS in firstname and lastname fields of osTicket setup/install.php NLTK Downloader Directory Traversal Vulnerability Cross-Site Scripting (XSS) Vulnerability in SuiteCRM 7.10.x and 7.11.x Buffer Overflow Vulnerability in SICK FX0-GPNT00000 and FX0-GENT00000 Devices (3.4.0) SQL Injection Vulnerability in Open-School 3.0 and Community Edition 2.3 via index.php?r=students/students/document id parameter Unrestricted File Upload Vulnerability in Leaf Admin 61.9.0212.10 f KaiOS Email Application HTML and JavaScript Injection Vulnerability HTML and JavaScript Injection Vulnerability in KaiOS Contacts Application HTML and JavaScript Injection Vulnerability in KaiOS File Manager Application KaiOS Radio Application HTML and JavaScript Injection Vulnerability Windows AppX Deployment Service (AppXSVC) Hard Link Elevation of Privilege Vulnerability HTML and JavaScript Injection Vulnerability in KaiOS Recorder Application HTML and JavaScript Injection Vulnerability in KaiOS Note Application Double-locking error in drivers/usb/dwc3/gadget.c leading to potential deadlock with f_hid Improper Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows unauthorized administrative access Path Traversal Vulnerability in DIMO YellowBox CRM File Browser Arbitrary File Download Vulnerability in DIMO YellowBox CRM Arbitrary File Upload and Remote Code Execution in DIMO YellowBox CRM Insufficient Output Filtering in Block Labels in Backdrop CMS Windows Printer Service File Path Validation Vulnerability Arbitrary JavaScript Execution in Backdrop CMS Administration Bar Arbitrary Code Execution through Configuration Archive Upload in Backdrop CMS XSS Vulnerability in Verdaccio before 3.12.0 Arbitrary Post Deletion Vulnerability in Woody ad snippets Plugin Cross-Site Scripting (XSS) Vulnerability in woo-variation-swatches Plugin for WordPress Heap-Based Buffer Over-Read Vulnerability in VLC Media Player 3.0.7.1 via Crafted .mkv File Use-after-free vulnerability in VLC media player 3.0.7.1's Control function in demux/mkv/mkv.cpp Use-after-free vulnerability in VLC media player 3.0.7.1's mkv::virtual_segment_c::seek method Windows COM Server Elevation of Privilege Vulnerability Session Hijacking and Password Extraction in CentOS Web Panel (CWP) 0.9.8.856-0.9.8.864 Privilege Escalation Vulnerability in Samsung FotaAgent (SVE-2019-14764) XSS Vulnerability in CP Contact Form with PayPal Plugin for WordPress XSS Vulnerability in CP Contact Form with PayPal Plugin for WordPress Vulnerability: Rank Math SEO Plugin 1.0.27 for WordPress Settings Reset via admin-post.php Parameter Cross-Site Scripting (XSS) Vulnerability in Tribulant Newsletters Plugin for WordPress Directory Traversal and Remote PHP Code Execution in Tribulant Newsletters Plugin for WordPress XSS Vulnerability in Custom 404 Pro Plugin 3.2.8 for WordPress Cross-Site Scripting (XSS) Vulnerability in Limb-Gallery Plugin 1.4.0 for WordPress XSS Vulnerability in Appointment Booking Calendar Plugin 1.3.18 for WordPress Cross-Site Scripting (XSS) Vulnerability in WP Google Maps Plugin File Deletion Vulnerability in Meta Box Plugin for WordPress File Upload Vulnerability in Meta Box Plugin for WordPress XSS Vulnerability in Toggle-The-Title WordPress Plugin 1.4 XSS Vulnerability in Woocommerce Products Price Bulk Edit Plugin for WordPress Authenticated Stored XSS Vulnerability in 10Web Photo Gallery Plugin for WordPress Authenticated Local File Inclusion Vulnerability in 10Web Photo Gallery Plugin for WordPress Email Subscription XSS Vulnerability in FV Flowplayer Video Player Plugin for WordPress Windows Media Player Memory Object Handling Vulnerability Information Disclosure Vulnerability in FV Flowplayer Video Player Plugin for WordPress SQL Injection Vulnerability in FV Flowplayer Video Player Plugin for WordPress Unintended Environment Variable Disclosure in HashiCorp Nomad Template Rendering (GHSA-6hv3-7c34-4hx8) Cross-Site Scripting (XSS) Vulnerability in UNA 10.0.0-RC1 via System Name Field in Email Template Editing Cross-Site Scripting (XSS) Vulnerability in UNA 10.0.0-RC1 via System Name Field in Sets Insufficient Debugger PIN Randomness in Pallets Werkzeug with Docker XSS Vulnerability in MobileFrontend Extension's Edit Summary Field Unencrypted Transmission of Personal Data in RENPHO iOS App Authorization Bypass Vulnerability in Go's net/url Library Windows Media Player Memory Object Handling Vulnerability Race Condition Vulnerability in EOS Label Distribution Protocol (LDP) Implementation Privilege Escalation in Ghostscript: Bypassing Security Restrictions Insecure Privileged Calls in Ghostscript Enable Script Bypass Insecure Privileged Calls in Ghostscript: Bypassing Security Restrictions Heap-based Buffer Overflow in Marvell WiFi Chip Driver in Linux Kernel Heap Overflow Vulnerability in Marvell Wifi Driver Heap-based Buffer Overflow in Marvell WiFi Chip Driver in Linux Kernel Privilege Escalation Vulnerability in Ghostscript Memory Leak and Denial of Service Vulnerability in DPDK Privilege Escalation Vulnerability in OpenShift Container Platform 3.x Keycloak Internal Adapter Endpoint Exposure Vulnerability Out-of-Bounds Access Vulnerability in Linux Kernel's KVM Hypervisor Privilege Escalation Vulnerability in ibus Implicit Trust of Root Certificate in Leaf and Chain OCSP Policy Implementation in JSS' CryptoManager Vulnerability: Unauthorized Access to Private Attributes in 389-ds-base Plugin Cleartext Password Storage Vulnerability in Katello Session Cookie Retention Vulnerability in FreeIPA 4.5.0 and Later JavaScript Injection Vulnerability in Moodle Mustache Templates User Role Assignment Vulnerability in Moodle Versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7, and Earlier Unsupported Versions Activity Creation Capabilities Bypass in Moodle Windows AppX Deployment Server Junction Handling Elevation of Privilege Vulnerability Open Redirect Vulnerability in Moodle Mobile Launch Endpoint Open Redirect Vulnerability in Moodle's Forum Subscribe Link Unauthorized User Access Vulnerability in Keycloak REST API Samba Password Complexity Check Bypass Vulnerability Memory Leak Vulnerability in dnsmasq Allows Remote DoS Buffer Overflow Vulnerability in Linux Kernel's vhost Functionality 3scale Dev Portal Login CSRF Vulnerability Domain-based Password Reset Vulnerability in Keycloak Unauthorized Modification of Server Runtime State Vulnerability Sensitive Information Disclosure in Business-Central Console Login Windows OLE Remote Code Execution Vulnerability Auto-complete Enabled in RHDM HTML Form Fields: A Potential Credential Leak Vulnerability Role Manipulation Vulnerability in RHDM Allows Unauthorized Admin Privileges Vulnerability: Arbitrary Code Execution via Structured Reply in NBD Protocol Unauthorized Access Vulnerability in Wildfly Security Manager Kerberos Client Crash Vulnerability in Fedora Versions OpenShift Builds TLS Hostname Verification Bypass Vulnerability Credential Disclosure Vulnerability in Ansible Engine Logging Denial of Service Vulnerability in Samba AD DC LDAP Server via Dirsync Unprotected User Session Cookie in 3scale Before Version 2.6 VBScript Engine Memory Object Handling Remote Code Execution Vulnerability Denial of Service Vulnerability in nbdkit 1.12.7, 1.14.1, and 1.15.1 Denial of Service Vulnerability in nbdkit Versions 1.12.7, 1.14.1, and 1.15.1 Vulnerability: TLS 1.0 Protocol Weakness in 3scale's APIcast Gateway Denial of Service Vulnerability in python-ecdsa before 0.13.3 Insecure Secret Data Exposure in OpenShift Container Platform 4 Vulnerability: SHA-1 Collision Attack Allows Forged Certificate Signatures Vulnerability in Ansible versions 2.8.6, 2.7.14, 2.6.20 allows None-based attack Open Redirect Vulnerability in mod_auth_openidc Vulnerability: Information Leakage in Ansible Engine and Ansible Tower Malleable Signature Vulnerability in python-ecdsa Visual Studio Live Share URL Redirection Vulnerability Syndesis Misconfiguration Allows for Cross-Origin Resource Sharing (CORS) Vulnerability Samba DNS Record Injection Vulnerability Unvalidated Data Delivery Vulnerability in Knockout.js Unvalidated Data Delivery Vulnerability in Angular Versions Before 1.5.0-beta.0 Sensitive Data Disclosure in Ansible Callback Plugins Grub2-set-bootflag Utility Truncation Vulnerability Insecure File Permissions in cpio TAR Archive Generation Vulnerability in IPA Server's ber_scanf() Function Allows for Remote Code Execution Remote Code Execution Vulnerability in ksh Version 20120801 Privilege Escalation Vulnerability in Ghostscript MSAL Android App Information Disclosure Vulnerability Samba AD DC S4U2Self Kerberos Delegation Vulnerability Memory Allocation Vulnerability in REENT_CHECK Macro NULL Pointer Dereference Vulnerability in _dtoa_r Function of newlib libc Library Null Pointer Dereference Bug in Balloc Function of newlib libc Library Null Pointer Dereference Bug in Balloc Function of newlib libc Library Null Pointer Dereference Bug in multiply function of newlib libc library Null Pointer Dereference Bug in Balloc Function of newlib libc Library Null Pointer Dereference Vulnerability in Balloc Function of newlib libc Library Null Pointer Dereference Bug in Balloc Function of newlib libc Library Cohort Role Assignment Vulnerability in Moodle Buffer Handling Vulnerability in Microsoft Defender Insufficient Email Address Verification in Moodle OAuth 2 Providers Blind XSS Vulnerability in Moodle 3.7 before 3.7.3 Open Redirect Vulnerability in Moodle Lesson Edit Page Token Leakage in Moodle Email Notifications Reflected XSS Vulnerability in Moodle 3.7 and Earlier Versions Vulnerability: Information Disclosure in JBoss EAP Vault System Insecure Storage of Encoded Passwords in Business-Central OpenSSL-Wildfly Connection Downgrade Vulnerability Undertow HTTP Server Denial of Service (DOS) Vulnerability Arbitrary Command Injection Vulnerability in libssh's ssh_scp_new() Function Windows Remote Desktop Protocol Information Disclosure Vulnerability Insecure Storage of Credentials in Ansible Tower License Application Memory Cgroup Containment Vulnerability in cri-o Allows Host Network Access Polymorphic Deserialization Vulnerability in Jackson-databind Arbitrary Code Execution Vulnerability in FasterXML jackson-databind Remote Code Execution Vulnerability in CloudForms Management Engine Heap-based Buffer Overflow in Marvell WiFi Chip Driver Heap-based Buffer Overflow Vulnerability in Marvell WiFi Chip Driver in Linux Kernel 2.6.32 Marvell WiFi Chip Driver Stack-Based Buffer Overflow Vulnerability Incomplete Fix for Race Condition Vulnerability in Linux Kernel (CVE-2019-11599) VPN Hijacking Vulnerability: Exploiting TCP Stream Injection Skype for Business Server Spoofing Vulnerability SQL Injection Vulnerability in Hibernate ORM Marvell WiFi Chip Driver Heap Overflow Vulnerability Samba Subtree Modification Vulnerability Arbitrary Command Execution Vulnerability in Ansible's solaris_zone Module Ansible Engine Vulnerability: OS Command Injection in nxos_file_copy Module Heap-based Buffer Overflow Vulnerability in Red Hat SDL Packages Samba Vulnerability: Remote Code Execution via NTLMSSP Authentication Exchange Keycloak 7.x User Federation LDAP Anonymous Bind Vulnerability LDAP StartTLS Vulnerability in Keycloak 7.x Reflected XSS Vulnerability in PRiSE adAS 1.7.0 OPENSSO Module Open Redirect Vulnerability in PRiSE adAS 1.7.0 Persistent XSS Vulnerability in PRiSE adAS 1.7.0 Administration Panel Arbitrary File Read and Deletion via Directory Traversal in PRiSE adAS 1.7.0 XSS Vulnerability in PRiSE adAS 1.7.0: Unescaped Certificate Data Unrestricted File Upload Vulnerability in PRiSE adAS 1.7.0 Arbitrary Code Execution via XSS in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 Vulnerability: Exposed Telnet Service with Hardcoded Credentials on Billion Smart Energy Router SG600R2 Root Privilege Escalation via Hidden Shell Feature in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 Remote Command Execution in EyesOfNetwork 5.1 via Shell Metacharacters in module/tool_all/host Field Insecure File Movement Vulnerability in GCDWebServer Insecure Permission Assignment Allows Unauthorized Access to Sensitive RTU Data Hard-coded SSH Keys Vulnerability in Mitsubishi Electric and INEA ME-RTU Devices Unauthenticated Remote Configuration Download Vulnerability in Mitsubishi Electric and INEA ME-RTU Devices Stored Cross-Site Scripting (XSS) Vulnerabilities in Mitsubishi Electric and INEA ME-RTU Devices Weak Credentials Management on Mitsubishi Electric ME-RTU and INEA ME-RTU Devices: Exposed Password Credentials Vulnerability Undocumented Hard-Coded User Passwords and Privilege Escalation Vulnerability in Mitsubishi Electric ME-RTU and INEA ME-RTU Devices Unauthenticated Remote OS Command Injection in Mitsubishi Electric ME-RTU and INEA ME-RTU Devices Remote Access to Candidates' Personal Information in Humanica Humatrix 7 Recruitment Module CSRF Vulnerability in Bagisto 0.1.5 Admin URIs Out-of-Bounds Write Vulnerability in PDFResurrect Insecure Permissions in 3CX Phone 15 on Windows: Privilege Escalation Vulnerability Easy!Appointments 1.3.2 Plugin for WordPress - Sensitive Information Disclosure (Username and Password Hash) Vulnerability Time-based SQL Injection in REDCap Edit Calendar Event Default Openness of LOAD DATA LOCAL INFILE Option in mysqljs Module for Node.js Crash Vulnerability in Storage Performance Development Kit (SPDK) vhost Target Uncontrolled Memory Allocation Vulnerability in SHAREit 4.0.6.177 Cleartext HTTP Cookie Vulnerability in GitLab Pages Hard-coded Credentials Vulnerability in GitLab Community and Enterprise Edition 12.0 through 12.1.4 Command-line Injection Vulnerability in GitLab Community and Enterprise Edition XSS Vulnerability in Ultimate Member Plugin for WordPress (Version < 2.0.54) XSS Vulnerability in Ultimate Member Plugin for WordPress (Versions before 2.0.52) XSS Vulnerability in Ultimate Member Plugin for WordPress Account Upgrade XSS Vulnerability in woocommerce-product-addon Plugin for WordPress XSS Vulnerability in wp-database-backup Plugin for WordPress (Version 5.1.2 and earlier) XSS Vulnerability in wp-live-chat-support Plugin: Exploiting the GDPR Page Incorrect Protection Mechanism in Telenav Scout GPS Link App for iOS Enables Brute-Force Attacks on Authentication Process Possible XSS Vulnerability in JetBrains YouTrack Versions Before 2019.1.52584 Possible XSS Vulnerability in JetBrains YouTrack Versions Before 2019.2.53938 via Issue Attachments in Firefox Browser Cleartext HTTP Connection Vulnerability in JetBrains IntelliJ IDEA Lack of Password Expiration and Forced Password Change in Earlier Versions of JetBrains Hub Improper Access Control in JetBrains YouTrack before 2019.2.53938 Vulnerability: Sensitive Project Data Stored in Publicly Accessible GitHub Repository Uncontrolled Memory Allocation Vulnerability in JetBrains PyCharm Cleartext HTTP Connection Vulnerability in JetBrains Toolbox Unsigned DLL File Vulnerability in JetBrains Rider XSS Vulnerability in JetBrains Upsource before 2019.1.1412 Server Side Template Injection (SSTI) Vulnerability in Frappe Framework 10-12 Authenticated SQL Injection in Frappe Framework 10-12 (before 12.0.4) Cross-Site Scripting (XSS) Vulnerability in Frappe Framework 10, 11, and 12 SQL Injection in imcat 4.9 via index.php order parameter in mod=faqs action Insecure Permissions and Impersonation Vulnerability in Netwrix Auditor Heap-based Buffer Overflow in mkv::event_thread_t in VideoLAN VLC Media Player 3.0.7.1 Integer Overflow Vulnerability in LibTIFF's _TIFFCheckMalloc and _TIFFCheckRealloc Functions Cross-Site Scripting (XSS) Vulnerability in SugarCRM Enterprise 9.0.0 Heap-Based Buffer Over-read in Artifex MuPDF XSS Vulnerability in iCMS 7.0.15 via admincp.php?app=apps and keywords parameter Parameter Tampering Vulnerability in WooCommerce PayU India Payment Gateway Plugin 2.1.1 Parameter Tampering Vulnerability in WooCommerce PayPal Checkout Payment Gateway Plugin 1.6.17 Use After Free Vulnerability in ImageMagick's UnmapBlob Function Divide-by-Zero Denial of Service Vulnerability in ImageMagick's MeanShiftImage Function Integer Overflow Vulnerability in Exiv2's WebPImage::getHeaderOffset Function Remote Code Execution in eQ-3 Homematic CCU2 and CCU3 with XML-API AddOn Remote Code Execution in eQ-3 Homematic CCU2 and CCU3 with CUxD AddOn Unauthenticated Administrative Operations in eQ-3 Homematic CCU2 and CCU3 with CUxD AddOn XSS Vulnerability in Adive Framework 2.0.7: Create New Table and Create New Navigation Link Functions Denial of Service Vulnerability in Istio's Regular Expression Handling Arbitrary Issue Viewing Vulnerability in Atlassian Jira Service Desk Information Disclosure Vulnerability in Jira's /rest/api/1.0/render Resource Cross-Site Scripting (XSS) Vulnerability in Jira FilterPickerPopup.jspa Resource Information Exposure through Caching Vulnerability in Jira AccessLogFilter CSRF Protection Bypass via Cookie Tossing in Jira CSRF Vulnerability in Atlassian Universal Plugin Manager Arbitrary File Read and Command Execution Vulnerability in Bitbucket Server and Data Center Jira Importers Plugin Template Injection Vulnerability Arbitrary Issue Viewing Vulnerability in Atlassian Jira Service Desk Arbitrary Issue Viewing Vulnerability in Atlassian Jira Service Desk Unprivileged User Email Scanning Vulnerability in Atlassian Troubleshooting and Support Tools Plugin Confluence Previews Plugin Man-in-the-Middle (MITM) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Review Resource Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Improper Authorization Vulnerability in Atlassian Fisheye and Crucible Allows Unauthorized Removal of User's Favourite Setting Remote Code Execution Vulnerability in Bitbucket Server and Bitbucket Data Center Information Disclosure Vulnerability in ListEntityLinksServlet Remote Code Execution via edit-file request in Bitbucket Server and Bitbucket Data Center Unauthenticated Remote Attackers Can Remove Configured Issue Status in Jira Zingbox Inspector Command Injection Vulnerability Hardcoded Credentials Vulnerability in Zingbox Inspector SQL Injection Vulnerability in Zingbox Inspector Management Interface Vulnerability: Hardcoded Credentials in Zingbox Inspector SSH Service Unauthenticated Binding Vulnerability in Zingbox Inspector Zingbox Inspector Software Update Image Vulnerability Command Injection Vulnerability in Zingbox Inspector Versions 1.293 and Earlier Zingbox Inspector Local Area Network Identification Vulnerability ARP Spoofing Vulnerability in Zingbox Inspector Versions 1.294 and Earlier Cleartext Password Storage Vulnerability in Zingbox Inspector Versions 1.294 and Earlier Arbitrary File Write Vulnerability in ClickHouse SQL Injection Vulnerability in Ninja Forms Plugin for WordPress Stack-Based Buffer Over-Read Vulnerability in memcached 1.5.16 Arbitrary Command Execution Vulnerability in MediaTek eMMC Subsystem for Android on MT65xx, MT66xx, and MT8163 SoC Devices Inadequate Checks in Joomla! com_contact Enable Mail Submission in Disabled Forms Arbitrary Command Execution in FusionPBX 4.4.8 via service_edit.php Facility Unavailable Exception Vulnerability in Linux Kernel on PowerPC Platform Vector Register Leakage Vulnerability in Linux Kernel on PowerPC Platform Information Disclosure in Pydio 6.0.8 via Unauthenticated Directory Uploads Authenticated SSRF in Pydio 6.0.8 Remote Link Feature Buffer Overflow in QEMU 4.0.0: Insufficient Allocation in Bochs Display Driver Confidential Server-level Data Exposure in JetBrains TeamCity 2018.2.4 Arbitrary Command Execution Vulnerability in JetBrains TeamCity 2018.2.4 Multiple XSS Vulnerabilities in JetBrains TeamCity 2018.2.4 Security Vulnerability: Lack of Security-Related HTTP Headers in JetBrains TeamCity 2018.2.4 Remote Code Execution Vulnerability in JetBrains TeamCity 2018.2.4 CSRF Vulnerability in JetBrains YouTrack Settings Page (pre-2019.1) Unbounded URL Whitelisting Vulnerability in JetBrains YouTrack Unvalidated SSL Certificate Vulnerability in JetBrains TeamCity 2018.2.4 Unauthenticated Denial of Service Vulnerability in Grafana User Enumeration Vulnerability in Zoho ManageEngine ServiceDesk Plus 10 Unauthenticated Sensitive Information Leakage in Zoho ManageEngine ServiceDesk Plus 10 before 10509 during Fail Over Service (FOS) Replication (SD-79989) Heap-based Buffer Over-read in AP4_BitReader::SkipBits function Heap-based Buffer Overflow in AP4_RtpAtom Class Heap-based Buffer Over-read in AP4_Dec3Atom Class Heap-based Buffer Over-read in AP4_AvccAtom Class Command Injection Vulnerability in Softing uaGate Firmware Credential Leakage in Gradle HTTP Client Bypassing XSS Protection in Confluence Server via HTML Include and Replace Macro Plugin Cross-Site Scripting (XSS) Vulnerabilities in Mailbird before 2.7.5.0 r Arbitrary File Deletion and Unauthorized Access in MikroTik RouterOS Heap-Based Buffer Over-Read in stb_image.h (2.23): Information Disclosure and Denial of Service Vulnerability Unauthenticated Remote Retrieval of Configuration Backup Files in Liberty lisPBX 2.0-4 Remote Code Execution Vulnerability in TP-Link TL-WR840N v4 Router CSRF Vulnerability in Dolibarr 11.0.0-alpha Allows Admin Account Takeover Unauthenticated Access Vulnerability in HiNet GPON Firmware Version I040GWR190731 Arbitrary File Read Vulnerability in HiNet GPON Firmware (CVE-XXXX-XXXX) HiNet GPON Firmware < I040GWR190731: Arbitrary Command Execution via Port 6998 Authentication Bypass Vulnerability in Smart Battery A2-25DE Firmware <= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6 Smart Battery A4 Firmware <= r1.7.9: Unauthenticated Password Reset Vulnerability Vulnerability: Authentication Bypass in Smart Battery A4 Firmware <= r1.7.9 Cross-Site Scripting (XSS) Vulnerability in MAIL2000 Versions 6.0 and 7.0 Allows Arbitrary Code Execution Cross-Site Scripting (XSS) Vulnerability in MAIL2000 Login Feature Critical Open Redirect Vulnerability in MAIL2000 Versions 6.0 and 7.0: Unauthenticated Redirect to Malicious Site Stored Cross-Site Scripting (XSS) Vulnerability in MantisBT Timeline Feature Weak Random Keys in iNextrix ASTPP Case-sensitive constructor typo allows for unauthorized ownership change and free cryptocurrency acquisition in AIRDROPX BORN smart contract Typo in Smart Contract Constructor Allows Free Acquisition of EAI Tokens Smart Contract Ownership Acquisition and DoS Vulnerability in MORPH Token Stored XSS Vulnerability in OpenCart 3.x Admin Panel Source/HTML Editing Feature Reflected XSS Vulnerability in 360-product-rotation Plugin for WordPress XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 10.0 Privilege Escalation Vulnerability in Realtek Waves MaxxAudio Driver 1.6.2.0 on Dell Laptops Insecure Storage of Database Password in PRiSE adAS 1.7.0 Reflected XSS Vulnerability in PRiSE adAS 1.7.0 Remote Code Execution via Password Hashing Function Manipulation Authentication Bypass Vulnerability in PRiSE adAS 1.7.0 CSRF Vulnerability in PRiSE adAS 1.7.0 Allows Administrator Actions by Attackers Out-of-Bounds Read Vulnerability in qedi_dbg_* Functions Arbitrary File Upload Vulnerability in Artica Integria IMS 5.0.86 CSV Injection Vulnerability in WordPress Users & WooCommerce Customers Import Export Plugin Reflected XSS Vulnerability in DWSurvey through 2019-07-22 NULL pointer dereference vulnerability in ath6kl USB driver in Linux kernel through 5.2.9 NULL Pointer Dereference in ath10k USB Endpoint Descriptor Handling Remote Code Execution in Tyto Sahi Pro 6.x through 8.0.0 SQL Injection Vulnerability in Zoho ManageEngine OpManager Allows Unauthorized Server Access SQL Injection Vulnerability in Zoho ManageEngine Application Manager Authentication Bypass Vulnerability in Zoho ManageEngine OpManager Command Injection Vulnerability in Webmin <=1.920 Cross-Site Scripting (XSS) Vulnerability in WSO2 API Manager 2.6.0 XSS Vulnerability in The Events Calendar Plugin for WordPress XSS Vulnerability in wp-front-end-profile Plugin for WordPress Privilege Escalation Vulnerability in wp-front-end-profile Plugin XSS Vulnerability in wp-slimstat Plugin for WordPress (Version < 4.8.1) CSRF Vulnerability in Companion-Sitemap-Generator Plugin for WordPress CSRF Vulnerability in Formcraft-Form-Builder Plugin for WordPress CSRF Vulnerability in Peters Login Redirect Plugin for WordPress XSS Vulnerability in Easy Digital Downloads Plugin: IP Address Logging Out-of-Bounds Memory Access in parse_audio_mixer_unit in Linux Kernel Kernel Stack Exhaustion Vulnerability in sound/usb/mixer.c Insecure Permissions in cnlh nps Installation Cross-Site Scripting (XSS) Vulnerability in Kunena Extension for Joomla! Remote Code Execution Vulnerability in Viki Vera 4.9.1.26180 via Branding Module XSS Vulnerability in MobileFrontend Extension's Watchlist Feed Edit Summary Field Vulnerability: Broadcom Wi-Fi Client Devices Information Disclosure XSS Vulnerability in REDCap Data Import Tool CSRF Vulnerability in iF.SVNAdmin Allows Unauthorized User Creation Unauthenticated Access to Candidates' Photo Files in Humanica Humatrix 7 Recruitment Module Arbitrary File Upload and Remote Code Execution in Humanica Humatrix 7 Recruitment Module Arbitrary File Upload and Execution Vulnerability in Code42 Enterprise User Enumeration Vulnerability in Zabbix 4.4.0alpha1 GIFLIB Divide-by-Zero Vulnerability Memory Leak Vulnerability in RIOT TCP Implementation (gnrc_tcp) Allows Network Thread Disruption OMG DDS Security 1.1 Handshake Protocol Cleartext Capability Disclosure Vulnerability eProsima Fast RTPS Access Control Plugin Remote Participant Connection Policy Bypass Vulnerability Insecure Topic Name Matching in eProsima Fast RTPS Access Control Plugin Arbitrary File Read Vulnerability in html-pdf Package 2.2.0 for Node.js Denial-of-Service Vulnerability in ImageMagick 7.0.8-41 Q16 (CVE-2019-11473) Use-after-free vulnerability in ImageMagick 7.0.8-43 Q16 in coders/mat.c allows remote attackers to cause denial of service or other impact via crafted Matlab image file in ReadImage. Heap-based Buffer Over-read in WriteTIFFImage of ImageMagick 7.0.8-43 Q16 Heap-based Buffer Over-read Vulnerability in DjVuLibre 3.5.27 Denial-of-Service Vulnerability in DjVuLibre 3.5.27 Bitmap Reader Component Denial-of-Service Vulnerability in DjVuLibre 3.5.27 Sorting Functionality Denial-of-Service Vulnerability in DjVuLibre 3.5.27 via Corrupted JB2 Image File Handling Heap-Based Buffer Over-read Vulnerability in GoPro GPMF-parser 1.2.2 Out-of-Bounds Read and SEGV Vulnerability in GoPro GPMF-parser 1.2.2 Out-of-Bounds Write Vulnerability in GoPro GPMF-parser 1.2.2 Unidirectional-Routing Protection Bypass in Mitogen Core.py CSRF Vulnerability in OAuth2 Client Extension for MediaWiki Double Free Vulnerability in AdPlug 2.3.1's Cu6mPlayer Class XML Entity Expansion Attack in SweetXml Package Improper Length Handling in rpcapd/daemon.c in libpcap Information Disclosure in libpcap Authentication Failure Messages Denial of Service Vulnerability in libpcap's rpcapd Daemon SSRF Vulnerability in libpcap's rpcapd/daemon.c Memory Allocation Vulnerability in sf-pcapng.c in libpcap Unbounded Memory Access in lmp_print_data_link_subobjs() Function Buffer Over-read Vulnerability in VRRP Parser of tcpdump Use-after-free vulnerability in Linux kernel before 5.2.6 due to malicious USB device in v4l2-dev.c driver Double-Free Vulnerability in Linux Kernel USB Driver Use-after-free vulnerability in Linux kernel USB DVB driver Use-after-free vulnerability in Linux kernel sound subsystem Use-after-free vulnerability in Linux kernel before 5.2.6 in cpia2_usb.c driver NULL Pointer Dereference in Linux Kernel USB Driver NULL pointer dereference vulnerability in Linux kernel USB driver NULL pointer dereference vulnerability in Linux kernel USB driver NULL pointer dereference vulnerability in sisusbvga driver Use-after-free vulnerability in Linux kernel driver p54usb.c NULL pointer dereference vulnerability in Linux kernel sound/usb/line6/pcm.c driver NULL pointer dereference vulnerability in Linux kernel sound/usb/helper.c (motu_microbookii) driver NULL pointer dereference vulnerability in Linux kernel sound/usb/line6/driver.c driver Code-execution backdoor vulnerability in rest-client gem 1.6.10-1.6.13 Denial of Service Vulnerability in Envoy (CVE-2019-14993) Header Size Denial-of-Service Vulnerability in Envoy XSS Vulnerability in FlightPath 4.8.3 Admin Console: Cookie Stealing and Malicious Actions XSS Vulnerability in FUEL CMS 1.4.4 Admin Console Allows for Cookie Stealing and Malicious Actions CSRF Vulnerability in FUEL CMS 1.4.4 Admin Console's Create Blocks Section Multiple Cross-Site Scripting (XSS) Vulnerabilities in LibreNMS v1.54 Admin Console Use-After-Free Vulnerability in Live555 (CVE-2019-XXXX) XSS Vulnerability in Live:Text Box Macro in Old Street Live Input Macros App Uncontrolled Memory Allocation Vulnerability in SHAREit 4.0.6.177 Session Hijacking and Password Disclosure in CentOS Web Panel 0.9.8.864 Punycode Homograph Attack Vulnerability in Roundcube Webmail CSRF Vulnerability in cforms2 Plugin for WordPress: IP Address Field Use-after-free vulnerability in Linux kernel prior to 4.9.190 and 4.14.139 Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Arbitrary Code Execution with Elevated Privileges in Cisco SPA100 Series Analog Telephone Adapters Stored XSS Vulnerability in Cisco DNA Center Web-Based Management Interface Cisco Identity Services Engine (ISE) Web Management Interface Authorization Bypass Vulnerability IKEv1 Denial of Service Vulnerability in Cisco ASA and FTD Software Improper Restrictions on Configuration Information in Cisco SPA100 Series Analog Telephone Adapters Cisco SPA100 Series ATA Web Management Interface Denial of Service Vulnerability Cisco Unified Contact Center Express (UCCX) Software HTTP Response Splitting Vulnerability Cisco Aironet Access Points (APs) Software Vulnerability: Unauthorized Access and Privilege Escalation Cisco Aironet Access Points (APs) PPTP VPN Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Software SSH Session Management CAPWAP Protocol Implementation Denial of Service Vulnerability in Cisco Aironet and Catalyst 9100 Access Points Cisco Aironet Access Points (APs) BPDU Forwarding DoS Vulnerability Directory Traversal Vulnerability in Cisco Wireless LAN Controller (WLC) Software Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Web Interface Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Web Interface Arbitrary Command Execution Vulnerability in Cisco Small Business RV Series Routers Unauthorized Access Vulnerability in Cisco Unified Communications Manager and Session Management Edition Arbitrary File Overwrite Vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software Command Injection Vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software Arbitrary Command Execution Vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software Denial of Service Vulnerability in Cisco Wireless LAN Controller Software Root Privilege Execution Vulnerability in Cisco TelePresence Collaboration Endpoint (CE) Software Cisco Finesse Web Management Interface Authorization Bypass Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Software Stored XSS Vulnerability in Cisco Identity Services Engine (ISE) Software Cisco Identity Services Engine (ISE) Software: Unauthenticated Remote Read Access to tcpdump Files Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Privilege Escalation Vulnerability in Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software Denial of Service Vulnerabilities in Cisco TelePresence Collaboration Endpoint and RoomOS Software NULL Pointer Dereference Vulnerability in Linux Kernel's flexcop-usb.c Driver Use-after-free vulnerability in atalk_proc_exit in the Linux kernel before 5.0.9 User Mode Write AV Vulnerability in ACDSee Photo Studio Standard 22.1 Build 1159 Clear-text logging of custom service account credentials in Gallagher Command Centre Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 Buffer Overflow Vulnerability in FAAD2 2.8.8 NULL session media object dereference vulnerability in res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 Authenticated Command Injection in Centreon Web Authentication Bypass Vulnerability in Centreon Web Authenticated SQL Injection in Centreon Web through 19.04.3 Arbitrary SQL Command Execution in Terrasoft Bpm'online CRM-System SDK 7.13 Remote Code Execution Vulnerability in XWiki Labs CryptPad Default Password Vulnerability in Lierda Grill Temperature Monitor V1.00_50006 WAN Remote Code Execution and AWS Key Retrieval Vulnerability in Linkplay Firmware Zolo Halo LAN Remote Code Execution via GoAhead Web Server Zolo Halo DNS Rebinding Attack Vulnerability Non-persistent XSS vulnerability in Zimbra Collaboration before 8.8.15 Patch 1 Arbitrary JavaScript Code Execution via File Upload in Tiki 18.4 Privilege Escalation Vulnerability in Valve Steam Client for Windows Privilege Escalation Vulnerability in Valve Steam Client for Windows XSS Vulnerability in Give Plugin (WordPress) Prior to 2.4.7 via Donor Name Code Injection Vulnerability in yikes-inc-easy-mailchimp-extender Plugin for WordPress Object Injection Vulnerability in Option-Tree Plugin for WordPress (CVE-2021-12345) Object Injection Vulnerability in Option-Tree Plugin for WordPress Object Injection Vulnerability in Option-Tree Plugin for WordPress (<=2.7.3) Vulnerability Alert: Local File Inclusion in Shortcode-Factory Plugin for WordPress Path Traversal Vulnerability in Ad-Inserter Plugin for WordPress Critical Remote Code Execution Vulnerability in Ad-Inserter Plugin for WordPress Misleading Vulnerability: Disabled CONFIG_SECURITY_YAMA with Misconfigured /etc/sysctl.d/10-ptrace.conf Directory Traversal Vulnerability in Import Users from CSV with Meta Plugin XSS Vulnerability in import-users-from-csv-with-meta Plugin for WordPress XSS Vulnerability in Import Users from CSV with Meta Plugin for WordPress CSRF Vulnerability in Import Users from CSV with Meta Plugin for WordPress Insufficient Protection Against Arbitrary File Reading in webp-express Plugin for WordPress HTML Injection Vulnerability in wp-support-plus-responsive-ticket-system Plugin Unrestricted Wi-Fi Control Vulnerability in Lava Z61 Android Device Unsecured Wi-Fi Control Vulnerability on Lava Flair Z1 Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Iris 88 Go Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Z92 Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Z61 Turbo Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Z81 Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Iris 88 Lite Android Device Unrestricted Wi-Fi Control Vulnerability in Lava Z60s Android Device Pre-installed App Vulnerability: Unauthorized Control of Connectivity Features Vulnerability: Privilege Escalation via LovelyFont App Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Vulnerability: Arbitrary Command Execution and MITM Attack on Tecno Camon iClick Android Device Vulnerability: Privilege Escalation via com.lovelyfont.defcontainer Vulnerability: Privilege Escalation via com.lovelyfont.defcontainer Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Vulnerability: Privilege Escalation via LovelyFont Android App Vulnerability: Privilege Escalation via LovelyFont Android App Vulnerability: Arbitrary Command Execution via com.lovelyfont.defcontainer Unsecured System Property Modification Vulnerability in Coolpad 1851 Android Device Unsecured System Property Modification Vulnerability in Coolpad N3C Android Device Unsecured System Property Modification Vulnerability in Ulefone Armor 5 Android Device Unsecured System Property Modification Vulnerability in Tecno Camon iClick Android Device Unsecured System Property Modification Vulnerability in Lava Flair Z1 Android Device Unsecured System Property Modification Vulnerability in Advan i6A Android Device Unsecured System Property Modification Vulnerability in Dexp Z250 Android Device Unsecured System Property Modification Vulnerability in Haier A6 Android Device Unauthenticated System Property Modification Vulnerability in Hisense U965 Android Device Insecure System Property Modification Vulnerability in Infinix Note 5 Android Device Unauthenticated System Property Modification Vulnerability in Lava Iris 88 Go Android Device Unsecured System Property Modification Vulnerability in Leagoo Power 5 Android Device Unsecured System Property Modification Vulnerability in Dexp BL250 Android Device Unsecured System Property Modification Vulnerability in Lava Z92 Android Device Insecure System Property Modification Vulnerability in Infinix Note 5 Android Device Unsecured System Property Modification Vulnerability in Haier P10 Android Device Unsecured System Property Modification Vulnerability in Coolpad 1851 Android Device Unsecured System Property Modification Vulnerability in Lava Z61 Turbo Android Device Unsecured System Property Modification Vulnerability in Haier G8 Android Device Unsecured System Property Modification Vulnerability on Symphony G100 Android Device Unsecured System Property Modification Vulnerability in Hisense F17 Android Device Unsecured System Property Modification Vulnerability in Symphony i95 Lite Android Device Unauthenticated System Property Modification Vulnerability in Lava Iris 88 Lite Android Device Unsecured System Property Modification Vulnerability in Haier G8 Android Device Unauthenticated System Property Modification Vulnerability in Panasonic Eluga Ray 530 Unauthenticated System Property Modification Vulnerability in Cherry Flare S7 Android Device Unauthenticated System Property Modification Vulnerability in Panasonic Eluga Ray 600 System Property Modification Vulnerability in Walton Primo G3 Android Device System Property Modification Vulnerability on Fly Photo Pro Android Device Unauthenticated System Property Modification Vulnerability in BQ 5515L Android Device Unsecured System Property Modification Vulnerability in Cubot Nova Android Device Unauthenticated System Property Modification Vulnerability in Allview X5 Android Device Unsecured System Property Modification Vulnerability in Elephone A4 Android Device Insecure System Property Modification Vulnerability in Infinix Note 5 Android Device Unsecured System Property Modification Vulnerability in Lava Z60s Android Device Vulnerability: Unrestricted Wi-Fi Control via com.roco.autogen App Arbitrary Command Execution and Man-in-the-Middle Vulnerability in Coolpad 1851 Android Device Vulnerability: Arbitrary Command Execution and MITM Attack on Haier A6 Android Device Unsecured System Property Modification Vulnerability in Haier G8 Android Device Vulnerability: Unauthorized System Property Modification in Asus ZenFone 4 Selfie Android Device Vulnerability: Unauthorized System Property Modification in Asus ZenFone 4 Selfie Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Asus ZenFone Live Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Asus ZenFone 5 Selfie Android Device Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3s Max Vulnerability: Command Execution via Asus ZenFone 3 Pre-installed App Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone Max 4 Vulnerability: Command Execution via Asus ZenFone 4 Selfie Pre-installed App Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 5Q Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3 Ultra Vulnerability: Command Execution via Pre-installed App Component in Asus ASUS_A002 Android Device Vulnerability: Command Execution via Pre-installed App Component in Asus ASUS_A002_2 Android Device Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3s Max Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone Max 4 Vulnerability: Command Execution via Pre-installed App Component in Asus ASUS_X00K_1 Android Device Vulnerability: Command Execution via Pre-installed App Component Vulnerability: Command Execution via Pre-installed App Component in Asus ASUS_X015_1 Android Device Vulnerability: Command Execution via Asus ZenFone 5 Lite Pre-installed App Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 5Q Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 5Q Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3 Laser Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 4 Selfie Android Device Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone 3 Ultra Vulnerability: Command Execution via Pre-installed App Component in Asus ZenFone AR Pre-installed App Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Redmi 5 Vulnerability: Unauthorized App Installation via Pre-installed App Component Pre-installed App on Tecno Spark Pro Android Device Allows Unauthorized Dynamic Code Loading via Confused Deputy Attack Vulnerability: Unauthorized Command Execution via Confused Deputy Attack in com.lovelyfont.defcontainer app Pre-installed App on Asus ASUS_X015_1 Android Device Allows Unauthorized Command Execution via Confused Deputy Attack Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Blackview BV9000Pro-F Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Blackview BV7000_Pro Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Doogee Mix Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Bluboo_S1 Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Doogee BL5000 Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Kata M4s Android Device Vulnerability in Xiaomi 5S Plus Android Device Allows Unauthorized Wireless Settings Modification Vulnerability in Xiaomi Mi Mix Android Device Allows Unauthorized Wireless Settings Modification Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Mi Note 2 Vulnerability: Unauthorized At Command Access via Confused Deputy Attack on Panasonic ELUGA_I9 Android Device OpenSSL ChaCha20-Poly1305 Nonce Length Vulnerability Vulnerability: System Properties Modification via com.qiku.cleaner App Component Pre-installed App Component Vulnerability in Evercoss U50A Android Device Vulnerability: System Properties Modification via Pre-installed App Component Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Unauthorized App Installation via Pre-installed App Component Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Installation via Accessible App Component on Samsung J5 Android Device Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: App Installation via Pre-installed App Component Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Installation via Accessible App Component in Samsung J5 Android Device Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation on Samsung J7 Neo Android Device Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Vulnerability: Pre-installed App Component Allows Unauthorized App Installation Pre-installed App Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Redmi 6 Pro Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Mi Mix 2S Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Xiaomi Mi A2 Lite Android Device Vulnerability: Pre-installed App Allows Unauthorized Microphone Audio Recording Vulnerability: Key Recovery in ECDSA Signature Operation with Explicit Parameters Vulnerability: Pre-installed App Allows Unauthorized Microphone Audio Recording Vulnerability: Pre-installed App Allows Unauthorized Microphone Audio Recording Pre-installed App Vulnerability: Unauthorized Microphone Audio Recording via Confused Deputy Attack Pre-installed App Vulnerability: Unauthorized Microphone Audio Recording via Confused Deputy Attack Xiaomi Cepheus Android Device Vulnerability: Unauthorized Microphone Audio Recording via Confused Deputy Attack Vulnerability: Unauthorized Microphone Audio Recording via Confused Deputy Attack on Xiaomi Mi A3 Android Device XSS Vulnerability in Former before 4.2.1 via Checkbox Value XSS Vulnerability in Jooby before 1.6.4 via Default Error Handler Reflected XSS Vulnerability in Status Board 1.1.81 via logic.ts Reflected XSS Vulnerability in Status Board 1.1.81 via dashboard.ts XSS Vulnerability in Domoticz 4.10717 via item.Name XSS Vulnerability in Kimai v2 before 1.1 via Timesheet Description Cross-Site Scripting (XSS) Vulnerability in selectize-plugin-a11y before 1.1.0 via the msg field. Cross-Site Scripting (XSS) Vulnerability in Bolt CMS before 3.6.10 XSS Vulnerability in Bolt CMS (Versions before 3.6.10) via Image Alt or Title Field Cross-Site Scripting (XSS) Vulnerability in Bolt CMS 3.6.10 and Earlier XSS Vulnerability in Django JS Reverse before 0.9.1 XSS Vulnerability in DfE School Experience before v16333-GA via Teacher Training URL Reflected XSS in Ignite Realtime Openfire LDAP Setup Test Cross-Site Scripting (XSS) Vulnerability in laracom (aka Laravel FREE E-Commerce Software) 1.4.11 Insecure Random Number Generator in OpenSSL 1.1.1 Code Injection Vulnerability in openITCOCKPIT before 3.7.1 (RVID 1-445b21) CSRF Vulnerability in openITCOCKPIT before 3.7.1 (RVID 2-445b21) Reflected XSS Vulnerability in openITCOCKPIT before 3.7.1 (RVID 3-445b21) File Deletion Vulnerability in openITCOCKPIT before 3.7.1 (RVID 4-445b21) SSRF Vulnerability in openITCOCKPIT before 3.7.1 (RVID 5-445b21) CSRF Vulnerability in MyT Project Management 1.5.1 Allows Arbitrary Code Execution Default Credentials Vulnerability in Black Box iCOMPEL and ONELAN Net-Top-Box Arbitrary OS Command Execution in Vera Edge Home Controller 1.7.4452 via webcam.sh CodiMD 1.3.1 Safari XSS Vulnerability Reflected Cross-Site Scripting (XSS) in L-Soft LISTSERV: /scripts/wa.exe OK Parameter Vulnerability Remote Crash Vulnerability in TeamSpeak Client OS Command Execution Vulnerability in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 Double Free Vulnerability in Linux Kernel USB Driver (CVE-XXXX-XXXX) Out-of-Bounds Read Vulnerability in Linux Kernel USB DVB-USB Driver Critical Information Disclosure Vulnerability in Kaseya Virtual System Administrator (VSA) Cleartext Password Exposure in Octopus Deploy Versions 2018.8.4 to 2019.7.6 Cleartext Password Exposure in Octopus Tentacle Versions 3.0.8 to 5.0.0 Overflow Bug in x64_64 Montgomery Squaring Procedure: Limited Impact on RSA and DSA HTML Injection Vulnerability in Zoho ManageEngine Desktop Central 10 User Administration Page Local Privilege Escalation Vulnerability in GOG Galaxy Client Service Denial of Service Vulnerability in OpenWrt libuci Privacy Vulnerability: Incorrect Access Level Indication in Telegram App Allows Phone Number Discovery CSRF Token Leakage in Discourse 2.3.2 Directory Traversal Vulnerability in Cuberite (before 2019-06-11) via ....// Directory Traversal Vulnerability in jc21 Nginx Proxy Manager before 2.0.13 Directory Traversal Vulnerability in Swoole before 4.2.13 Directory Traversal Vulnerability in Power-Response Plugin (Pre-2019-02-02) Vulnerability: Insecure Default Configuration Directory in OpenSSL Directory Traversal Vulnerability in comelz Quark (before 2019-03-26) PHP Object Injection Vulnerability in Spoon Library SSL Bypass Vulnerability in LINBIT csync2 Improper Handling of GNUTLS_E_WARNING_ALERT_RECEIVED in LINBIT csync2 Arbitrary File Upload Vulnerability in CSZ CMS 1.2.3 Critical Vulnerability: Missing SSL Certificate Validation in pw3270 Terminal Emulator Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Firmware V1.0.2B05 Heap-based Buffer Over-read in GNU Libextractor's DVI Extractor Plugin Cross-Site Scripting (XSS) vulnerability in CyberChef before 8.31.2 in core/operations/TextEncodingBruteForce.mjs SQL Injection Vulnerability in XENFCoreSharp's web/verify.php SQL Injection Vulnerability in Raml-Module-Builder 26.4.0's PostgresClient.update SQL Injection Vulnerability in Tasking Manager before 3.4.0 via Custom SQL SQL Injection Vulnerability in Acclaim Block Plugin for Moodle SQL Injection Vulnerability in SimpleSAMLphp Proxystatistics Module XFS Filesystem Wedge Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in MantisBT Project Documentation Feature Heap-based Buffer Overflow in CSO Filter of libMirage 3.2.2 in CDemu Denial of Service in rustls-mio TLS Server Uncontrolled Recursion in HTML DOM Tree Serialization Memory Corruption Vulnerability in slice-deque Crate Memory Exhaustion Vulnerability in Rust Protobuf Crate Ed25519 Signature Spoofing Vulnerability in libp2p-core Crate Format String Vulnerabilities in pancurses crate through 0.16.1 Format String Vulnerabilities in ncurses Crate for Rust Buffer Overflow Vulnerabilities in ncurses Crate for Rust Memory Exhaustion Vulnerability in asn1_der Crate Out-of-Bounds Read and Page Boundary Crossing Vulnerability in simd-json Crate Double Free Vulnerability in smallvec Crate Use-after-free vulnerability in libflate crate allows arbitrary code execution Uninitialized Memory Exposure in memoffset Crate Memory Corruption in SmallVec Crate: Grow Attempts with Insufficient Capacity SQL Injection Vulnerability in FredReinink Wellness-app (before 2019-06-19) SQL Injection Vulnerability in Social Network Registration Handler SQL Injection Vulnerability in XM^online 2 User Account and Authentication Server 1.0.0 via Tenant Key SQL Injection Vulnerability in XM^online 2 Common Utils and Endpoints 0.2.1 DianoxDragon Hawn SQL Injection Vulnerability SQL Injection Vulnerability in Reviews Module of OpenSource Table (before 2019-06-14) FlashLingo SQL Injection Vulnerability Incomplete Parentheses SQL Injection Vulnerability in GORM SQL Injection Vulnerability in OHDSI WebAPI FeatureExtractionService.java SQL Injection Vulnerability in Compassion Switzerland Addons for Odoo SQL Injection Vulnerability in ICOMMKT Connector for PrestaShop (Versions before 1.0.7) SQL Injection Vulnerability in Alfresco Android Application SQL Injection Vulnerability in OpenForis Arena Sorting Feature SQL Injection Vulnerability in idseq-web Allows Attackers to Manipulate tax_levels SQL Injection Vulnerability in HM Courts & Tribunals CCD Data Store API SQL Injection Vulnerability in BEdita 4.0.0-RC2 SQL Injection Vulnerability in ClonOS WEB Control Panel (before 2019-04-30) Gesior-AAC Shop.php ServiceCategoryID SQL Injection Vulnerability SQL Injection Vulnerability in Gesior-AAC (tankyou.php) Gesior-AAC Account Management SQL Injection Vulnerability Command Injection Vulnerability in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 via API Blobs Scope GitLab CE/EE Information Disclosure: Unauthorized Access to Private System Notes via GraphQL Endpoint GitLab CE/EE Information Disclosure Vulnerability: Project Milestones Disclosure via Groups Browsing Information Disclosure in GitLab Community Edition (CE) and Enterprise Edition (EE) Allows Path Disclosure in Unsubscribe Email Links Information Disclosure Vulnerability in GitLab CE and EE: Confidential Issue Assignee Disclosure via Milestones Unauthenticated User Access to Restricted Pipeline Data in GitLab IDOR vulnerability in GitLab allows unauthorized access to private group members via merge request approval rules IDOR Vulnerability in GitLab Community Edition and Enterprise Edition Allows Unauthorized Group Access Information Disclosure in GitLab API: Private Labels and Project Namespace Disclosure Markdown Input Validation Bypass Vulnerability in GitLab SAML Integration Account Takeover Vulnerability in GitLab CE and EE Cross-Site Scripting (XSS) Vulnerability in Gitlab CE/EE < 12.1.10 Mermaid Plugin Unsanitized JavaScript Vulnerability in Loofah Gem for Ruby OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) leading to Remote Code Execution (RCE) Improper Access Control Vulnerability in Gitlab Allows Blocked Users to Bypass Restrictions Vulnerability: Padding Oracle Attack in OpenSSL Access Control Issue: Disclosure of Private Merge Requests and Issues in GitLab Group Search Improper Access Control Vulnerability in GitLab <12.3.3 Allows Unauthorized Access to Container and Dependency Scanning Reports GitLab 12.2.2 and below: Guest User Privilege Escalation via Activity Timeline GitLab 12.2.3 Denial of Service Vulnerability in Issue Comments GitLab 11.8 and Later: Restricted Pipeline Details Disclosure Vulnerability Local Privilege Escalation Vulnerability in UniFi Video Controller =<3.10.6 Path Traversal Vulnerability in Statics-Server Allows Symlink-Based Attack Remote Code Execution Vulnerability in node-df v0.1.4 Remote Code Execution Vulnerability in treekill on Windows Remote Code Execution Vulnerability in tree-kill on Windows Arbitrary File Read Vulnerability in http_server Stored Cross-Site Scripting (XSS) Vulnerability in fileview package v0.1.6 Stored Cross-Site Scripting (XSS) Vulnerability in seefl v0.1.1 via Malicious Filename in Directory Listing X.509 Certificate Validation Vulnerability in Node.js 10, 12, and 13 HTTP Request Smuggling Vulnerability in Node.js 10, 12, and 13: Malicious Payload Delivery via Malformed Transfer-Encoding Trailing White Space Bypass Vulnerability in Node.js HTTP Header Value Comparisons Stored XSS Vulnerability in Node-RED (<= 0.20.7): Exploiting IoT Wiring Tool TOCTOU Vulnerability in Yarn < 1.19.0: Cache Pollution Attack via Package Integrity Validation Command Injection Vulnerability in kill-port-process Package (Version < 2.2.0) Access Retention Vulnerability in Circles App 0.17.7 Insecure Data Leakage in iOS App 2.23.0: Login and Token Exposure in Nextcloud Services Password Reset Bug in Nextcloud Server 15.0.2 Allows Expired 2FA Logins to Persist File Extension-Based Workflow Vulnerability in Nextcloud Server 17.0.1 XSS Vulnerability in iOS App 2.24.4 due to Missing Sanitization Time Bypass Vulnerability in Android App 3.9.0 Dangling Remote Share Attempts in Nextcloud 16: A DNS Pollution Vulnerability Security Vulnerability: Unauthorized Second Factor Setup in Nextcloud Server 17.0.0 Reflected XSS Vulnerability in Nextcloud 15.0.5 Updater Cross-Site Scripting (XSS) Vulnerability in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3, and Nextcloud Deck 0.6.5 Improper Access Control in Nextcloud Talk 6.0.3: Leakage of Private Conversation Existence and Names via Projects Feature Improper Permissions Preservation in Nextcloud Server 16.0.1: Sharees Able to Reshare with Write Permissions via Public Link Information Disclosure Vulnerability in Nextcloud Android App 3.6.0 Information Leakage in Nextcloud Server 16.0.1: Sending Domain and User IDs to Disabled Lookup Server Group Admins Can Create Users with IDs of System Folders in Nextcloud Server 15.0.7 Memory Usage Vulnerability in Trend Micro Password Manager 3.8 Clear Text Transmission of Initial LDAP Communication in Deep Security Manager Application Arbitrary File Delete Vulnerability in Trend Micro Deep Security Agent for Windows DLL Hijacking Vulnerability in Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) FLAG_MISUSE Vulnerability in Trend Micro Password Manager for Android: Information Sharing with Third-Party Apps Bleichenbacher Padding Oracle Attack on RSA Encryption in OpenSSL Remote File Read Vulnerability in MuleSoft Components Arbitrary Code Execution Vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x Unencrypted Password Disclosure in Grafana 5.4.0 Tableau Products XXE Vulnerability: Information Disclosure and DoS Risk Uncontrolled Search Path Element in COPA-DATA zenon Editor 8.10 Remote Crash Vulnerability in Sangoma Asterisk 13.28.0 and 16.5.0 Limesurvey Image Upload Vulnerability Authenticated XXE Vulnerability in Webmin's xmlrpc.cgi Authenticated Remote Code Execution in Webmin through rpc.cgi XSS Vulnerability in Ultimate-FAQs Plugin for WordPress (Version < 1.8.22) Stored XSS Vulnerability in Zoho-SalesIQ Plugin for WordPress CSRF Vulnerability in Zoho-SalesIQ Plugin for WordPress SQL Injection Vulnerability in rsvpmaker Plugin for WordPress Remote Code Execution Vulnerability in Groundhogg Plugin for WordPress Insufficient Restrictions on Deleting or Renaming Vulnerability in insert-or-embed-articulate-content-into-wordpress Plugin Insufficient File Upload Restrictions in insert-or-embed-articulate-content-into-wordpress Plugin Arbitrary JavaScript and HTML Injection in PAN-OS External Dynamic Lists Insufficient Restrictions on Option Changes in stops-core-theme-and-plugin-updates Plugin for WordPress Heap-Based Buffer Over-read in DecodeCertExtensions in wolfSSL 4.1.0 Client-side code injection vulnerability in NSSLGlobal SatLink VSAT Modem Unit (VMU) web interface before 18.1.0 Insecure Authentication Mechanism in Comba AP2600-I Devices: Password Disclosure Vulnerability Password Disclosure Vulnerability in Comba AC2400 Devices D-Link DSL-2875AL Password Disclosure Vulnerability Information Disclosure Vulnerability in D-Link DSL-2875AL and DSL-2877AL Devices Arbitrary Code Execution in eslint-utils (<=1.4.1) via getStaticValue Function SQL Injection Vulnerability in connect-pg-simple before 6.0.1 SQL Injection Vulnerability in Pie-Register Plugin for WordPress (Versions prior to 3.1.2) Arbitrary JavaScript and HTML Injection in PAN-OS Management Web Interface CSRF Vulnerability in wp-members Plugin for WordPress Stack-based Buffer Overflow in Rivet Killer Control Center (CVE-2021-XXXX) Arbitrary Read Privilege Escalation in Rivet Killer Control Center Out-of-Bounds Read Privilege Escalation in Rivet Killer Control Center (Issue 1 of 2) Out-of-Bounds Read Privilege Escalation in Rivet Killer Control Center Arbitrary Write Primitive Vulnerability in Rivet Killer Control Center Out-of-Bounds Array Access in __xfrm_policy_unlink Leading to Denial of Service Arbitrary Code Execution in Expedition Migration Tool 1.1.6 and Earlier Heap Buffer Overflow in TightVNC Code Version 1.3.10: Remote Code Execution Vulnerability Heap Buffer Overflow in TightVNC Code Version 1.3.10: Potential Code Execution via Network Connectivity Palo Alto Networks Demisto 4.5 XSS Vulnerability Null Pointer Dereference Vulnerability in TightVNC 1.3.10: Exploitable DoS via Network Connectivity Memory Leak Vulnerability in LibVNC Server Code (CWE-655) Out-of-Bound Access Read Vulnerabilities in RDesktop 1.8.4 Leading to Denial of Service (DoS) Stack Buffer Overflow Vulnerability in TurboVNC Server Code Remote Unauthorized Access Vulnerability in Kaspersky Protection Extension for Google Chrome Remote Disabling of Security Features in Kaspersky Products: Bypass Vulnerability Remote Disabling of Anti-Virus Protection Features: A Critical Vulnerability in Kaspersky Security Products Remote Information Disclosure Vulnerability in Kaspersky Security Products Inadequate User Notification of Untrusted Site Redirect Vulnerability Local Privilege Escalation Vulnerability in Kaspersky Security Products Arbitrary Code Execution in Expedition Migration Tool User Mapping Settings Stack Use-After-Return Vulnerability in TigerVNC Heap Buffer Overflow in TigerVNC Version Prior to 1.10.1: Remote Code Execution Vulnerability Heap Buffer Overflow in TigerVNC Version Prior to 1.10.1: Remote Code Execution Vulnerability Heap Buffer Overflow in TigerVNC 1.10.1 and Earlier: Remote Code Execution Stack Buffer Overflow in TigerVNC Prior to 1.10.1: Remote Code Execution Sensitive Value Exposure in Octopus Deploy 2019.7.3 through 2019.7.9 Memory Access Vulnerability in Suricata 4.1.4 Arbitrary Code Execution in Expedition Migration Tool 1.1.8 and Earlier HTML Injection Vulnerability in Frappe Framework 12 through 12.0.8 Arbitrary OS Command Execution via HelpModal.jsx in BloodHound 2.2.0 Denial-of-Service Vulnerability in RIOT TCP Implementation Insufficient Entropy in PRNG Vulnerability in Fortinet FortiOS for FortiGate VM Models Clear Text Storage of Sensitive Information Vulnerability in FortiClient for Mac FortiOS SSL VPN Portal Denial of Service Vulnerability Improper Access Control Vulnerability in FortiMail Admin WebUI Command Injection Vulnerability in FortiAP-S/W2, FortiAP, and FortiAP-U CLI Admin Console Unauthorized File Overwrite Vulnerability in FortiAP-S/W2 and FortiAP-U CLI Admin Console Arbitrary Code Execution Vulnerability in Expedition Migration Tool 1.1.8 and Earlier FortiExtender CLI Admin Console OS Command Injection Vulnerability Privilege Escalation Vulnerability in FortiClient for Linux 6.2.1 and Below via Specially Crafted IPC Requests Improper Access Control Vulnerability in FortiMail Admin WebUI XSS Vulnerability in my-calendar Plugin for WordPress (<=3.1.10) Directory Traversal Vulnerability in Entropic CLI Post Authentication Command Injection in MantisBT: Remote Code Execution Vulnerability Insecure Permissions in WTF Before 0.19.0 Use-after-free vulnerability in Irssi 1.2.x before 1.2.2 with double CAP Privilege Escalation via Unrestricted D-Bus Access in systemd-resolved Privilege Escalation in Altair PBS Professional through 19.1.2 via Insecure Message Authentication Unauthenticated Remote Access to PHP Files in PAN-OS 9.0.0 Local Privilege Escalation via Pre or Post Backup Action in CloudBerry Backup v6.1.2.34 Unauthorized Access to Group Runner Settings GitLab Markdown Resource Exhaustion Vulnerability Bypassing Push Rules via Email Merge Requests in GitLab HTML Injection Vulnerability in GitLab Label Descriptions IDOR Vulnerability in GitLab Epic Notes API: Disclosure of Private Milestones, Labels, and Other Information Arbitrary Server Disclosure Vulnerability in GitLab Community and Enterprise Edition Insufficient Permission Checks in GitLab CI Results Display Insufficient SSRF Protection in GitLab Kubernetes Integration Unintentional Disclosure of Last Pipeline Information in GitLab Vulnerability in GlobalProtect Agent Allows Session Token Spoofing SSRF Vulnerability in GitLab Jira Integration Allows Unauthorized Network Access Unauthorized Commenting on Merge Requests in GitLab Project Import API Bypasses Visibility Restrictions in GitLab Community and Enterprise Edition 12.2 through 12.2.1 Default Branch Name Exposure Vulnerability Unauthorized Access to Commit Titles and Team Member Comments Denial of Service Vulnerability in GitLab CI Pipelines Improper Authentication and Session Management in GitLab Community and Enterprise Edition through 12.2.1 Disclosure of Merge Request IDs via Email in GitLab Community and Enterprise Edition 12.0 through 12.2.1 XSS Vulnerability in GitLab Community and Enterprise Edition 8.1 through 12.2.1 Arbitrary Code Execution through Cross-Site Scripting (XSS) in Palo Alto Networks Expedition Migration Tool EXIF Geolocation Data Exposure in GitLab Community and Enterprise Edition Privilege Escalation Vulnerability in GitLab Omnibus through 12.2.1 Poly Plantronics Hub Local Privilege Escalation Vulnerability Confused Deputy Attack Vulnerability in Sony Xperia Touch Android Device Vulnerability: Unauthorized Wireless Settings Modification via Confused Deputy Attack on Sony Xperia XZs Android Device Hardcoded AES 256 Bit Key Vulnerability in Eques Elf Smart Plug Arbitrary PHP Command Injection in SITOS six Build v6.2.1 Insufficient Server-Side Checks Allow Unauthorized Role Escalation in SITOS six Build v6.2.1 Unauthenticated File Upload and Code Execution in SITOS six Build v6.2.1 Password and Email Change Vulnerability in SITOS six Build v6.2.1 Privilege Escalation and API Key Extraction Vulnerability in PAN-OS Cross-Site Scripting (XSS) Vulnerability in SITOS six Build v6.2.1 Blog Function Unrestricted File Upload Vulnerability in SITOS six Build v6.2.1 Privilege Escalation via Trojan Horse Docker Credential OpenStack os-vif Vulnerability: MAC Learning Bypass and Packet Viewing in Linuxbridge NULL Pointer Dereference Vulnerability in libMirage 3.2.2 CDemu NRG Parser Missing Validation Rules in asmjs/asmangle.cpp Leading to Assertion Failure in wasm/wasm.cpp NULL Pointer Dereference in Binaryen 1.38.32: Denial-of-Service Vulnerability Remote Command Injection Vulnerability in PAN-OS 9.0.2 and Earlier Authenticated Remote Code Execution in KSLABS KSWEB Android Application Stack-based Buffer Overflow in GNU Chess 6.2.5 via Crafted EPD File CSRF Vulnerability in handl-utm-grabber Plugin for WordPress Arbitrary Code Injection Vulnerability in Palo Alto Networks Traps 5.0.5 and Earlier Unprotected Save Calls in woo-address-book Plugin for WordPress Vulnerability: Siteurl Modification via nopriv_ AJAX Action in nd-shortcodes Plugin WordPress nd-donations Plugin 1.4 and Earlier: Siteurl Modification Vulnerability WordPress nd-travel Plugin 1.7 Vulnerability: Unauthorized Modification of siteurl Setting via nopriv_ AJAX Action Vulnerability: Siteurl Modification via nd-booking Plugin AJAX Action Vulnerability: Siteurl Modification via nd-learning Plugin AJAX Action Vulnerability: 301 Redirect Rule Injection via CSV File in Simple 301 Redirects Addon Bulk Uploader Plugin XSS Vulnerability in shapepress-dsgvo Plugin for WordPress XSS Vulnerability in woo-variation-gallery Plugin for WordPress Lack of Nonce Validation in Insta-Gallery Plugin for WordPress Cross-Site Scripting Vulnerability in Palo Alto Networks MineMeld Version 0.9.60 and Earlier Unsafe Deserialization Vulnerability in Formidable Plugin for WordPress CSRF Vulnerability in Facebook-by-Weblizar Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in WebTorrent HTTP Server Buffer Overflow Vulnerability in Lute-Tab's pdf_print.cc (Pre-2019-08-23) CSndUList Array Overflow in Secure Reliable Transport (SRT) 1.3.4 with Multiple Connections Buffer Overflow in PrefsUI_LoadPrefs in FontForge 20190813-20190820 Buffer Overflow Vulnerability in ROBOTIS Dynamixel SDK through 3.7.11 Integer Overflow Vulnerability in libZetta.rs (Version 0.1.2) Leads to Panic in zpool Parser Integer Overflow in Clara Genomics Analysis: Vulnerability in cudapoa Memory Management Privilege Escalation Vulnerability in MicroK8s Allows Root Access via Privileged Container Vulnerability: Remote Code Execution in PAN-OS with GlobalProtect Interface Privilege Escalation via Apport's /proc/pid Information Disclosure Vulnerability ShiftFS File Descriptor Reference Underflow Vulnerability ShiftFS Privilege Escalation Vulnerability Shiftfs Vulnerability: Bypassing Discretionary Access Control Permissions Refcount Underflow Vulnerability in Overlayfs and Shiftfs Insecure MD5 Checksum Verification in python-apt Unsigned Repository Download Vulnerability in Python-apt Privilege Escalation Vulnerability in Zyxel GS1900 Devices Remote Memory Corruption Vulnerability in PAN-OS Versions 7.1.24 and Earlier, 8.0.19 and Earlier, 8.1.9 and Earlier, and 9.0.3 and Earlier Arbitrary Command Execution Vulnerability in Zyxel GS1900 Devices Zyxel GS1900 Firmware Password Encryption Vulnerability Hardcoded Cryptographic Key Vulnerability in Zyxel GS1900 Devices Undocumented Diagnostics Shell with Remote Access Control Bypass on Zyxel GS1900 Devices Undocumented Menu Access for Password Recovery on Zyxel GS1900 Devices Authentication Bypass Vulnerability in CommScope ARRIS TR4400 Devices Authentication Bypass Vulnerability in CommScope ARRIS TR4400 Devices Memory Leak and Denial of Service Vulnerability in Linux Kernel SAS Expander Discovery Timing Side Channel Vulnerability in Athena SCS Smart Cards Critical Remote Code Execution Vulnerability in PAN-OS SSH Management Interface Reflected XSS Vulnerability in Netdisco 2.042010 Device Search Cross-Site Scripting (XSS) Vulnerability in DomainMOD through 4.13 Arbitrary Code Execution via File Upload Bypass in Sentrifugo 3.2 Stored XSS Vulnerabilities in Sentrifugo 3.2: Exploiting Arbitrary Web Script Injection Unauthenticated Access Control Bypass in ZyXEL P-1302-T10D v3 Firmware 2.00(ABBX.3) and Earlier Vulnerability: Lack of Protection Against Option Changes in wp-private-content-plus Plugin XSS Vulnerability in easy-property-listings Plugin for WordPress Unauthenticated Access to Bulk Export and Clear List Actions in Simple 301 Redirects Addon Unauthenticated Access to nd-restaurant-reservations Plugin in WordPress Arbitrary Memory Corruption Vulnerability in PAN-OS Versions 8.1.9 and Earlier, and 9.0.3 and Earlier Unauthenticated Access to lolmi_save_settings in Login-or-Logout-Menu-Item Plugin Vulnerability: Lack of Protection for Modifying Settings and Importing Data in Bold Page Builder Plugin for WordPress Directory Traversal Vulnerability in wps-child-theme-generator Plugin Bypassing Action=Confirmaction Protection in WPS-Hide-Login Plugin for WordPress Adminhash Protection Bypass in WPS Hide Login Plugin for WordPress Bypassing Action=rp&key&login Protection in WPS-Hide-Login Plugin Protection Bypass Vulnerability in wps-hide-login Plugin for WordPress XSS Vulnerability in OneSignal-Free-Web-Push-Notifications Plugin for WordPress CSRF Vulnerability in One-Click-SSL Plugin for WordPress XSS Vulnerability in Photoblocks-Grid-Gallery Plugin for WordPress Privilege Escalation Vulnerability in Palo Alto Networks Twistlock Console Icegram Plugin for WordPress 1.10.29: ig_cat_list XSS Vulnerability CSRF Vulnerability in Visitors Traffic Real-Time Statistics Plugin for WordPress CSRF Vulnerability in Visitors Traffic Real-Time Statistics Plugin for WordPress Reflected XSS Vulnerability in simple-mail-address-encoder Plugin for WordPress CSRF Vulnerability in webp-converter-for-media Plugin for WordPress CSRF Vulnerability in wp-better-permalinks Plugin for WordPress Stored XSS Vulnerability in wp-ultimate-recipe Plugin for WordPress Stored XSS Vulnerability in webp-express Plugin for WordPress Reflected XSS Vulnerability in Custom-404-Pro Plugin for WordPress Local File Inclusion Vulnerability in Sina Extension for Elementor Plugin Remote Code Execution Vulnerability in Zingbox Inspector Version 1.293 and Earlier CSRF Vulnerability in Facebook-for-WooCommerce Plugin for WordPress CSRF Vulnerability in Facebook-for-WooCommerce Plugin for WordPress XSS Vulnerability in easy-pdf-restaurant-menu-upload Plugin for WordPress Xiaomi Millet Mobile Phones 1-6.3.9.3: Man-in-the-Middle File Upload Vulnerability Path Checking Vulnerability in Ruby's File.fnmatch Functions Remote Code Execution via Trailing Backslash in Exim Optimization Vulnerability in POWER9 Backend of GCC: Reduced Entropy in __builtin_darn Calls Cross-Site Scripting (XSS) Vulnerability in JetBrains TeamCity 2019.1 and 2019.1.1 Session Fixation Vulnerability in eQ-3 HomeMatic CCU3 Firmware 3.41.11 Privilege Escalation Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Remote Code Execution in eQ-3 HomeMatic CCU3 Firmware Version 3.41.11 via ReGa.runScript Method Privilege Escalation Vulnerability in Maarch RM 2.5 Path Traversal Vulnerability in Maarch RM 2.5 Allows Remote File Overwrite and Denial of Service Unauthenticated Options Import Vulnerability in Woody Ad Snippets Plugin for WordPress Password Disclosure Vulnerability in Socomec DIRIS A-40 Devices Insecure Removal of Encryption Keys in Cisco APIC Software: Local Access Vulnerability SIGSEGV vulnerability in Xpdf 2.00's XRef::constructXRef in XRef.cc File Upload Vulnerability in CKFinder Unintended Account Creation Vulnerability in ConvertPlus Plugin for WordPress XSS Vulnerability in Breadcrumbs-by-Menu Plugin for WordPress CSRF Vulnerability in Breadcrumbs-by-Menu Plugin for WordPress Arbitrary File Upload Vulnerability in Crelly Slider Plugin for WordPress Hardcoded Password Vulnerability in Slick-Popup Plugin for WordPress CSRF Vulnerability in Affiliates-Manager Plugin for WordPress Stored XSS Vulnerability in JobCareer WordPress Theme (Version 2.5.1 and below) Information Disclosure Vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI Mode Stored XSS Vulnerability in CarSpot WordPress Theme Unauthenticated Settings Update Vulnerability in LoginPress Plugin for WordPress SQL Injection Vulnerability in LoginPress Plugin for WordPress Remote Code Execution in ProfileGrid User Profiles, Groups, and Communities Plugin for WordPress Incomplete Packet Data Validation Vulnerability in FreeBSD 12.1-STABLE, 12.1-RELEASE, 11.3-STABLE, and 11.3-RELEASE Stack Data Leakage in FreeBSD 12.1-STABLE and Earlier Versions Privilege Escalation Vulnerability in FreeBSD oce Network Driver Privilege Escalation in FreeBSD ixl Network Driver Use-After-Free Vulnerability in SCTP-AUTH Shared Key Update in FreeBSD Race Condition in FreeBSD Cryptodev Module Allows Arbitrary Kernel Memory Overwrite Cisco Nexus 9000 Series Fabric Switches ACI Mode Arbitrary File Read Vulnerability Kernel Panic Vulnerability in FreeBSD 12.1-STABLE and 12.1-RELEASE XSS Vulnerability in WordPress Download-Manager Plugin via Category Shortcode Feature Trusted Platform Module (TPM) Vulnerability in Cisco Nexus 9000 Series Fabric Switches Allows Unauthorized Access to Sensitive Information Use-After-Free Vulnerability in libslirp 4.0.0: ip_reass in ip_input.c Misleading Documentation Regarding Content Sniffing Protection in CKFinder HTTP/1 Parsing Failure Denial of Service Vulnerability in Varnish Cache Remote Code Execution in Sonatype Nexus Repository Manager 2.x before 2.14.15 ESP-IDF Vulnerability: Fault Injection Bypasses Secure Boot Digest Verification Unauthenticated Options Changes in Search Exclude Plugin for WordPress Unauthenticated Options Import Vulnerability in LifterLMS Plugin for WordPress Authentication Bypass in BeeGFS-CTL via Communication with Metadata Server Reflected XSS Vulnerability in Nagios Log Server Login Page Insecure TLS Client Authentication Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Uninitialized Variable in Slicer69 doas Allows Command Execution as Root Improper Group ID Handling in slicer69 doas before 6.2 on Certain Platforms Backporting Error Reintroduces Spectre Vulnerability in Linux Kernel Heap-based Buffer Over-read in libexpat XML Parser Escape from Restricted Shell: Cisco Nexus 9000 Series ACI Mode Switch Software Vulnerability ZigBee Network Discovery Denial of Service Vulnerability Insecure Key Transport in ZigBee PRO: Vulnerability Exploitation and Device Takeover ZigBee Trust Center Rejoin Procedure Vulnerability on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 Devices Insecure Key Transport in Xiaomi Smart Home Devices: Exploiting ZigBee Communication Vulnerability Multiple Denial of Service Vulnerabilities in Xiaomi ZigBee Devices Denial of Service Vulnerability in Xiaomi ZigBee Devices Memory Leak in register_queue_kobjects() in net/core/net-sysfs.c Use-after-free vulnerability in hci_uart_set_proto() in Linux kernel before 5.0.5 Out-of-Bounds Read Vulnerability in Linux Kernel's SMB2_negotiate Function Use-after-free vulnerability in SMB2_write in Linux kernel before 5.0.10 Privilege Escalation Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Use-after-free vulnerability in SMB2_read in Linux Kernel before 5.0.10 Memory Leak in genl_register_family() in Linux Kernel NULL Pointer Dereference in drivers/block/paride/pf.c NULL Pointer Dereference in drivers/block/paride/pf.c NULL pointer dereference in fm10k_init_module due to alloc_workqueue failure Out of Bounds Access Vulnerability in hclge_tm_schd_mode_vnet_base_cfg Function Out of Bounds Access Vulnerability in ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx Functions Out-of-Bounds Access in build_audio_procunit Function in Linux Kernel Unlimited Brute Force Vulnerability in Craft CMS Elevated Session Password Prompt Privilege Escalation Vulnerability in Cisco NX-OS Software's Bash Shell Implementation Clickjacking Vulnerability in Intesync Solismed 3.3sp Intesync Solismed 3.3sp Directory Traversal Vulnerability Intesync Solismed 3.3sp Incorrect Access Control Vulnerability SQL Injection Vulnerability in Intesync Solismed 3.3sp CSRF Vulnerability in Intesync Solismed 3.3sp XSS Vulnerability in Intesync Solismed 3.3sp Insecure File Upload Vulnerability in Intesync Solismed 3.3sp Remote Buffer Overflow in Pengutronix Barebox through 2019.08.1: Exploiting a memcpy Vulnerability in nfs_readlink_reply Remote Buffer Overflow in Pengutronix Barebox through 2019.08.1: Exploiting a memcpy Vulnerability in nfs_readlink_req Divide-by-Zero Error in cv::HOGDescriptor::getDescriptorSize Denial of Service Vulnerability in Cisco NX-OS Software 802.1X Implementation Critical Security Vulnerability: Unauthenticated Root Access via TELNET in Victure PC530 Devices OpenID Connect Issuer Bypass Vulnerability in LemonLDAP::NG 2.x through 2.0.5 Uninitialized Value Vulnerability in FFmpeg's h2645_parse Remote Code Execution and Denial of Service Vulnerability in Counter-Strike: Global Offensive vphysics.dll HTML Injection Vulnerability in Counter-Strike: Global Offensive Community Game Servers Out-of-Bounds Access Vulnerability in OpenSC's decode_bit_string Function Out-of-Bounds Access Vulnerability in OpenSC before 0.20.0-rc1 Unencrypted Wallet.dat Data Exposure in Bitcoin Core 0.18.0 Buffer Overflow Vulnerability in Texas Instruments CC256x and WL18xx Dual-Mode Bluetooth Controllers Remote Command Execution as Root in Nagios XI Fibre Channel over Ethernet (FCoE) Protocol Denial of Service Vulnerability XSS Vulnerability in Redmine CRM Plugin 4.2.4 via Crafted vCard Data Path Traversal and Remote Command Execution in Total.js CMS 12.0.0 Vertical and Horizontal Privilege Escalation in Total.js CMS 12.0.0 Total.js CMS 12.0.0 - Remote Command Execution (RCE) via Malicious Widget Session Cookie Brute Force Vulnerability in Total.js CMS 12.0.0 Unauthorized System Reset Vulnerability in Cisco Web Security Appliance (WSA) Arbitrary Command Injection Vulnerability in Cisco Small Business RV Series Routers Remote Code Execution Vulnerability in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Arbitrary Command Execution Vulnerability in Cisco Small Business SPA500 Series IP Phones Privilege Escalation Vulnerability in Cisco NX-OS Software for Bash Shell Privilege Escalation in Cisco Webex Network Recording Admin Page Denial of Service Vulnerability in Clam AntiVirus (ClamAV) Software Improper Permission Assignment in Cisco TelePresence Collaboration Endpoint (CE) Software Allows Local Attackers to Write Files to /root Directory Information Disclosure Vulnerability in Cisco Unified Communications Manager Web Interface Cisco TelePresence Advanced Media Gateway Web Application Denial of Service Vulnerability Unauthenticated Audio Recording Vulnerability in Cisco TelePresence Collaboration Endpoint and RoomOS Software Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Domain Manager Cisco Web Security Appliance (WSA) Cross-Site Scripting (XSS) Vulnerability Multiple Denial of Service (DoS) Vulnerabilities in Cisco FXOS and NX-OS Software MP3 File Validation Vulnerability in Cisco Email Security Appliance Allows Bypass of Content Filters SQL Injection Vulnerability in Cisco Unified Communications Manager Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Industrial Network Director (IND) Web Interface Title: Cisco Managed Services Accelerator (MSX) Web Interface Open Redirect Vulnerability Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager (DCNM) Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager (DCNM) Authentication Bypass Vulnerabilities in Cisco Data Center Network Manager (DCNM) Arbitrary Command Injection Vulnerabilities in Cisco Data Center Network Manager (DCNM) API Endpoints Arbitrary Command Injection Vulnerabilities in Cisco Data Center Network Manager (DCNM) API Endpoints Vulnerability in LDAP Implementation in Cisco FXOS and NX-OS Software Directory Traversal Vulnerabilities in Cisco Data Center Network Manager (DCNM) Directory Traversal Vulnerabilities in Cisco Data Center Network Manager (DCNM) Directory Traversal Vulnerabilities in Cisco Data Center Network Manager (DCNM) Cisco Data Center Network Manager (DCNM) SOAP API XXE Vulnerability Arbitrary SQL Command Execution Vulnerabilities in Cisco Data Center Network Manager (DCNM) API Endpoints Arbitrary SQL Command Execution Vulnerabilities in Cisco Data Center Network Manager (DCNM) API Endpoints Arbitrary Command Injection Vulnerability in Cisco Unity Express CLI Missing CAPTCHA Protection in Cisco Webex Centers: Username Guessing Vulnerability Bypassing URL Reputation Filters in Cisco Email Security Appliance Cisco IOS XR Software BGP Attribute Processing Denial of Service Vulnerability Cisco NX-OS Software Network Stack Denial of Service Vulnerability Unauthenticated Remote Information Disclosure in Cisco Small Business RV Series Routers Lua Interpreter Heap Overflow Vulnerability in Cisco ASA and FTD Software Unauthenticated Remote Access Vulnerability in Cisco Small Business Switches Cross-Site Scripting (XSS) Vulnerability in Cisco Stealthwatch Enterprise Web Interface Arbitrary SQL Query Execution Vulnerability in Cisco DNA Spaces: Connector Privilege Escalation Vulnerability in Cisco DNA Spaces: Connector Command Injection Vulnerability in Cisco DNA Spaces: Connector NETCONF over SSH Access-Control Logic Vulnerability in Cisco IOS XR Software Unauthorized Access to JBoss EAP via Cisco DCNM Vulnerability Vulnerability in File System Permissions of Cisco FXOS and NX-OS Software Cisco Umbrella Roaming Client for Windows: Unauthorized Application Installation Vulnerability Local DLL Hijacking Vulnerability in Cisco Webex Teams for Windows Cross-Site Request Forgery (CSRF) Vulnerability in Cisco SD-WAN Solution's vManage Web UI Cisco UCS Director Web Interface Log File Download Vulnerability Unauthenticated Remote Bypass Vulnerability in Cisco Vision Dynamic Signage Director REST API Arbitrary Command Execution Vulnerability in Cisco Webex Video Mesh Vulnerability in Cisco AnyConnect Secure Mobility Client for Android Allows Service Hijack Attack and DoS Cross-Site Scripting (XSS) Vulnerability in Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Title: Cisco IOS and IOS XE Software Web UI CSRF Vulnerability Vulnerability: Filesystem Permissions Misconfiguration in Cisco NX-OS Software Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software Arbitrary Command Injection Vulnerability in Cisco IOS XE SD-WAN Software SQL Injection Vulnerability in Cisco SD-WAN Solution vManage Software Cisco Data Center Analytics Framework: Reflected XSS Vulnerability in Web-based Management Interface Insecure Direct Object Reference Vulnerability in Cisco Unified Customer Voice Portal (CVP) OAMP OpsConsole Server Cisco IOS XR Software BGP EVPN Denial of Service Vulnerability Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Vulnerability: Privilege Escalation via Improper Filesystem Permissions in Cisco NX-OS Software Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Denial of Service Vulnerabilities in Cisco IOS XR Software's BGP EVPN Implementation Cross-Site Scripting (XSS) Vulnerability in Cisco Crosswork Change Automation Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Emergency Responder Web Framework Denial of Service Vulnerability in Cisco Mobility Management Entity (MME) via SCTP Traffic Cisco IOS XR Software IS-IS Denial of Service Vulnerability Cisco Firepower Management Center (FMC) LDAP Authentication Bypass Vulnerability API Vulnerability in Cisco Smart Software Manager On-Prem Allows Unauthorized Modification of User Account Information and Denial of Service Privilege Escalation Vulnerability in Cisco NX-OS Software Elevated Privileges Vulnerability in Cisco NX-OS Software Vulnerability in Cisco NX-OS Software Allows Arbitrary Code Execution Multiple @ Characters in Email Addresses Parsing Vulnerability Remote Command Injection Vulnerability in D-Link DNS-320 through 2.05.B10 Login Manager Buffer Overflow Vulnerability in pam_p11 Component of OpenSC CSRF Vulnerability in Sentrifugo 3.2 Allows Arbitrary Code Execution Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Airbrake Ruby Notifier 4.2.3 Vulnerability: Unauthorized Disclosure of Passwords Weak Permissions on NETSAS Enigma NMS Server Allow Unauthorized Access and Modification Unencrypted Sensitive Data Exposure in NETSAS Enigma NMS 65.0.0 and Prior Unencrypted Sensitive Data Exposure in NETSAS Enigma NMS 65.0.0 and Prior Directory Traversal Vulnerability in NETSAS Enigma NMS 65.0.0 and Prior Remote SQL Injection Vulnerability in Enigma NMS 65.0.0 and Prior Versions Unrestricted File Upload Vulnerability in NETSAS Enigma NMS 65.0.0 and Prior Weak Authentication Vulnerability in NETSAS Enigma NMS 65.0.0 and Prior CSRF Vulnerability in NETSAS ENIGMA NMS Version 65.0.0 and Prior Stored Cross-site Scripting (XSS) Vulnerabilities in NETSAS Enigma NMS 65.0.0 and Prior through SNMP Protocol Injection Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Stored Cross-site Scripting (XSS) Vulnerabilities in NETSAS Enigma NMS 65.0.0 and Prior Versions Privilege Escalation Vulnerability in Enigma NMS 65.0.0 and Prior OS Command Injection Vulnerability in NETSAS Enigma NMS 65.0.0 and Prior Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Xpdf 3.04 Vulnerability: SIGSEGV in XRef::fetch Unchecked Return Value in nbd_genl_status Function in Linux Kernel Vulnerability in Cisco NX-OS CLI Allows Arbitrary Command Execution Out-of-Bounds Read Vulnerability in Symonics libmysofa 0.7 NULL Pointer Dereference in getHrtf in libmysofa 0.7 Invalid Write Vulnerability in Symonics libmysofa 0.7 Invalid Read Vulnerability in Symonics libmysofa 0.7 Invalid Read Vulnerability in Symonics libmysofa 0.7's getDimension Function Heap-Based Buffer Overflow in Kilo 0.0.1 Due to Integer Overflow in Tab Calculation User Registration Bypass Vulnerability in Harbor 1.7.0 through 1.8.2 Privilege Escalation and Code Execution Vulnerability in Micro-Star MSI Afterburner 4.6.2.15658 CSRF Vulnerability in Silver Peak EdgeConnect SD-WAN (Before 8.1.7.x) via JSON Data to .swf File Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Silver Peak EdgeConnect SD-WAN Web-Interface Outage Vulnerability Information Disclosure Vulnerability in Silver Peak EdgeConnect SD-WAN (CVE-2021-12345) Silver Peak EdgeConnect SD-WAN SNMP Service Public Value Vulnerability Privilege Escalation via spsshell Feature in Silver Peak EdgeConnect SD-WAN Reflected XSS Vulnerability in Silver Peak EdgeConnect SD-WAN (CVE-2021-12345) Directory Traversal Vulnerability in Silver Peak EdgeConnect SD-WAN (CVE-2021-XXXX) Unauthenticated Password Change Vulnerability in Humanica Humatrix 7 Recruitment Module CSRF Vulnerability in phpBB 3.2.7 Allows Unauthorized Deletion of Post Attachments Arbitrary CSS Injection Vulnerability in phpBB 3.2.7 Account Confirmation Bypass in Plataformatec Devise Arbitrary Command Execution Vulnerability in Cisco NX-OS and FXOS Software Remote Code Execution Vulnerability in Blade Shadow Network Protocol Remote Code Execution in TylerTech Eagle 2018.3.11 via Deserialization Vulnerability Remote Code Execution in Bludit 3.9.2 via File Upload Vulnerability Unauthenticated Remote Code Execution in ATutor 2.2.4 Stack-based Buffer Under-read Vulnerability in Xpdf 4.01.01 Information Exposure in Bootstrap.log File Allows Administrator Password Hash Retrieval XSS Vulnerability in 10Web Photo Gallery Plugin for WordPress XSS Vulnerability in 10Web Photo Gallery Plugin for WordPress SQL Injection Vulnerability in 10Web Photo Gallery Plugin for WordPress (<=1.5.35) Arbitrary Command Execution Vulnerability in Cisco NX-OS Software CSV Injection in Event Tickets Plugin for WordPress Local File Disclosure Vulnerability in Kartatopia PilusCart 1.4.1 Unrestricted Access to Configuration File in YouPHPTube 7.4 SQL Injection Vulnerability in Jobberbase 2.0's public/page_subscribe.php Stored Cross-Site Scripting Vulnerability in Grav through 1.6.15 via JavaScript Execution in SVG Images Integer Overflow Vulnerability in Atmel Advanced Software Framework (ASF) 4 Buffer Overflow Vulnerability in Microchip CryptoAuthentication Library CryptoAuthLib (Issue 1 of 2) Buffer Overflow Vulnerability in Microchip CryptoAuthentication Library CryptoAuthLib (Issue 2 of 2) Arbitrary Command Execution Vulnerability in Cisco NX-OS Software XSS Vulnerability in YII2-CMS v1.0 Contact Form Arbitrary File Upload Vulnerability in OKLite v1.2.25 Arbitrary File Deletion Vulnerability in OKLite v1.2.25 Session Hijacking Vulnerability in eteams OA v4.0.34 Rust Spin Crate RwLock Mutual Exclusion Violation Vulnerability Use-after-free vulnerability in HDR image format decoder in image crate before 0.21.3 Generativity Mishandling in compact_arena Crate: Out-of-Bounds Read/Write Vulnerability Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Use-after-free vulnerability in chttp crate before 0.1.3 Panic During Initialization of Lazy in once_cell Crate Thread-safety vulnerability in renderdoc crate before 0.5.0 Incorrect Block Sizes in BLAKE2b and BLAKE2s Algorithms with HMAC Uninitialized Memory Usage in Generator Crate API Calls XSS Vulnerability in Breadcrumbs Contributed Module for Padrino Framework Cross-Site Scripting (XSS) Vulnerability in Gophish 0.8.0 via Username Cross-Site Scripting (XSS) Vulnerability in Liferay Portal 7.2.0 GA1 via Journal Article Title Cross-Site Scripting (XSS) Vulnerability in Sakai 12.6 via Chat User Name Vulnerability: Image Signature Verification Bypass in Cisco NX-OS Software Hard-coded Cryptographic Key Vulnerability in FortiClient for Windows Denial of Service Vulnerability in FortiClient for Linux 6.2.1 and Below Fortinet FortiSIEM Database Component Hard-Coded Password Vulnerability Cross-Site Scripting (XSS) Vulnerability in FortiAuthenticator WEB UI 6.0.0 Privilege Escalation Vulnerability in FortiClient for Linux: Arbitrary System File Overwrite Cross Site Scripting (XSS) Vulnerability in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 Information Exposure Vulnerability in Fortinet FortiWeb 6.2.0 CLI and Earlier Stack-based Buffer Overflow in BIRD Internet Routing Daemon's BGP Daemon Cisco Fabric Services Buffer Overflow Vulnerability Integer Underflow Vulnerability in MikroTik RouterOS SMB Server NULL Pointer Dereference in Onigmo's onig_error_code_to_str Function Out-of-Bounds Read Vulnerability in Onigmo through 6.2.0 Stack Exhaustion Vulnerability in Oniguruma before 6.9.3 NULL Pointer Dereference in myhtml_tree_node_remove in MyHTML through 4.0.5 Use-After-Free Vulnerability in GNU cflow 1.6's Reference Function in parser.c Heap-Based Buffer Over-Read Vulnerability in GNU cflow through 1.6 Integer Overflow in remap_struct() in sa_common.c leads to memory corruption in sysstat before 12.1.6 Severe Division by Zero Vulnerability in SQLite's Query Planner Denial of Service (DoS) Vulnerability in Cisco NX-OS Software for Nexus 9000 Series Switches Incorrect Access Control Vulnerability in GitLab Enterprise Edition 11.x and 12.x Stored XSS Vulnerability in JetBrains YouTrack through 2019.2.56594 Stored XSS Vulnerability in LimeSurvey Allows Privilege Escalation Reflected XSS Vulnerability in LimeSurvey Allows Privilege Escalation XML Injection Vulnerability in Limesurvey before 3.17.14 Allows Remote Code Execution and Data Compromise Clickjacking Vulnerability in Limesurvey before 3.17.14 Path Disclosure Vulnerability in Limesurvey before 3.17.14 Browser Caching Vulnerability in Limesurvey before 3.17.14 Stored XSS Vulnerability in Limesurvey Allows Injection of Arbitrary Web Script or HTML via Admin Box Button Titles Limesurvey Default Configuration Allows Insecure SSL/TLS Usage Arbitrary Code Execution Vulnerability in Cisco Nexus 9000 Series Switches LDAP Authentication Brute Force and User Enumeration Vulnerability in Limesurvey Privilege Escalation: Admin Users Can Mark Other Users' Notifications as Read Reflected Cross-Site Scripting (XSS) Vulnerability in Limesurvey before 3.17.14 Unauthorized Integrity Check Execution in Limesurvey before 3.17.14 CSV Injection Vulnerability in Limesurvey before 3.17.14 Allows Command Injection via Survey Responses Unrestricted Access to Reserved Menu Entries in Limesurvey Unrestricted Access to Plugin Manager in Limesurvey before 3.17.14 Limesurvey before 3.17.14 Anti-CSRF Cookie Vulnerability XML External Entity (XXE) Vulnerability in HCL AppScan Source before 9.03.13 Cisco Data Center Network Manager Authentication Bypass Vulnerability Authentication Bypass Vulnerability in D-Link DIR-868L, DIR-885L, and DIR-895L Devices Arbitrary PHP Code Execution via upload_model() in DocCms 2016.5.17 Cross Frame Scripting (XFS) Vulnerability in ArcGIS Enterprise 10.6.1 through EDIT MY PROFILE Feature SQL Injection Vulnerability in Centreon 19.04: Exploiting the svc_id Parameter in makeXMLForOneService.php Cross-Site Scripting (XSS) Vulnerability in Centreon myAccount Alias and Name Fields Cross-Site Scripting (XSS) Vulnerability in Dolibarr 10.0.1 Directory Traversal Vulnerability in KSLabs KSWEB 3.93 Remote Code Execution in eQ-3 Homematic CCU2 and CCU3 via ReGa Core Process URLs Arbitrary File Upload Vulnerability in Cisco Data Center Network Manager Heap-based Buffer Over-read in GNU Serveez through 0.2.2 Regular Expression Denial of Service in WEBrick::HTTPAuth::DigestAuth Privilege Escalation Vulnerability in MISP Versions Prior to 2.4.115 Brocade Fabric OS Versions Vulnerability: Exposing Remote ESRS Server Credentials Vulnerability: Exposing External Passwords and Authentication Keys in Brocade Fabric OS Versions Insufficiently Random Session ID Vulnerability in Brocade SANnav Plaintext Account Credential Logging Vulnerability in Brocade SANnav Versions Before v2.0 Hard-coded Password Vulnerability in Brocade SANnav Versions Before v2.0 Weakness in Password-Based Encryption Algorithm in Brocade SANnav Versions before v2.0 Man-in-the-Middle Attack Vulnerability in Brocade SANnav Versions before v2.0 Cisco Data Center Network Manager (DCNM) Web Interface File Access Vulnerability Brocade SANnav Vulnerability: Plain Text Database Connection Password Logging Plaintext Password Storage Vulnerability in Brocade SANnav Versions Before v2.1.0 LDAP Injection Vulnerability in Brocade SANnav Versions Before v2.1.0 Arbitrary Command Execution Vulnerability in Tenda PA6 Wi-Fi Powerline Extender 1.0.1.21 Regular Expression Vulnerability in Libra Core Allows Code Interference via Nonstandard Line-Break Character Exponential Backtracking Vulnerability in Zulip Server Markdown Parser Insecure MIME Type Validation in Zulip Server 2.0.5 and Earlier Cross-Site Scripting (XSS) Vulnerability in WordPress Media Uploads (CVE-2019-17671) Stored Cross-Site Scripting (XSS) Vulnerability in WordPress before 5.2.3 XSS Vulnerability in WordPress Shortcode Previews Improper Access Controls in Cisco Data Center Network Manager (DCNM) Allow Information Retrieval Open Redirect Vulnerability in WordPress before 5.2.3 Reflected XSS Vulnerability in WordPress Dashboard Cross-Site Scripting (XSS) Vulnerability in WordPress before 5.2.3 XSS Vulnerability in WordPress Previews by Authenticated Users Invalid Write Operation in py-lmdb 0.97 Invalid Write Operation in py-lmdb 0.97 Invalid Write Operation in py-lmdb 0.97: Unvalidated memmove in mdb_node_del Invalid Write Operation in py-lmdb 0.97: Vulnerability in mdb_cursor_set Divide-by-Zero Error in py-lmdb 0.97: Vulnerability in mdb_env_open2 NULL pointer dereference in kfd_interrupt.c in Linux kernel 5.2.14 Arbitrary Code Execution Vulnerability in Cisco Meeting Server CLI Configuration Shell NULL pointer dereference vulnerability in radeon_display.c in Linux kernel 5.2.14 NULL Pointer Dereference in fjes_main.c NULL Pointer Dereference in if_sdio.c NULL Pointer Dereference in qla_os.c in Linux Kernel 5.2.14 NULL Pointer Dereference in iwlwifi PCIe Transmitter Improper Source Verification in Dino's XEP-0280 Message Carbons Module Roster Push Authorization Bypass in Dino (CVE-2019-09-10) Improper Source Verification in Dino MAM Message Archive Management Module XSS Vulnerability in Afterlogic Aurora 8.3.9-build-a3 Allows Session Hijacking Buffer Overflow in process_http_response in OpenConnect before 8.05 with Crafted Chunk Sizes Arbitrary Command Injection Vulnerability in Cisco SD-WAN vManage Web UI Buffer Overflow and Information Disclosure Vulnerability in HP Inkjet Printers Bypassing PIN Authentication on TCL Alcatel Cingular Flip 2 B9HUAH1 Devices Vulnerability: OS Command Injection in TCL Alcatel Cingular Flip 2 B9HUAH1 omamock Application Undocumented Web API Allows Unauthorized Access to Firmware Update Settings on TCL Alcatel Cingular Flip 2 B9HUAH1 Devices Bypassing Security Filters and Accessing Hidden Objects in OMERO.server User Information Disclosure Vulnerability in OMERO Intesync Solismed 3.3sp1 Local File Inclusion (LFI) Vulnerability User Mode Write AV Vulnerability in Delta DCISoft 1.21 Insecure Media Deletion in Telegram's Delete For Feature Out-of-Bounds Read Vulnerability in OpenCV 4.1.1 Privilege Escalation Vulnerability in Cisco SD-WAN CLI Unauthenticated Options Changes and CSS Injection Vulnerability in Ocean Extra Plugin Authenticated Options Changes in YIT Plugin Framework for WordPress SSL Certificate Validation Bypass in Nutfind.com Android App Allows Man-in-the-Middle Attacks Privilege Escalation Vulnerability in SamsungTTS Application HTTP Response Splitting in Ruby through 2.6.4 Code Injection Vulnerability in Ruby's Shell#[] and Shell#test Methods Simjacker: Exploiting the SIMalliance Toolbox Browser on Samsung Devices Simjacker: Exploiting the SIMalliance Toolbox Browser on Motorola Devices Vulnerability: Root Access Exploit via Homee Brain Cube V2 Bootloader Privilege Escalation Vulnerability in Cisco SD-WAN vManage Web UI Unauthenticated POST Request Vulnerability in Tripp Lite PDUMH15AT 12.04.0053 Devices Insecure SSL Certificate Validation in Twitter Kit for iOS SQL Injection Vulnerability in EGPP GESAC v1 Authentication Form Buffer Overflow Vulnerability in CODESYS V2.3 ENI Server up to V3.2.2.24 HTML Injection Vulnerability in Zoho ManageEngine Remote Access Plus 10.0.259 Unauthorized Access to Sensitive User Information in Cisco IMC Server Utilities Unauthenticated Remote Reading of Whiteboard Image PDFs in DTEN D5 and D7 Devices Vulnerability: Factory Settings Allow Firmware Reflash and ADB Enablement on DTEN D5 and D7 Devices Unauthenticated Root Shell Access and Covert Screen Data Capture Vulnerability in DTEN D5 and D7 Devices Unencrypted HTTP Data Transfer Vulnerability in DTEN D5 and D7 Devices Incorrect Indication of Disconnection Vulnerability in hostapd and wpa_supplicant HTTP Request Smuggling Vulnerability in Go before 1.12.10 and 1.13.x before 1.13.1 Heap-Based Buffer Overflow in PicoC 2.1's StringStrcpy Function Remote Code Execution via Directory Traversal in Nostromo nhttpd Denial of Service Vulnerability in nostromo nhttpd through 1.9.6 via Crafted HTTP Request Buffer Overflow Vulnerability in Cisco IMC Web Server API Token Validation Vulnerability in Ptarmigan before 0.2.3 Persistent Cross-Site Scripting (XSS) Vulnerability in NCH Express Invoice v7.12 HP Softpaq Installer Arbitrary Code Execution Vulnerability Arbitrary Code Execution Vulnerability in HP Products: Privilege Elevation via EFI_BOOT_SERVICES Physical Access Vulnerability: Unauthorized Extraction of Sensitive Information Bypassing OS Application Filter through Browser Preferences to Execute Arbitrary Commands Application Filter Bypass Vulnerability in HP ThinPro Linux Allows Privileged Access and Command Execution Tenda N301 Wireless Router Crash Vulnerability Authenticated XSS Vulnerability in insert-php Plugin for WordPress Cisco IMC Configuration Import Utility File Upload Vulnerability Arbitrary OS Command Execution Vulnerability in Open-AudIT Create Discoveries Feature Remote Code Execution and Denial of Service Vulnerability in Notepad++ (x64) 7.7 and Earlier Stored XSS vulnerability in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 via cmd_arg parameter Vulnerability: Incomplete Event Handling in ONOS P4 Tutorial Application Vulnerability: Unhandled Host Event Types in ONOS Virtual BNG Application Vulnerability: Unhandled Host Event Types in ONOS Mobility Application Buffer Overflow Vulnerability in Cisco IMC Firmware Signature Checking Program Vulnerability: Unhandled HOST_REMOVED Event in ONOS ACL Application Unhandled Event Type Vulnerability in ONOS Virtual Tenant Network Application Vulnerability in ONOS Ethernet VPN Application: Absence of Intended Code Execution Insecure Randomness in JHipster Generator Allows Privilege Escalation and Account Takeover Command Injection Vulnerability in MobaXterm Protocol Handler Reflected Cross-Site Scripting (XSS) Vulnerability in Fuji Xerox DocuShare SQL Injection Vulnerability in FlameCMS 3.3.5 via accountName Parameter in account/login.php Cisco Integrated Management Controller (IMC) Web Interface Information Disclosure Vulnerability XSS Vulnerability in NIUSHOP V1.11 via index.php?s=/admin URI CSRF Vulnerability in NIUSHOP V1.11 via search_info in index.php XSS Vulnerability in s-cms V3.0 via S_id Parameter in index.php?type=text Credential Disclosure Vulnerability in ifw8 Router ROM v4.31 Remote Code Execution Vulnerability in Indexhibit 2.1.5 via /ndxzstudio/install.php?p=2 Arbitrary .phar File Execution Vulnerability in Pimcore before 5.7.1 File Extension Bypass Vulnerability in Pimcore before 5.7.1 Infinite Loop Vulnerability in Gryphon Dissector in Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10 Cisco IMC Web Interface CSRF Vulnerability Vulnerability in Cobham Sea Tel v170-v194 Devices: Unauthorized Access to Vessel Location via SNMP XSS Vulnerability in ScadaBR 1.0CE and 1.1.x through 1.1.0-RC via Nonexistent Resource Request CSRF Vulnerability in D-Link DIR-601 B1 2.00NA Allows for Remote Router Management and Device Compromise Authentication Bypass Vulnerability in D-Link DIR-601 B1 2.00NA Remote Code Execution via Object Attribute Modification in RPyC 4.1.x through 4.1.1 Persistent XSS Vulnerability in NCH Express Accounts Accounting v7.02 XSS Vulnerability in api-bearer-auth Plugin for WordPress Persistent Cross-Site Scripting (XSS) in GetSimple CMS v3.3.15 admin/theme-edit.php Persistent XSS Vulnerability in Bludit v3.9.2 Categories Add New Category Name Field Polymorphic Typing Vulnerability in FasterXML jackson-databind Denial of Service Vulnerability in Cypress PSoC 4 BLE Component 3.61 and Earlier Use-after-free vulnerability in hncbd90 component in Hancom Office 9.6.1.9403 via crafted .docx file Use-After-Free Vulnerability in Hancom Office 9.6.1.7634 Arbitrary Command Injection Vulnerability in Cisco IMC IPMI Remote Discovery of Recovery Key in Belkin Linksys Velop 1.1.8.192419 Devices Cross-Site Scripting (XSS) Vulnerability in ScadaBR 1.0CE Login Form Heap-Based Buffer Overflow in ngiflib 0.4's WritePixel() Function Heap-Based Buffer Overflow in ngiflib 0.4's WritePixels() Function NULL Pointer Dereference in gain_file() at wav_gain.c NULL Pointer Dereference in Bento4 1.5.1-628: AP4_ByteStream::ReadUI32 Vulnerability XML Parsing Vulnerability in Cisco IP Phone 7800 and 8800 Series: Remote DoS Exploit NULL Pointer Dereference in idct2d8x8() at dct.c in ffjpeg (before 2019-08-18) NULL Pointer Dereference in huffman_decode_step() in ffjpeg before 2019-08-18 Heap-Based Buffer Overflow in ffjpeg's jfif_load() Function Remote Device Crafted Traffic Vulnerability in Emerson GE Automation Proficy Machine Edition 8.0 Race Condition Vulnerability in Beego 1.10.0 File Session Manager Weak File Permissions in Beego 1.10.0 File Session Manager Arbitrary Command Execution Vulnerability in Cisco Webex Teams Client Heap-Based Buffer Overflow in fxBeginHost in Moddable SDK OS180329 Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows PGP Signing Plugin in Gradle Allows Artifact Replacement via SHA-1 Collision Clickjacking Vulnerability in LogMeIn LastPass LDAP Injection Vulnerability in Pega Platform 8.2.1 Remote Code Execution Vulnerability in OTRS 7.0.x and Community Edition 5.0.x-6.0.x Incorrect Access Control in makandra consul gem through 1.0.2 for Ruby Multiple From: Address Signature-Bypass Vulnerability in OpenDMARC Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Bypassing FileGuard Folder Protection in Ivanti Workspace Control 10.3.110.0 SQL Injection Vulnerability in MOVEit Transfer 2018 SP2, 2019, and 2019.1 Path Traversal Vulnerability in Cybele Thinfinity VirtualUI 2.5.17.2 Allows Data Exfiltration HTTP Response Splitting Vulnerability in Cybele Thinfinity VirtualUI 2.5.17.2 via PDF Viewer Request Information Disclosure Vulnerability in PEGA Platform 7.x and 8.x Privilege Escalation in PEGA Platform 8.3.0 via prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases Information Disclosure Vulnerability in PEGA Platform 8.3.0 via prweb/sso/random_token/!STANDARD?pyStream=MyAlerts Endpoint Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Authenticated Visitor Content Modification and Database Manipulation Vulnerability in SPIP Cross-Site Scripting (XSS) Vulnerability in SPIP before 3.1.11 and 3.2 before 3.2.5 via Error Messages SPIP Redirect URL Mishandling Vulnerability Information Disclosure Vulnerability in SPIP Password-Reminder Page Stack-Based Buffer Overflow in GnuCOBOL 2.2's cb_name() Function Use-after-free vulnerability in GnuCOBOL 2.2 via crafted COBOL source code Remote Code Execution via SD Card on Keeper K5 20.1.0.25 and 20.1.0.63 Devices Broken Authentication in Western Digital WD My Book World through II 1.02.12 allows unauthorized access to /admin/ directory Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Bluetooth AT Command Denial of Service Vulnerability in Samsung Galaxy Devices Bluetooth-based Injection of AT Commands on Samsung Galaxy Devices: Leaking Sensitive Information Customer Data Manipulation Vulnerability in Webkul Bagisto Authenticated SQL Injection in OpenEMR through 5.0.2: Arbitrary Data Extraction via eye_base.php Remote Code Execution via Macro Expression Location Settings in Centreon Web Privilege Escalation Vulnerability in Centreon Web 19.04.4 DLL Hijacking Vulnerability in JetBrains ReSharper Installers (Pre-2019.2) Unpublished Versions of Files Exposed in SilverStripe Versioned Files Module Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Memory Access Vulnerability in Suricata 4.1.4: Lack of Header Length Checking in Defrag4Reassemble Function Memory Access Vulnerability in Suricata 4.1.4 Zero wanMTU Value Vulnerability in Tenda N301 Wireless Routers Denial of Service Vulnerability in Linux Kernel's 9p Filesystem DOM-based XSS in GFI Kerio Control v9.3.0: Exploiting Login Page to Steal Cleartext Credentials XSS Vulnerability in HRworks 3.36.9: Exploiting Travel-Expense Report Purpose Field XSS Vulnerability in HRworks FLOW 3.36.9: Exploiting Travel-Expense Report Purpose Field Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Software Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Infrastructure Web Interface Cisco IoT-FND UDP Protocol Implementation Denial of Service Vulnerability Adobe Acrobat and Reader Binary Planting Privilege Escalation Vulnerability Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Unauthenticated Adjacent Attackers Can Access Sensitive Data in Cisco CMX Software Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Adobe Acrobat and Reader Security Bypass Vulnerability Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Privilege Escalation and Configuration Modification Vulnerability in Cisco SD-WAN Solution CLI Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20056 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.5 Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.5 Adobe Experience Manager User Interface Injection Vulnerability Expression Language Injection Vulnerability in Adobe Experience Manager Insecure Default Configuration in Cisco SD-WAN Solution Allows Unauthorized Access to vSmart Containers Stack-based Buffer Overflow Vulnerability in Adobe Acrobat Reader Use After Free Vulnerability in Adobe Acrobat Reader Allows Arbitrary Code Execution Privilege Escalation Vulnerability in Cisco SD-WAN Solution Vulnerability in Cisco's Secure Boot Implementation Allows Unauthorized Firmware Modification Arbitrary File Overwrite Vulnerability in Cisco SD-WAN Solution Integer Overflow Privilege Escalation in Imagination Technologies Driver for Chrome OS Root User Privilege Escalation and Denial of Service Vulnerability in Cisco SD-WAN Solution vContainer Use-After-Free Vulnerability in libIEC61850 through 1.3.3 Directory Traversal Vulnerability in FireGiant WiX Toolset Stored XSS Vulnerability in ConnectWise Control Appearance Modifier CSRF Vulnerability in ConnectWise Control 19.3.25270.7185 Remote Code Execution Vulnerability in ConnectWise Control Lack of HTTP Security Headers in ConnectWise Control ConnectWise Control User Enumeration Vulnerability CORS Misconfiguration in ConnectWise Control Allows Unauthorized Administrative Actions Vulnerability: Unintended Temperature Manipulation via Bluetooth Low Energy (BLE) Packets on Swell Kit Mod Devices Undocumented Feature in ESET Cyber Security for macOS Allows Unauthorized Root Command Execution Arbitrary Command Execution Vulnerability in Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Stored XSS Vulnerability in All in One SEO Pack Plugin for WordPress Reflected XSS Vulnerability in Broken Link Checker WordPress Plugin Stored XSS Vulnerability in EU Cookie Law (GDPR) Plugin for WordPress Stored XSS Vulnerability in Events Manager Plugin for WordPress Stored XSS Vulnerability in Easy FancyBox WordPress Plugin XSS Vulnerability in Checklist Plugin for WordPress Sensitive Information Disclosure in AbuseFilter Extension for MediaWiki Oversighted Edit Summaries Exposed in CheckUser Results Improper Access Controls in Cisco Small Business RV320 and RV325 Routers Allow Unauthorized Retrieval of Sensitive Information Remote Code Execution in Sonatype Nexus Repository Manager and IQ Server Multiple CSRF Issues in LayerBB before 1.1.4: System Settings Modification via admin/general.php HTTP Host Header Injection Vulnerability in YzmCMS V5.3 XSS Vulnerability in DrayTek Vigor2925 Firmware 3.8.4.3 XSS Vulnerability in DrayTek Vigor2925 Firmware 3.8.4.3 via Crafted WAN Name Vulnerability: RCE and DoS via Native Protocol in ClickHouse (versions before 19.14) Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Vulnerability: Unauthorized Deletion of Support Bundles in Jenkins Support Core Plugin Vulnerability in Cisco Aironet Series Access Points Allows Unauthorized Root Access Arbitrary File Deletion Vulnerability in Jenkins Support Core Plugin Jenkins JIRA Plugin Allows Unauthorized Access to System Credentials Unencrypted Storage of Credentials in Jenkins Anchore Container Image Scanner Plugin Unencrypted Storage of Credentials in Jenkins Spira Importer Plugin Unencrypted Storage of Credentials in Jenkins QMetry for JIRA - Test Management Plugin Jenkins QMetry for JIRA - Test Management Plugin: Plain Text Transmission of Credentials Insecure SSH Host Key Verification in Jenkins Google Compute Engine Plugin Information Disclosure in Jenkins Google Compute Engine Plugin 4.1.1 and earlier Cross-Site Request Forgery Vulnerability in Jenkins Google Compute Engine Plugin Allows Unauthorized Agent Provisioning XML External Entity (XXE) Vulnerability in Jenkins Maven Release Plugin 0.16.1 and Earlier Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Meetings Server Cross-Site Request Forgery Vulnerability in Jenkins Maven Release Plugin 0.16.1 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and Earlier Jenkins Gerrit Trigger Plugin 2.30.1 and Earlier: Missing Permission Check Allows Unauthorized Access Jenkins Build Failure Analyzer Plugin 1.24.1 and Earlier: Cross-Site Request Forgery Vulnerability Exploiting Computationally Expensive Regular Expression Evaluation Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier: Missing Permission Check Allows for Computationally Expensive Regular Expression Evaluation Uninterruptible Regular Expression Evaluation in Jenkins Build Failure Analyzer Plugin Unencrypted Storage of Credentials in Jenkins Rundeck Plugin Unencrypted Storage of Credentials in Jenkins Redgate SQL Change Automation Plugin Jenkins Spira Importer Plugin 3.2.3 and earlier: SSL/TLS Certificate Validation Bypass Unauthenticated Path Existence Disclosure in Jenkins WebSphere Deployer Plugin Local Shell Access Vulnerability in Cisco Enterprise NFVIS CLI Cross-Site Request Forgery Vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and Earlier Jenkins WebSphere Deployer Plugin SSL/TLS Certificate and Hostname Validation Bypass Vulnerability Stored XSS Vulnerability in Jenkins buildgraph-view Plugin 1.8 and Earlier Stored XSS vulnerability in Jenkins Mission Control Plugin 0.9.16 and earlier Stored XSS vulnerability in Jenkins Pipeline Aggregator View Plugin 1.8 and earlier Cross-Site Request Forgery Vulnerability in Jenkins Team Concert Plugin 1.3.0 and Earlier Vulnerability: Missing Permission Check in Jenkins Team Concert Plugin Allows Unauthorized Access to Attacker-Specified URLs Vulnerability: Enumeration of Credentials ID in Jenkins Team Concert Plugin Jenkins SCTMExecutor Plugin 2.2 and earlier exposes service credentials in plain text Cross-Site Request Forgery Vulnerability in Jenkins Mantis Plugin 0.26 and Earlier Unauthorized Access Vulnerability in Cisco AMP Threat Grid Jenkins RapidDeploy Plugin 4.1 and Earlier: Cross-Site Request Forgery Vulnerability Allows Unauthorized Server Connections Unauthenticated Remote Connection Vulnerability in Jenkins RapidDeploy Plugin 4.1 and Earlier Unencrypted Storage of Credentials in Jenkins Weibo Plugin Cross-Site Request Forgery Vulnerability in Jenkins Alauda DevOps Pipeline Plugin Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs Cross-Site Request Forgery Vulnerability in Jenkins Alauda Kubernetes Support Plugin Jenkins Alauda Kubernetes Support Plugin 2.3.0 and earlier - Missing Permission Check Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Unified Intelligence Center Cisco Prime Infrastructure Integration Feature SSL Certificate Validation Vulnerability Unauthenticated Remote Access Vulnerability in Cisco TelePresence Management Suite (TMS) Software Cross-Site Scripting (XSS) Vulnerability in Cisco TelePresence Management Suite (TMS) Web Interface Insufficient Authentication Controls in Cisco Prime Collaboration Assurance Software Arbitrary Code Execution Vulnerability in Cisco RV Series Routers Root Access Vulnerability in Cisco HyperFlex Software SQL Injection Vulnerability in TuziCMS 2.0.6 via index.php/Mobile/Zhuanti/group?id= parameter Stored XSS Vulnerability in ZrLog 2.1.1's article_edit Area SQL Injection Vulnerability in TuziCMS 2.0.6 ZhuantiController.class.php Arbitrary HTTP Host Header Phishing Vulnerability in Embedthis GoAhead 2.5.0 Unquoted Search Path Vulnerability in Maxthon Browser for Windows Virtual Media Service Vulnerability on Supermicro H11, H12, M11, X9, X10, and X11 Products Cross-Site Scripting (XSS) Vulnerability in Cisco HyperFlex Software Web Interface Vulnerability: Privilege Escalation via Virtual Media Service on Supermicro X10 and X11 Products Vulnerability: WAN IP Address Leakage via SNMP Commands on Virgin Media Super Hub 3 Remote Command Execution in Genius Bytes Genius Server (Genius CDDS) 3.2.2 Remote Code Execution Vulnerability in Genius Bytes Genius Server (Genius CDDS) 3.2.2 Reinstallation Vulnerability in joyplus-cms 1.6.0 Arbitrary PHP Code Execution in joyplus-cms 1.6.0 via Object Name Injection XSS Vulnerability in TuziCMS 2.0.6 via PATH_INFO to Group URI CSRF Vulnerability in TuziCMS 2.0.6's index.php/manage/notice/do_add CSRF Vulnerability in TuziCMS 2.0.6's index.php/manage/link/do_add Unauthenticated Remote Data Retrieval Vulnerability in Cisco HyperFlex Graphite Service CSRF Vulnerability in joyplus-cms 1.6.0's admin_ajax.php?action=savexml&tab=vodplay XSS Vulnerability in Ogma CMS 0.5: New Blog Creation Command Execution Vulnerability in rConfig 3.9.2 Command Execution Vulnerability in rConfig 3.9.2 Cross-Site Scripting (XSS) Vulnerability in ThinkSAAS 2.91 via index.php?app=group&ac=create&ts=do groupname Parameter Cross-Site Scripting (XSS) Vulnerability in ThinkSAAS 2.91 via index.php?app=group&ac=comment&ts=do&js=1 URI CSRF Vulnerability in diag_command.php in pfSense 2.4.4-p3 Account Enumeration Vulnerability in Pagekit 1.0.17 Reset Password Feature Arbitrary Data Write Vulnerability in Cisco HyperFlex Graphite Interface Authentication Mechanism Brute-Force Vulnerability Uncontrolled Resource Consumption Vulnerability in Weidmueller IE-SW Devices Clear-text Transmission of Sensitive Credentials in Weidmueller IE-SW-VL05M, IE-SW-VL08MT, and IE-SW-PL10M Devices Clear-text Password Storage Vulnerability Predictable Authentication Information in Cookie Leads to Admin Password Compromise Out-of-bounds Read and Remote Code Execution in PHOENIX CONTACT PC Worx and Config+ Incorrect Access Control in Plataformatec Simple Form's file_method in lib/simple_form/form_builder.rb CSRF Vulnerability in idreamsoft iCMS V7.0 CSRF Vulnerability in YzmCMS 5.3 Allows Denial of Service via Superseding Route Local File Inclusion Vulnerability in Gila CMS before 1.11.1 Cross-Site Scripting (XSS) Vulnerability in Cisco SocialMiner Chat Feed Path Traversal Vulnerability in GNOME file-roller Arbitrary URL Opening and Deceptive Content Injection Vulnerability in Traveloka Android App SQL Injection Vulnerability in TYPO3 URL Redirect Extension Xoops 2.5.10 Image Manager Breadcrumb Hover XSS Vulnerability Xoops 2.5.10 Image-Manager JavaScript Payload Execution Vulnerability Stored XSS Vulnerability in Dolibarr 9.0.5 User Group Description Section Stored XSS Vulnerability in Dolibarr 9.0.5 User Note Section Stored XSS and Privilege Escalation in Dolibarr 9.0.5 User Profile Signature Section Stored XSS Vulnerability in Dolibarr 9.0.5 Email Template Section Cisco Firepower Threat Defense (FTD) Software Memory Exhaustion Vulnerability SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/filter-result.php SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/order.php SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/edit-result.php SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/filter.php SQL Injection Vulnerability in phpIPAM 1.4 via app/admin/custom-fields/edit.php Unrestricted Data Access in TYPO3 Direct Mail Extension Remote Code Execution in sr_freecap TYPO3 Extension Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Intelligence Center Software Arbitrary File Upload and Potential Remote Code Execution in TYPO3 slub_events Extension Remote Code Injection in pfSense through 2.3.4 through 2.4.4-p3 via methodCall XML document with pfsense.exec_php call Buffer Overflow Vulnerability in Integard Pro 2.2.0.9026 Allows Remote Code Execution Stored XSS vulnerability in admin/infolist_add.php in PHPMyWind 5.6 Stored XSS vulnerability in admin/infoclass_update.php in PHPMyWind 5.6 Out of Bounds Read Vulnerability in Ming (libming) 0.4.8's OpCode() Function CSRF Vulnerability in kkCMS v1.3 Allows Unauthorized User Account Addition Invalid Read Vulnerability in Hunspell 1.7.0's SuggestMgr::leftcommonsubstring Memory Leak in ImageMagick 7.0.8-35: XCreateImage Vulnerability Memory Leak in ImageMagick 7.0.8-35: Vulnerability in coders/dps.c Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Web Interface Memory Leak in ImageMagick 7.0.8-35: Vulnerability in coders/dot.c Memory Leak in Huffman2DEncodeImage in ImageMagick 7.0.8-40 Memory Leak in Huffman2DEncodeImage in ImageMagick 7.0.8-43 Memory Leak in ImageMagick 7.0.8-43: Vulnerability in coders/dot.c Uninitialized Fields in rds6_inc_info_copy Vulnerability Incorrect Access Control in OX App Suite through 7.10.2 Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.2 Command Injection Vulnerability in radare2 bin_symbols() Function WTCMS 1.0 Vulnerability: CSRF and XSS via index.php?g=admin&m=index&a=index Cisco Web Security Appliance (WSA) Decryption Policy Bypass Vulnerability Arbitrary File Upload Vulnerability in ZZZCMS zzzphp v1.7.2 CSRF Vulnerability in NoneCMS v1.3 Allows Unauthorized Deletion of Admin User Insufficient Protection Mechanism in ZZZCMS zzzphp v1.7.2 Allows PHP Code Execution Cacti 1.2.6 Authenticated User Bypass Vulnerability Arbitrary Code Execution via Structured Exception Handler (SEH) Buffer Overflow in File Sharing Wizard 1.5.0 XSS Vulnerability in Joomla! 3.x before 3.9.12 via Logo Parameter DOMPurify 2.0.1 and Earlier: XSS Vulnerability via innerHTML Mutation (mXSS) in SVG or MATH Element Local Root Escalation Vulnerability in pam-python Cisco Identity Services Engine (ISE) Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability Arbitrary Command Execution in Petwant PF-103 Firmware 4.22.2.42 and Petalk AI 3.2.2.30 Remote Code Execution and Device Manipulation in Petwant PF-103 and Petalk AI Firmware Unencrypted Firmware Upgrade Vulnerability in Petalk AI and PF-103: Allowing Man-in-the-Middle Attackers to Execute Arbitrary Code as Root User Arbitrary Command Execution Vulnerability in Petwant PF-103 Firmware 4.22.2.42 and Petalk AI 3.2.2.30 Default Credentials Vulnerability in Petwant PF-103 Firmware 4.3.2.50 and Petalk AI 3.2.2.30 Stack-based Buffer Overflow in Petwant PF-103 Firmware and Petalk AI: Remote Code Execution Vulnerability Stack-based Buffer Overflow in Petwant PF-103 Firmware and Petalk AI Arbitrary Command Execution Vulnerability in Petwant PF-103 Firmware and Petalk AI Information Disclosure of Suppressed Usernames via User ID Lookup in MediaWiki Arbitrary Command Execution Vulnerability in Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools eBrigade before 5.0 - SQL Injection in evenement_ical.php eBrigade before 5.0: Critical SQL Injection Vulnerability in evenements.php cid Parameter eBrigade before 5.0 - SQL Injection in evenement_choice.php Buffer Overflow in Linux Kernel's nl80211.c Invalid Pointer Free Vulnerability in MatrixSSL DTLS Server Heap-based Buffer Over-read in ASN.1 Certificate Data Parsing in wolfSSL through 4.1.0 Default Local Account with Static Password Vulnerability in Cisco Aironet Active Sensor Reflected Cross Site Scripting (XSS) in Devise Token Auth's omniauth failure endpoint Arbitrary HTTP Request Vulnerability in DAPS, Dash Core, and PIVX Weak Signature Scheme Design in Decentralized Anonymous Payment System (DAPS) and Private Instant Verified Transactions (PIVX) NULL Pointer Dereference Vulnerability in RIOT 2019.07 MQTT-SN Implementation Pre-Authenticated Remote Command Execution Vulnerability in BMC Remedy ITSM Suite Directory Traversal Vulnerability in Lexmark Services Monitor 2.27.4.0.39 Remote Command Execution via widgetConfig[code] Parameter in vBulletin 5.x through 5.5.4 Cisco Meeting Server (CMS) Software Denial of Service Vulnerability Vulnerability: Incorrect Dependency Download in Cargo Prior to Rust 1.26.0 Bitcoin Script Vulnerability: Specially Crafted Scripts Trigger SLP Consensus Hard-Fork Specially Crafted Bitcoin Script Vulnerability Allows for SLP Consensus Hard-Fork Unsanitized URL Vulnerability in Pannellum 2.5.0 - 2.5.4 Allows for Potential XSS Attacks Denial of Service Vulnerability in PowAssent: Unsafe Use of `String.to_atom/1` Arbitrary Code Execution Vulnerability in Visual Studio Code with CodeQL Extension Wagtail-2FA Authentication Bypass Vulnerability Conditional Admin Sys Mode Vulnerability Information Leakage Vulnerability in Sylius Cross-site Scripting (XSS) Vulnerability in serialize-javascript npm Package Cross-Site Scripting Vulnerability in Cisco Webex Meetings for Android Denial of Service Vulnerability in Puma's Reactor Armeria 0.85.0 - 0.96.0 HTTP Response Splitting Vulnerability Cross-site Scripting (XSS) Vulnerability in serialize-to-js NPM Package Object Injection Vulnerability in PHPFastCache Cookie Driver Arbitrary File Write Vulnerability in npm CLI Arbitrary File Write Vulnerability in npm CLI Arbitrary File Overwrite Vulnerability in npm CLI Heap Buffer Overflow in UnsortedSegmentSum in TensorFlow Race Condition Vulnerability in RubyGem excon before 0.71.0 Cisco Meeting Server Denial of Service Vulnerability XSS Vulnerability in WordPress Block Editor Allows JavaScript Injection Authenticated User JavaScript Injection in WordPress Block Editor Timing Attack Vulnerability in Rack RubyGem Local Privilege Escalation Vulnerability in PyInstaller on Windows HTTP Request Smuggling/Splitting Vulnerability in Waitress 1.3.1 Vulnerability: HTTP Request Parsing Issue in Waitress 1.3.1 HTTP Request Smuggling Vulnerability in Waitress 1.4.0: Proxy Bypass and Cache Poisoning Title: Authenticated SSRF Vulnerability in Cisco TelePresence Conductor, Expressway Series, and TelePresence VCS Software Remote Code Execution Vulnerability in Tiny File Manager 2.3.9 Vulnerability: Downgrade of Effective STS Policy in postfix-mta-sts-resolver before 0.5.1 Request Smuggling Vulnerability in Waitress 1.3.1 Arbitrary Text Injection Vulnerability in Cisco Webex Business Suite Cisco Network Convergence System 1000 Series TFTP Arbitrary File Retrieval Vulnerability Privilege Escalation Vulnerability in Cisco APIC FUSE Filesystem Functionality Improper Validation of Server Certificates in Cisco IP Phones Allows Eavesdropping and Call Manipulation Cisco IP Phone 7800 and 8800 Series Denial of Service Vulnerability Cisco Unity Connection SAML SSO Interface Cross-Site Scripting Vulnerability Vulnerability: Bypassing ACL Protection on Cisco ASR 9000 Series Routers Untrusted Search Path Vulnerability in Code42 App for Windows Untrusted Search Path Vulnerability in Code42 Server for Windows Reflected XSS Vulnerability in OpenEMR 5.x before 5.0.2.1 TPM-FAIL: Side-Channel Timing Attack on STMicroelectronics ST33TPHF2ESPI TPM Devices Remote Code Execution via SSH Access in CompleteFTP Server Memory Allocation and Processing Time Vulnerability in Pillow Uninitialized Memory Access Vulnerability in Unbound DNS Server Arbitrary File Deletion Vulnerability in HongCMS 3.0.0 Arbitrary File Deletion Vulnerability in Emlog through 6.0.0beta via admin/data.php?action=dell_all_bak with Directory Traversal HTTP Request Smuggling Vulnerability in Netty before 4.1.42.Final TCP Proxy Denial of Service Vulnerability in Cisco ASA and FTD Software Remote Code Execution via Beckhoff ADS Protocol in Beckhoff Embedded Windows PLCs and Twincat on Windows Engineering Stations Incorrect Access Control in Portainer before 1.22.1 Cross-Site Scripting (XSS) vulnerability in Portainer before 1.22.1 Incorrect Access Control in Portainer before 1.22.1 (Issue 2 of 4) Directory Traversal Vulnerability in Portainer before 1.22.1 Incorrect Access Control in Portainer before 1.22.1 Cross-Site Scripting (XSS) Vulnerability in Portainer before 1.22.1 Missing Authentication for Critical Function in Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70 Firmware Versions 5.0 and Prior Unauthenticated Access and DoS Vulnerability in Cisco Network Assurance Engine (NAE) Management Web Interface Double Free Vulnerability in Linea Crate's Matrix::zip_elements Method Use-after-free vulnerability in portaudio-rs crate allows arbitrary code execution Cloning Flaw in String-Interner Crate Allows Memory Read Vulnerability AppArmor Restriction Bypass Vulnerability in runc Remote Code Execution via Crafted Cookies in OkayCMS Buffer Overflow Vulnerability in IrfanView 4.53 Denial of Service Vulnerability in Ubiquiti EdgeMAX Devices Arbitrary File Upload Vulnerability in Cisco Webex Teams iOS Client XSS Vulnerability in Halo 1.1.0 via Crafted authorUrl in JSON Data Remote Command Execution Vulnerability in Liferay Portal CE 6.2.5 via JSON Deserialization Uncompressed Size Spoofing Vulnerability in Rubyzip Unauthenticated Reboot Vulnerability in TP-Link TP-SG105E V4 1.0.0 Build 20181120 SQL Injection through Insecure Deserialization in download.php of inoERP 4.15 Arbitrary File Write Vulnerability in K7 Ultimate Security 16.0.0117 Privilege Escalation via Arbitrary Registry Writes in K7 Antivirus Software Arbitrary Code Execution Vulnerability in Advantech WebAccess/HMI Designer 2.1.9.31 Unauthenticated Access Vulnerability in Cisco APIC Management Interface Advantech WebAccess/HMI Designer 2.1.9.31 User Mode Write AV Vulnerability WebAccess/HMI Designer 2.1.9.31 Exception Handler Chain Corruption Vulnerability Unauthenticated Arbitrary File Deletion in ARforms Plugin 3.7.1 for WordPress Directory Traversal Vulnerability in Platinum UPnP SDK 1.2.0 Stored XSS Vulnerability in TeamPass 2.1.27.36 via Crafted Passwords Pre-Authentication Integer Overflow in OpenSSH XMSS Key Parsing Algorithm Unauthenticated User Notification Access Vulnerability in Infosysta In-App & Desktop Notifications App for Jira Unauthenticated User Enumeration in Infosysta In-App & Desktop Notifications App for Jira Unauthenticated Access to Jira Project List in Infosysta In-App & Desktop Notifications App Unauthorized Access to Jira Project List via Infosysta In-App & Desktop Notifications App Cisco Firepower Threat Defense Software SSL/TLS Packet Header DoS Vulnerability Insufficient Entropy in Deterministic ECDSA RNG Privilege Escalation Vulnerability in PC Protect Antivirus v4.14.31 Cross-Site Scripting (XSS) Vulnerability in pfSense through 2.4.4-p3 Unsanitized Parameter in pfSense Widget Allows Path Traversal SQL Injection Vulnerability in WiKID Enterprise 2FA Server Harbor API Broken Access Control Vulnerability: Unauthorized Robot Account Creation Unauthenticated Remote Access to Sensitive System Usage Information in Cisco APIC Software Title: Critical Unauthenticated Remote Code Execution Vulnerability in Multiple D-Link Products Uninitialized Data Structure Vulnerability in hns_roce_alloc_ucontext Unintended Public Exposure of Files in SuiteCRM 7.10.x and 7.11.x XSS Vulnerability in kkcms 1.3 via jx.php?url= Parameter Cleartext Password Transmission Vulnerability in Nulock Application 1.5.0 XSS Vulnerability in Flower 0.9.3 via @app.task's name parameter XSS Vulnerability in Flower 0.9.3 via Crafted Worker Name Out-of-Bounds Write Vulnerability in Xpdf 4.01.01's TextPage::findGaps Function Exim Remote Code Execution via Heap-Based Buffer Overflow in EHLO Command Incorrect Access Control in Auth0 auth0.net: Unintended Validation of Untrusted ID Tokens WebVPN Service Denial of Service Vulnerability IP Address Discovery Vulnerability in Zcashd Prior to 2.0.7-3 Stored XSS Vulnerability in Visualizer Plugin 3.3.0 for WordPress Blind SSRF Vulnerability in Visualizer Plugin for WordPress XSS Vulnerability in Python XML-RPC Server Cisco ASA and FTD Software Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in NSA Ghidra 9.0.4 Experimental Mode Polymorphic Typing Vulnerability in FasterXML jackson-databind Polymorphic Typing Vulnerability in FasterXML jackson-databind SSRF Vulnerability in Enghouse Web Chat 6.1.300.31 Allows Port Scanning on Internal Network Email Spoofing and Phishing Vulnerability in Enghouse Web Chat Unauthenticated Adjacent Attack Vulnerability in Cisco ASA and FTD Software XSS Vulnerability in Enghouse Web Chat 6.1.300.31 and 6.2.284.34: Exploitable QueueName Parameter Remote File Include Vulnerability in Enghouse Web Chat 6.2.284.34: Unauthorized Data Retrieval and Information Disclosure HTML Injection Vulnerability in SolarWinds Web Help Desk 12.7.0 via Comment in Help Request Ticket XSS Vulnerability in SolarWinds Web Help Desk 12.7.0 via Uploaded SVG Document XSS Vulnerability in SolarWinds Web Help Desk 12.7.0 via Request Type Parameter Cross-Site Scripting (XSS) Vulnerability in SolarWinds Web Help Desk 12.7.0 via User Account First Name Field Arbitrary Code Injection through Location Name in SolarWinds Web Help Desk 12.7.0 CSV Injection in SolarWinds Web Help Desk 12.7.0 via Ticket Attachment Denial of Service Vulnerabilities in Cisco Firepower Threat Defense Software Cross-Site Scripting (XSS) Vulnerability in SolarWinds Web Help Desk 12.7.0 via Crafted Location Name Field in CSV Template File XSS Vulnerability in SolarWinds Web Help Desk 12.7.0 via Schedule Name HTML Injection Vulnerability in Zoho ManageEngine Desktop Central 10.0.430 via Modified Report Name in New Custom Report Command Injection Vulnerability in FusionPBX Call Center Queue Module Command Injection Vulnerability in FusionPBX up to 4.5.7 Allows Remote Code Execution as www-data Unsanitized Group Variable XSS Vulnerability in Contactmanager Cross-Site Scripting (XSS) Vulnerability in Manager Module of FreePBX Cross-Site Scripting (XSS) Vulnerability in FusionPBX up to 4.5.7 Unsanitized c Variable in FusionPBX up to 4.5.7 Leads to XSS Vulnerability LDAP Packet Parsing Vulnerability in Cisco ASA and FTD Software Unsanitized savemsg Variable in FusionPBX up to 4.5.7 Allows for XSS Unsanitized contact_uuid Variable in FusionPBX up to 4.5.7 Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX Contact Addresses PHP File Leads to XSS Vulnerability Unsanitized query_string Variable in FusionPBX Contact Edit Page Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX Contact Times PHP File Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX Contact Notes PHP File Leads to XSS Vulnerability Unsanitized query_string Variable in FusionPBX up to 4.5.7 Leads to XSS Vulnerability Unsanitized query_string Variable in FusionPBX up to 4.5.7 Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX v4.5.7 Allows XSS Attacks Unsanitized id Variable in FusionPBX Contact URLs PHP File Leads to XSS Vulnerability XML External Entity (XXE) Vulnerability in Cisco IoT-FND Software Allows Unauthorized Information Access SQL Injection Vulnerability in FusionPBX v4.5.7's call_broadcast_edit.php Unsanitized id Variable in FusionPBX Conference Profile Params.php Leads to XSS Vulnerability Unsanitized id Variable in FusionPBX v4.5.7 Allows XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in FusionPBX up to v4.5.7 Unsanitized filename Variable in FusionPBX v4.5.7 Allows XSS via app\recordings\recording_play.php Unsanitized rec Variable in FusionPBX Allows Arbitrary File Deletion Unsanitized f Variable in FusionPBX Download.php Allows Arbitrary File Download Unsanitized query_string Variable in FusionPBX Contact Import Leading to XSS Unsanitized eavesdrop_dest Variable in FusionPBX v4.5.7 Allows for XSS Unsanitized c Variable in FusionPBX conference_interactive.php Leads to XSS Vulnerability Command Injection Vulnerability in Cisco Firepower Threat Defense (FTD) Software Unsanitized file Variable in FusionPBX Allows Arbitrary File Download Unsanitized file Variable in FusionPBX up to v4.5.7 Allows XSS via app\edit\filedelete.php Insufficient Notice of Private Key Usage in Keybase App 2.13.2 for iOS CSRF Token Verification Vulnerability in phpBB Administration Control Panel Memory Leak in sit_init_net() in Linux Kernel Memory Leak in hsr_dev_finalize() in Linux Kernel SQL Injection Vulnerability in Metinfo 7.0.0beta via product_admin.class.php SQL Injection Vulnerability in Metinfo 7.0.0beta via app/system/language/admin/language_general.class.php SQL Injection in CloudBoot API via Crafted Status Field in JSON Data FPGA Ingress Buffer Management Denial of Service Vulnerability CSP Bypass in Cross-Origin Frame via Object Tag with Data URI in Firefox < 70 Bypassing Content-Security-Policy with Object Tag: Cross-Site Scripting (XSS) Vulnerability in Firefox 69 Insecure Link Drag-and-Drop Vulnerability in Firefox < 70 QR Code JavaScript Execution Vulnerability Static-sized array overflow vulnerability in Thunderbird, Firefox ESR, and Firefox Buffer Overflow Vulnerability in Network Security Services (NSS) Denial of Service Vulnerability in Network Security Services (NSS) 3.44 and earlier Use-after-free vulnerability in nested workers during destruction Unrestricted File Writing Vulnerability in Updater Service Cross-Site Scripting (XSS) Vulnerabilities in Cisco WebVPN Service Race Condition Vulnerability in Resist Fingerprinting Preference Check Race condition leading to use-after-free vulnerability in Thunderbird and Firefox Memory Corruption Vulnerabilities in Firefox 70 and Firefox ESR 68.2 Memory Corruption Vulnerabilities in Firefox 70 Cross-Origin Information Leak via Drag and Drop in Firefox < 71 Pointer Offset Manipulation Vulnerability in Firefox ESR < 68.4 and Firefox < 72 on Windows CSS Sanitizer Incorrectly Rewrites @namespace Rule in Firefox ESR < 68.4 and Firefox < 72, Allowing for Data Exfiltration Type Confusion Vulnerability in Firefox ESR < 68.4 and Firefox < 72 Windows 10 Keyboard Word Suggestion Retention Vulnerability in Firefox < 72 Python File Execution Vulnerability in Firefox on Windows Cross-Site Scripting (XSS) Vulnerabilities in Cisco Enterprise Chat and Email Web Interface XML External Entity (XXE) Injection in Firefox < 72 Race Condition Vulnerability in Firefox ESR and Firefox: Heap Address Disclosure in Windows Clipboard-based CSS Injection Vulnerability in Firefox ESR < 68.4 and Firefox < 72 Invalid State Transition in TLS State Machine in Firefox < 72 Memory Corruption Vulnerabilities in Firefox 71 and Firefox ESR 68.3 Memory Corruption Vulnerability in Firefox 71 Type Confusion Vulnerability in IonMonkey JIT Compiler for Array Element Setting Cisco Firepower Threat Defense (FTD) Software Denial of Service Vulnerability Denial of Service Vulnerabilities in Cisco Firepower Threat Defense Software Out-of-Bounds Access Vulnerability in Rsyslog v8.1908.0 Heap Overflow in AIX Log Message Parser in Rsyslog v8.1908.0 Heap Overflow in Rsyslog v8.1908.0 Cisco Log Message Parser Privilege Escalation in BMC Patrol Agent 9.0.10i Privilege Escalation via Weak Execution Permissions in BMC Patrol Agent 9.0.10i Stored XSS Vulnerability in Ilch 2.1.22 Jobs Tab Remote Code Execution in Ilch 2.1.22 via Misconfigured Allowed Files NETGEAR SRX5308 4.3.5-3 SQL Injection Vulnerability Allows Unauthorized User Account Creation Cisco ASA Software Remote Access VPN Session Manager Denial of Service Vulnerability Arbitrary File Read and Delete Vulnerability in Voyager Package Unsanitized Attachment Files in Evernote macOS: Code Execution Vulnerability Unprivileged User Raw Socket Creation Vulnerability in Linux Kernel (CID-0614e2b73768) Unprivileged User Raw Socket Creation Vulnerability in Linux Kernel (CVE-2019-18683) Unprivileged Users Can Create Raw Sockets in Linux Kernel (CID-6cc03e8aa36c) Unprivileged User Raw Socket Creation Vulnerability in Linux Kernel Unprivileged User Raw Socket Creation Vulnerability in Linux Kernel Cross-Site Scripting (XSS) Vulnerability in Footy Tipping Software AFL Web Edition 2019 Arbitrary File Upload and Remote Code Execution in Footy Tipping Software AFL Web Edition 2019 Sophos Cyberoam Firewall Appliance Shell Injection Vulnerability Cisco ASA Software Cryptography Module Denial of Service Vulnerability BLE Link Layer Header Vulnerability on NXP KW41Z Cypress PSoC BLE Link Layer Header Vulnerability Session Fixation Vulnerability in OXID eShop PDFxStream before 3.7.1 (Java): Long Running Computation Due to Page-Tree Mishandling NULL Pointer Dereference in Xpdf 4.02's Catalog.cc User Registry Hijacking Vulnerability in Ivanti WorkSpace Control Port-forwarding vulnerability in PuTTY before version 0.73 on Windows allows for connection hijacking Vulnerability: PuTTY before 0.73 Bracketed Paste Mode Protection Bypass Denial of Service Vulnerability in PuTTY Versions Prior to 0.73 Cross-Site Scripting (XSS) Vulnerability in Cisco DNA Center Web Interface XSS Vulnerability in Liquid-Speech-Balloon WordPress Plugin Client Dash Plugin 2.1.4 for WordPress XSS Vulnerability SQL Injection Vulnerability in new-contact-form-widget Plugin for WordPress Directory Traversal Vulnerability in Emlog through 6.0.0beta Stored XSS Vulnerability in XunRuiCMS 4.3.1 Module_Category Area Vulnerability: Stack Variable Usage in cxgb4 Driver Allows for Denial of Service Remote Code Execution and Denial of Service Vulnerability in Jamf Pro Cisco ASA and FTD Software MOBIKE Denial of Service Vulnerability Code Execution Vulnerability in mintinstall 7.9.9 for Linux Mint Micro Focus Operations Agent XXE Attack Vulnerability in Versions 12.0-12.11 AcuToWeb Unauthorized File Download Vulnerability Command Injection Vulnerability in Cisco Firepower Threat Defense (FTD) Software Reflected XSS Vulnerability in Mojarra JavaServer Faces Arbitrary Script Injection Vulnerability in OpenProject Project List DLL Preloading Vulnerability in Avast and AVG Antivirus Stack-based Buffer Overflow in Belkin WeMo Insight Switch Firmware Command Injection Vulnerability in Bitdefender BOX 2: Arbitrary Execution of System Commands OS Command Injection Vulnerability in Bitdefender BOX 2's Bootstrap Stage Hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App and Firmware Untrusted Search Path Vulnerability in Bitdefender Endpoint Security Tools Unauthenticated Remote Access Vulnerability in Cisco ASR 9000 Series Routers Untrusted Search Path Vulnerability in Bitdefender Total Security 2020 Allows Arbitrary Code Execution Command Injection Vulnerability in Netatmo Smart Indoor Camera Firmware Race condition vulnerability in Bitdefender BOX 2 allows arbitrary command execution Bitdefender AV for Mac Incorrect Default Permissions Vulnerability Missing HTTPOnly Flag in Centreon VM Apache HTTP Server Cookie Configuration Predictable Token Generation in Centreon Web 2.8.27 Lateral Movement Vulnerability in Centreon Web through 2.8.29 Arbitrary Code Execution in minPlayCommand.php in Centreon Web Local File Inclusion and Stored XSS Vulnerability in Centreon Web Remote Directory Traversal Vulnerability in Koji 1.18.0: Privilege Escalation Cisco IOS XR Software Event Management Service Daemon Denial of Service Vulnerability Exposure of Mail Server Configuration File in Zoho ManageEngine DataSecurity Plus Buffer overflow vulnerability in libopenmpt_modplug.c in libopenmpt before 0.3.19 and 0.4.x before 0.4.9 Stored and Reflected XSS Vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 Multiple Cross-Site Scripting (XSS) Vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 Stored and Reflected Cross-Site Scripting (XSS) Vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 Arbitrary SQL Command Execution Vulnerability in WiKID 2FA Enterprise Server CSRF Vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2053 Allows Remote Attackers to Perform Unauthorized Actions SQL Injection Vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 Cisco IOS XR Software PIM AutoRP Denial of Service Vulnerability Stored and Reflected XSS Vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 XSS Vulnerability in REDCap before 9.3.4 via Lock Record Custom Text Values Email Spoofing Vulnerability in eGain Web Email API 11+ Vulnerability: Incorrect Access Control in Kramer VIAware 2.5.0719.1034 Angular CSTI Vulnerability in SolarWinds Orion Platform 2019.2 HF1: Escaping Angular Sandbox for Stored XSS Stored Client Side Template Injection (CSTI) in SolarWinds Orion Platform 2019.2 HF1: Angular Expression Injection for Stored XSS and Privilege Escalation Unauthenticated SQL Injection (Boolean Based Blind) in Netreo OmniCenter Login Page Cross-Site Request Forgery Vulnerability in Cisco ASA Software Web-Based Management Interface External URL Mishandling in vBulletin 5.5.4 Clickjacking Vulnerability in vBulletin before 5.5.4 Avatar Upload Vulnerability in vBulletin 5.5.4 Buffer Overflow Vulnerability in cfg80211_mgd_wext_giwessid in Linux Kernel through 5.3.2 Authentication Bypass Vulnerability in Amphora Images of OpenStack Octavia Arbitrary Code Execution via DXF File Parsing in Foxit PhantomPDF 9.5.0.20723 Arbitrary Code Execution via DXF to PDF Conversion in Foxit PhantomPDF 9.5.0.20723 Null Byte Injection Vulnerability in NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.909 via JPEG to EPS Conversion Arbitrary Code Execution via Javascript Processing in Foxit PhantomPDF 9.5.0.20723 SAML SSO VPN Session Hijacking Vulnerability Arbitrary Code Execution via OnFocus Event Handling in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution via Keystroke Action in Foxit PhantomPDF 9.6.0.25114 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.6.0.25114 via Malicious DWG Files (ZDI-CAN-9273) Arbitrary Code Execution via DWG to PDF Conversion in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution via DXF to PDF Conversion in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution in D-Link DCS-960L v1.07.102 via HNAP Service Arbitrary Code Execution Vulnerability in TP-LINK TL-WR841N Routers Privilege Escalation Vulnerability in Parallels Desktop 14.1.3 (45485) Insufficient Entropy in Cisco ASA and FTD Software DRBG: Cryptographic Key Collision Vulnerability Remote Code Execution Vulnerability in Tencent WeChat Prior to 7.0.9 Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability Cisco Video Surveillance Manager Web Interface Information Disclosure Vulnerability Absolute Path Traversal Vulnerability in joyplus-cms 1.6.0 Cross-Site Scripting (XSS) Vulnerability in Genesys PureEngage Digital (eServices) 8.1.x Memory Leak Vulnerability in libfreerdp/codec/region.c Memory Leak in HuffmanTree_makeFromFrequencies Function in LodePNG Multiple Versions of Software Vulnerability Fixed in 5.0.2.1 Cisco Identity Services Engine (ISE) Web Interface Denial of Service Vulnerability Arbitrary File Modification Vulnerability in Valve Steam Client Remote SEH Buffer Overflow in IntraSrv 1.0 (2007-06-03): Compromise via Crafted HTTP Request Memory Exhaustion Vulnerability in Foxit Reader before 9.7 Privilege Escalation Vulnerability in Xerox AtlaLink and C-Series Printers Denial-of-Service Vulnerability in FreeRADIUS 3.0.x Pre-Authentication Remote Code Execution in FiberHome HG2201T 1.00.M5007_JS_201804 via telnet.cgi Pre-Authentication Directory Traversal Vulnerability in FiberHome HG2201T 1.00.M5007_JS_201804 Devices Unrestricted File Upload Vulnerability in Fecshop FecMall 2.3.4 XSS Vulnerability in totemodata 3.0.0_b936 via Folder Name Cisco Identity Services Engine (ISE) Web-Based Guest Portal Cross-Site Scripting (XSS) Vulnerability Avast Secure Browser Local Privilege Escalation Vulnerability Unauthenticated Call Answer Vulnerability in Signal Private Messenger for Android WebRTC Videoconferencing Denial of Service Vulnerability in Signal Private Messenger Uncaught Exception Vulnerability in Connect2id Nimbus JOSE+JWT (before v7.9) SQL Injection in Lifestyle Demographic Filter Criteria in OpenEMR Directory Traversal Vulnerability in WPO WebPageTest 19.04 on Windows XML API Denial of Service Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerability: Unauthorized Elevation of Privilege in FastTrack Admin By Request 6.1.0.0 Insecure Privilege Elevation in FastTrack Admin By Request 6.1.0.0 Stored XSS Vulnerability in TeamPass 2.1.27.36 via Crafted Password in Search Page Stored XSS vulnerability in TeamPass 2.1.27.36 via crafted Knowledge Base label and item addition. Stored XSS in TeamPass 2.1.27.36 via Username Field during Login Attempt Arbitrary Script Execution via Uncontrolled Deserialization in Frost Ming Rediswrapper Reflected XSS Vulnerability in Broken Link Checker WordPress Plugin 1.11.8 XML Input Handling Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server Allows for CPU Exhaustion and Denial of Service Denial-of-Service Vulnerability in MQTT Library in Arm Mbed OS 2017-11-02 Integer Overflow in CoAP Library in Arm Mbed OS 5.14.0 Buffer Overflow Vulnerabilities in Arm Mbed OS 5.14.0 CoAP Library Unauthenticated Stored XSS Vulnerability in WebARX Plugin 1.3.0 for WordPress WebARX Plugin 1.3.0 for WordPress Firewall Bypass Vulnerability V-Zug Combi-Steam MSLQ Devices Vulnerable to Password Brute-Force Attack Weak Password Hashing Vulnerability in V-Zug Combi-Steam MSLQ Devices CSRF Vulnerability in V-Zug Combi-Steam MSLQ Devices Unencrypted Communication Vulnerability in V-Zug Combi-Steam MSLQ Devices Unauthenticated Network Access on V-Zug Combi-Steam MSLQ Devices Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) FindMe Feature Cross-Site Scripting (XSS) Vulnerability in Rocket.Chat before 2.1.0 via ![title] Line Arbitrary File Read Vulnerability in PhantomJS 2.1.1 Stored XSS Vulnerability in Intelbras WRN 150 1.0.17 Devices HTML Injection Vulnerability in Dolibarr ERP/CRM 10.0.2 via user/note.php Path Traversal Vulnerability in Compal Broadband CH7465LG Modem Web Interface XSS Vulnerability in Subrion 4.2.1: Admin Member JSON Update XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.11 via Search Term Field Unauthenticated Options Changes in Motors-Car-Dealership-Classified-Listings Plugin Multiple Stored XSS Vulnerabilities in Motors - Car Dealer & Classified Ads Plugin for WordPress Cisco CSPC Default Account Vulnerability Unauthenticated Options Changes Vulnerability in OneTone WordPress Theme Multiple Stored XSS Vulnerabilities in OneTone WordPress Theme Unauthenticated Options Import Vulnerability in Ultimate FAQs Plugin HTML Content Injection in EWD_UFAQ_Import.php Plugin for WordPress Unauthenticated Arbitrary File Deletion in IgniteUp Plugin for WordPress Information Disclosure Vulnerability in igniteup Plugin for WordPress Stored XSS Vulnerability in igniteup Plugin for WordPress CSRF Vulnerability in igniteup Plugin for WordPress Multiple Unauthenticated Stored XSS Vulnerabilities in Download Plugins Dashboard Plugin for WordPress Session Hijacking Vulnerability in Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Bypassing Brute-Force Protection in Bludit 3.9.2 via Forged X-Forwarded-For or Client-IP Headers User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 JPEG_LS Code Flow Control Vulnerability in IrfanView 4.53 JPEG_LS Code Flow Control Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 JPEG_LS+0x0000000000007da8 Write Address Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 Vulnerability: Arbitrary File Overwrite and Command Injection in Cisco UCS B-Series Blade Servers User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 Arbitrary Write Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in IrfanView 4.53 IrfanView 4.53 Exception Handler Chain Corruption Vulnerability JPEG_LS Write Address Vulnerability in IrfanView 4.53 User Mode Write AV Vulnerability in KMPlayer 4.2.2.31 Vulnerability: Unauthorized Access to Internal Services in Cisco NX-OS Software Read Access Violation Vulnerability in MPC-HC through 1.7.13 XnView Classic 2.49.1 User Mode Write AV Vulnerability User Mode Write AV Vulnerability in XnView Classic 2.49.1 Heap-based Buffer Over-read in libyal libfwsi Heap-based Buffer Over-read in libyal liblnk Heap-based Buffer Over-read in libsoup's soup_ntlm_parse_challenge() Function Polymorphic Typing Vulnerability in FasterXML jackson-databind Code-execution backdoor vulnerability in omniauth-weibo-oauth2 gem 0.4.6 Remote Command Execution in Intellian Remote Access 3.18 via Ping Test Field Privilege Escalation Vulnerability in Cisco NX-OS Software Python Scripting Subsystem Unauthenticated Remote Command Execution in Yachtcontrol via /pages/systemcall.php?command={COMMAND} SQL Injection Vulnerability in vBulletin 5.5.4 via ajax/api/hook/getHookList or ajax/api/widget/getWidgetList Parameter ONTAP Select Deploy Administration Utility Privilege Escalation Vulnerability IPv6 Denial of Service Vulnerability in E-Series SANtricity OS Controller Software version 11.60.0 Default Account Vulnerability in NetApp FAS and AFF Baseboard Management Controller (BMC) Firmware Arbitrary Code Execution Vulnerability in OnCommand Cloud Manager Versions Prior to 3.8.0 Cross-Site Scripting Vulnerability in OnCommand System Manager Arbitrary Command Execution Vulnerability in Cisco FXOS and NX-OS Software Vulnerability: Privilege Escalation and File Overwrite in Cisco NX-OS Software SQL Injection Vulnerability in SugarCRM pmse_Inbox Module SQL Injection Vulnerability in SugarCRM pmse_Project Module SQL Injection Vulnerability in SugarCRM Export Function SQL Injection Vulnerability in SugarCRM History Function SQL Injection Vulnerability in SugarCRM Contacts Module by Regular User SQL Injection Vulnerability in SugarCRM Quotes Module SQL Injection Vulnerability in SugarCRM Administration Module PHP Code Injection in SugarCRM Administration Module Vulnerability: Privilege Escalation in Cisco NX-OS Software Guest Shell PHP Code Injection Vulnerability in SugarCRM Administration Module PHP Code Injection in SugarCRM ModuleBuilder Module by Admin User PHP Code Injection in SugarCRM ModuleBuilder Module PHP Code Injection in SugarCRM MergeRecords Module by Developer User PHP Code Injection in SugarCRM MergeRecords Module by Admin User PHP Code Injection in SugarCRM MergeRecords Module PHP Code Injection in SugarCRM Configurator Module PHP Code Injection in SugarCRM Tracker Module by Admin User PHP Code Injection in SugarCRM Emails Module by Regular User PHP Code Injection in SugarCRM EmailMan Module by Admin User Vulnerability in Cisco NX-OS Software Allows Exposure of Private SSH Keys PHP Code Injection in SugarCRM Campaigns Module by Admin User Directory Traversal Vulnerability in SugarCRM Attachment Function Directory Traversal Vulnerability in SugarCRM Directory Traversal Vulnerability in SugarCRM Studio Module Directory Traversal Vulnerability in SugarCRM Configurator Module PHP Object Injection Vulnerability in SugarCRM Administration Module PHP Object Injection Vulnerability in SugarCRM Import Module PHP Object Injection in SugarCRM UpgradeWizard Module SQL Injection Vulnerability in SugarCRM pmse_Inbox Module SQL Injection Vulnerability in SugarCRM Emails Module by Regular User Time-of-Check, Time-of-Use (TOCTOU) Race Condition Vulnerability in Cisco NX-OS Software RPM Subsystem Buffer Overflow Vulnerability in NetSarang XFTP Client 6.0149 and Earlier Versions Information Disclosure Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Arbitrary File Creation Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Arbitrary File Creation and Execution Vulnerability in ClipSoft REXPERT Directory Traversal Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Arbitrary File Upload Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Arbitrary File Deletion Vulnerability in ClipSoft REXPERT 1.0.0.527 and Earlier Versions Directory Traversal Vulnerability in JEUS 7 and JEUS 8 Administration Web Page Cross-Site Scripting (XSS) Vulnerability in Cisco NX-OS Software's NX-API Sandbox Interface Multiple Cross-Site Scripting (XSS) Vulnerabilities in TIBCO EBX Web Server Component Stored Cross-Site Scripting (XSS) Vulnerability in TIBCO EBX Add-ons Stored Cross-Site Scripting (XSS) Vulnerability in TIBCO EBX Add-ons Stored Cross-Site Scripting (XSS) Vulnerability in TIBCO EBX Web Server Component Remote Code Execution Vulnerability in TIBCO Spotfire Visualizations Component Multiple Privilege Escalation Vulnerabilities in TIBCO Spotfire Analytics Platform and Spotfire Server Multiple Vulnerabilities in TIBCO Spotfire Analytics Platform and Spotfire Server Allow Unauthorized Access to Credentials Reflected Cross-Site Scripting (XSS) Vulnerability in TIBCO Spotfire Analytics Platform and Server Persistent Cross-Site Scripting Vulnerabilities in TIBCO Patterns - Search TIBCO Silver Fabric VirtualRouter Component URL Script Injection Vulnerability Incomplete RBAC Verification Allows Unauthorized Access to Sensitive System Files in Cisco FXOS and NX-OS Software Xen Grant-Table Transfer Request Mishandling Vulnerability Race condition vulnerability during addition of passed-through PCI device in Xen Race Condition in Xen Allows Denial of Service and Privilege Escalation Xen Privilege Escalation and Denial of Service Vulnerability Denial of Service Vulnerability in Xen through 4.11.x Denial of Service Vulnerability in Xen 4.8.x through 4.11.x Xen Privilege Escalation and Denial of Service Vulnerability Xen Privilege Escalation and Denial of Service Vulnerability Denial of Service Vulnerability in Xen due to PCID and Shadow-Pagetable Switching Incompatibility Denial of Service Vulnerability in Xen Arm DomU LoadExcl/StoreExcl Operation Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Denial of Service Vulnerability in Xen Arm DomU Compare-and-Exchange Operation Unrestricted Resource Consumption Vulnerability in Xen Guest Memory Mapping File Upload Bypass Vulnerability in JFinal cos before 2019-08-13 Unauthenticated Access and Data Modification Vulnerability in D-Link DIR-615 Firmware Unauthenticated Access and Data Modification Vulnerability in Zyxel NBG-418N v2 Firmware V1.00(AARP.9)C0 Insecure Logging of Credentials in Orbitz Android App Insecure Transmission of Login Credentials in Infinite Design Android App Cacti 1.2.7 SQL Injection Vulnerability in graphs.php Unsafe Deserialization in Cacti 1.2.7: Array Population Vulnerability Memory Allocation Vulnerability in Bouncy Castle Crypto (BC Java) 1.63 Vulnerability in Cisco UCS C-Series Rack Servers Allows Bypass of UEFI Secure Boot Validation Uncontrolled Resource Consumption Vulnerability in Hitachi Command Suite 7.x and 8.x Command Injection Vulnerability in SaltStack Salt-API with SSH Client Enabled Out-of-bounds Read and Crash Vulnerability in LibTomCrypt Arbitrary Command Execution in Petwant PF-103 Firmware and Petalk AI Arbitrary User Account Access Vulnerability in Nix through 2.3 Improper Access Control in Citrix Application Delivery Management (ADM) 12.1 before build 54.13 CSRF Vulnerability in OpenWRT Firmware Version 18.06.4 XSS Vulnerability in S-CMS v1.5 via member_login.php CSRF Vulnerability in OTCMS v3.85 Admin Panel Allows Unauthorized Account Creation Interface Wedge and Denial of Service (DoS) Vulnerability in Cisco IOS Software and Cisco IOS XE Software Arbitrary PHP Code Execution in OTCMS v3.85 via into/**/outfile Manipulation Memory Leak in gif2png 2.5.13's writefile Function Authentication Bypass Vulnerability in Certain NETGEAR Devices Unauthenticated Access to Critical Pages in NETGEAR Devices via .jpg Substring Vulnerability Persistent API Token Credentials in cPanel (SEC-517) Self XSS vulnerability in cPanel SSL Certificate Upload interface (SEC-521) Self XSS vulnerability in cPanel LiveAPI example scripts (SEC-524) Self XSS vulnerability in cPanel SSL Key Delete interface (SEC-526) Self-stored XSS vulnerability in cPanel WHM SSL Storage Manager interface (SEC-527) Denial of Service Vulnerability in Cisco IOS and IOS XE Software with NBAR Self XSS vulnerability in cPanel's WHM Update Preferences interface (SEC-528) Unauthenticated Creation of Elements in Zabbix Dashboard Insecure File Permissions in netaddr Gem for Ruby XSS Vulnerability in animate-it Plugin for WordPress (Version < 2.3.4) XSS Vulnerability in animate-it Plugin for WordPress (<=2.3.5) CSRF Vulnerability in animate-it Plugin for WordPress AVPNC_RP Service Authentication Flaw Allows Arbitrary Code Execution and Privilege Escalation Privilege Escalation through Weak File Permissions in Aviatrix VPN Client UDP Socket Read Error in RIOT 2019.07 MQTT-SN Implementation Cisco IOS Software and Cisco IOS XE Software DNS Parsing Denial of Service Vulnerability Local Privilege Escalation in Pronestor Planner Outlook Add-In ESP32 Mask ROM Code Vulnerability: Glitch-based Read Access to Protected eFuses Weak Password Recovery Mechanism in Progress Sitefinity 12.1 due to Mishandling of HTTP Host Header Cleartext Communication and Credential Sniffing Vulnerability in Tomedo Server Version 1.7.3 Authentication Credentials Exposed in Seesaw Parent and Family App for Android Sensitive User Credentials Exposed in Rapid Gator Android App Logs Insecure Storage of Credentials in PowerSchool Mobile Application for Android Insecure Logging of Credentials in DoorDash Android App Sensitive Token Information Exposed in Dark Horse Comics Android App Logs Path Traversal Vulnerability in Shack Forms Pro Extension for Joomla! Cisco IOS Software and Cisco IOS XE Software NBAR DNS Parsing Denial of Service Vulnerability Path Traversal and SSRF Vulnerability in unoconv Package Heap-based Buffer Over-read in liblnk_location_information_read_data Unvalidated Relationship of Size and Offset in Exiv2 0.27.2 Nokia IMPACT < 18A: Unrestricted File Upload Vulnerability with Remote Code Execution Nokia IMPACT < 18A: Full Path Disclosure Vulnerability Nokia IMPACT < 18A: Reflected Self XSS Vulnerability Nokia IMPACT < 18A Path Traversal Vulnerability with Potential RCE Arbitrary Code Execution Vulnerability in ZZZCMS zzzphp 1.7.3 Reflected XSS Vulnerability in OpenEMR 5.x before 5.0.2.1 in view.php Cisco IOS XE Software Denial of Service Vulnerability in Encrypted Traffic Analytics (ETA) Feature Denial of Service Vulnerability in tinylcy Vino through 2017-12-15 SEH-based Buffer Overflow in File Sharing Wizard 1.5.0 (CVE-2020-XXXX) Cross-Site Scripting (XSS) Vulnerability in PbootCMS 2.0.2 via Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs SQL Injection in MetInfo 7.0 via appno parameter in language_general module SQL Injection in MetInfo 7.0 via admin_user&a=doGetUserInfo id parameter Unauthorized Access to Sensitive Configuration Information in Cisco IOS XE Software Web UI HTTP Protocol Parsing Error in OISF LibHTP Allows Bypassing HTTP Header Signature Privilege Escalation via Incorrect File Permissions in Zoho ManageEngine OpManager and Firewall Analyzer Stack-based Buffer Overflow in processPrivilage() Function in nipper-ng 0.11.10 Allows Remote Code Execution or Denial of Service Bypassing Access Control in Automattic Mongoose through 5.7.4 Persistent XSS Vulnerability in Redmine before 3.4.11 and 4.0.x before 4.0.4 Encryption Implementation Flaw in Intesync Solismed 3.3sp1 Allows for Database Decryption SQL Injection Vulnerability in Adhouma CMS (through 2019-10-09) via post.php p_id Parameter Unauthorized Filesystem Changes Vulnerability in Cisco IOS XE Software XSS Vulnerability in EyouCms login.php web_recordnum Parameter CSRF Vulnerability in fastadmin 1.0.0.20190705_beta's admin/add Endpoint CSRF Vulnerability in fastadmin 1.0.0.20190705_beta's General Config Edit XSS Vulnerability in z-song laravel-admin 1.7.3 via Slug or Name on Roles Screen XSS Vulnerability in LavaLite 5.7: Crafted Account Name Mishandling on Manage Clients Screen GlobalProtect Agent for Windows Local Privilege Escalation Vulnerability Local Privilege Escalation Vulnerability in GlobalProtect Agent for Linux and Mac OS X Privilege Escalation Vulnerability in Palo Alto Networks PAN-OS Improper Restriction of Communications to Log Forwarding Card (LFC) on PA-7000 Series Devices with Second-Generation Switch Management Card (SMC) Vulnerability Default Password Vulnerability in Jfrog Artifactory Symbolic Link Following Vulnerability in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent Untrusted Search Path Vulnerability in Eracent EPA Agent DLL Side-Loading Vulnerability in Avira Software Updater Arbitrary Command Injection Vulnerability in Cisco IOS XE Software Denial of Service Vulnerability in find_abstract_instance in libbfd Integer Overflow Vulnerability in GNU Binutils 2.32 NULL Pointer Dereference Vulnerability in Bento4 1.5.1.0 NULL Pointer Dereference Vulnerability in Bento4 1.5.1.0 NULL Pointer Dereference Vulnerability in Bento4 1.5.1.0 Stack-based Buffer Over-read in Libntlm through 1.5 Cisco IOS and IOS XE Software Cluster Management Protocol (CMP) Denial of Service Vulnerability Denial of Service Vulnerability in Cisco IOS and IOS XE Software via Malicious SMS Messages Cisco Network Plug-and-Play Agent Certificate Validation Vulnerability Cross-Site Scripting (XSS) Vulnerability in b3log Symphony (aka Sym) before 3.6.0 via HTTP User-Agent Header Cross-Site Scripting (XSS) Vulnerability in Jiangnan Online Judge (jnoj) 0.8.0 via Problem[title] Parameter Denial of Service Vulnerability in Cisco ASR 900 RSP3: Ingress Traffic Validation Flaw Arbitrary File Upload Vulnerability in Jiangnan Online Judge (JNOJ) 0.8.0 Cross-Site Scripting (XSS) Vulnerability in Jiangnan Online Judge (jnoj) 0.8.0 via Problem[description] Parameter Cross-Site Scripting (XSS) Vulnerability in Jiangnan Online Judge (jnoj) 0.8.0 via Problem[sample_input] Parameter XSS Vulnerability in Laravel-Bjyblog 6.1.1 via Crafted URL CSS Injection Vulnerability in Swagger UI Allows CSS-Based Input Field Value Exfiltration Stored XSS Vulnerability in Craft CMS (<=3.3.8) via Name Field during Site Deletion NTLM SSO Hash Theft Vulnerability in Tracker PDF-XChange Editor Integer Overflow Vulnerability in libssh2 v1.9.0 and Earlier: Arbitrary Memory Read and Denial of Service Remote Command Execution Vulnerability in Compal CH7465LG 6.12.18.25-2p4 Devices Denial of Service (DoS) Vulnerability in Cisco Catalyst 4500 Series Switches Arbitrary OS Command Execution in Centreon 19.04 via main.php?p=60807&type=4 NULL Pointer Dereference and Daemon Crash in Hydra 0.1.8 when Processing POST Requests without Content-Length Header Unauthenticated Access to Database Information in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5 Reflected Cross-site Scripting (XSS) Vulnerability in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5 Unauthenticated Access to Wi-Fi SSID and Password in D-Link DAP-1320 A2-V1.21 Routers Unauthenticated Access to D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 Routers Unauthenticated Access to Management Pages on D-Link DIR-816 A1 1.06 Devices Command Injection Vulnerability in D-Link DIR-859 A3-1.06 and DIR-850 A1.13 Devices Arbitrary OS Command Execution in D-Link DIR-846 Firmware 100A35 Cisco IOS Software NAT64 Denial of Service Vulnerability Arbitrary OS Command Execution in D-Link DIR-846 Firmware 100A35 Unauthenticated Access to Log Files on D-Link DIR-412 A1-1.14WW Routers Unauthenticated Log Clearing Vulnerability in D-Link DIR-412 A1-1.14WW Routers HTTP Response Splitting Vulnerability in Ratpack Potentially Misleading Documentation in Python's glob.glob() Function Cross Site Scripting (XSS) Vulnerability in CleanTalk WordPress Plugin Buffer Overflow Vulnerability in Dialog Semiconductor SDK for DA14580/1/2/3 Devices Buffer Overflow Vulnerability in Dialog Semiconductor SDK for DA1468x Devices Buffer Overflow Vulnerability in NXP SDK for KW41Z Devices via Bluetooth Low Energy Implementation ISDN Function Vulnerability in Cisco IOS Software and Cisco IOS XE Software Allows Remote Device Reload Denial of Service Vulnerability in Texas Instruments SDK for CC2640R2 Devices CSRF Vulnerability in Landing-CMS 0.0.6 Allows Unauthorized Password Change Stored XSS Vulnerability in Hotaru CMS v1.7.2 via admin_index.php?page=settings SITE NAME Field Technicolor TC7300 STFA.51.20 XSS Vulnerability in /FTPDiag.asp Technicolor TC7300 STFA.51.20 XSS Vulnerability in Connected Clients Field CAPTCHA Bypass Vulnerability in D-Link DIR-615 T1 20.10 Login Page Python Code Injection in SageMath Sage Cell Server SQL Injection in JS JOBS FREE Extension for Joomla! SEGV Vulnerability in Bento4 1.5.1.0: AP4_TfhdAtom::SetDefaultSampleSize Heap-based Buffer Over-read in Bento4 1.5.1.0 Privilege Escalation via Web UI in Cisco IOS XE Software Heap-based Buffer Over-read in Bento4 1.5.1.0 Polymorphic Typing Vulnerability in FasterXML jackson-databind Denial of Service Vulnerability in Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS Devices Heap-Based Buffer Over-Read Vulnerability in Mat_VarReadNextInfo4 Function of MATIO 1.5.17 Use-after-free vulnerability in vips_foreign_load_gif_scan_image in libvips before 8.8.2 Gila CMS 1.11.4 XSS Vulnerability in blog-list.php Unrestricted File Upload Vulnerability in Gila CMS 1.11.4 Directory Traversal Vulnerability in Jiangnan Online Judge (jnoj) 0.8.0 Allows File Deletion Directory Traversal Vulnerability in Jiangnan Online Judge (aka jnoj) 0.8.0 NULL Pointer Dereference Vulnerability in avcodec_open2 in FFmpeg before 4.2 Cisco IOS XE Software Authorization Subsystem Privilege Escalation Vulnerability Heap-Based Buffer Overflow in ImageMagick's ReadPSInfo Function Use-after-free vulnerability in ImageMagick before 7.0.8-55 Heap-based Buffer Overflow in FFmpeg's vqa_decode_chunk Function Heap-based Buffer Overflow in LZ4_write32: Vulnerability in LZ4 Compression Algorithm (CVE-2020-12695) Stack-based Buffer Over-read in GNU Aspell's libaspell.a PoolDestroy Double Free Vulnerability in GDAL through 3.0.1 Integer Overflow Leading to Heap-Based Buffer Overflow in LibTIFF Use-after-free vulnerability in ImageMagick's TraceBezier function in MagickCore/draw.c (CVE-XXXX-XXXX) ESET Cyber Security Denial-of-Service Vulnerability Arbitrary Command Execution Vulnerability in Cisco IOS XE Software Reflected XSS Vulnerability in Blog2Social WordPress Plugin (CVE-2021-XXXX) Stored XSS vulnerability in Apak Wholesale Floorplanning Finance SQL Injection Vulnerability in idreamsoft iCMS v7.0.14's 'Upload Spider Project Scheme' Feature SQL Injection Vulnerability in MetInfo v7.0.0 beta via admin/?n=tags&c=index&a=doSaveTags URI XML External Entity (XXE) Vulnerability in Apache Olingo 4.0.0 to 4.6.0 Vulnerability: DoS Attack via AsyncResponseWrapperImpl in Apache Olingo Apache Olingo AbstractService Class Deserialization Vulnerability Apache Syncope EndUser UI Login Page Reflects SuccessMessage Parameters Vulnerability Remote Code Execution through VelocityResponseWriter in Apache Solr 5.0.0 to Apache Solr 8.3.1 Apache Traffic Server Smuggling Attack and Scheme Parsing Vulnerability Command Execution Vulnerability in Cisco IOS XE Software Insecure SSL Certificate Validation in Apache NetBeans Autoupdate System Code Signature Validation Bypass in Apache NetBeans Autoupdate System Buffer Overflow Vulnerability in Apache CloudStack Baremetal Component Session Fixation Vulnerability in Apache Tomcat 7.0.0 to 7.0.98, 8.5.0 to 8.5.49, and 9.0.0.M1 to 9.0.29 Dubbo HTTP Remoting Deserialization Vulnerability Apache Traffic Server Chunked Encoding Smuggling Vulnerability Apache Batik Vulnerability: Server-Side Request Forgery via xlink:href Attribute Apache HTTP Server mod_proxy_wstunnel Vulnerability: Bypassing HTTP Validation and Authorization HTTP Request Smuggling Vulnerability in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50, and 7.0.98 to 7.0.99 Unauthorized Data Access Vulnerability in Cisco Smart Call Home Feature Untrusted Deserialization Vulnerability in Apache XML-RPC Library Log4j SocketServer Deserialization Remote Code Execution Vulnerability Directory Traversal Vulnerability in Apache RocketMQ 4.2.0 to 4.6.0 Apache CXF /services Page Reflected XSS Vulnerability Arbitrary Code Execution in Popup Maker Plugin for WordPress File-Rename Filter Bypass Vulnerability in WBCE CMS 1.4.0 and Earlier Cross-Site Scripting (XSS) Vulnerability in Dolibarr 10.0.2 via outgoing email setup feature Cross-Site Scripting (XSS) Vulnerability in Dolibarr 10.0.2 via Outgoing Email Setup Cross-Site Scripting (XSS) Vulnerability in Dolibarr 10.0.2 via outgoing email setup feature XSS Vulnerability in SonarQube Project Links Unauthenticated Access Vulnerability in Cisco Catalyst 6500 Series Switches SQL Injection Vulnerability in Tonyy Dormsystem 1.3's admin.php DOM XSS Vulnerability in Tonyy Dormsystem 1.3 Use-after-free vulnerability in _zip_dirent_read function of libzip 1.2.0 Remote Denial of Service Vulnerability in iCMS 7.0.15 Default SSH Keys in Meinberg SyncBox/PTP/PTPv2 Devices Allow Root Access ACL Bypass Vulnerability in Cisco IOS XE Software CSRF Protection Bypass in CSRF Magic Library Regular Expression Denial of Service in csv-parse module for Node.js CSRF Vulnerability in JIZHICMS 1.5.1 Allows Unauthorized Administrator Addition Heap-Based Buffer Over-Read Vulnerability in _nc_find_entry Function in ncurses Library Heap-Based Buffer Over-Read Vulnerability in fmt_entry Function of Ncurses Library Panic Vulnerability in Go Versions 1.12.11 and 1.3.x Proxy Credential Exposure in Lightbend Play Framework Reflected XSS Vulnerability in Quiz And Survey Master Plugin for WordPress Denial of Service (DoS) Vulnerability in Cisco IOS XE Software Administrator Login Credentials Disclosure in Intelbras IWR 1000N 1.6.4 Devices Stack-based Buffer Overflow in MiniShare 1.4.1 via HTTP CONNECT Request SQL Injection Vulnerability in Zoho ManageEngine OpManager Memory Corruption Vulnerability in Asus Aura Sync through 1.07.71 Insecure Direct Object Reference (IDOR) Vulnerability in eyecomms eyeCMS Allows Unauthorized Modification of Candidate Information Mass Assignment Vulnerability in eyecomms eyeCMS Allows Unauthorized Account Takeover Stored XSS Vulnerability in Hexo-Admin Plugin: Post Editor Functionality XSS Vulnerability in HongCMS 3.0.0 via install/index.php Servername Parameter XSS Vulnerability in HongCMS 3.0.0 via install/index.php dbname Parameter XSS Vulnerability in HongCMS 3.0.0 via dbusername parameter in install/index.php Insufficient Memory Initialization Vulnerability in Cisco IOS and IOS XE Software's HSRP Subsystem XSS Vulnerability in HongCMS 3.0.0 via install/index.php dbpassword Parameter XSS Vulnerability in HongCMS 3.0.0 via tableprefix Parameter SQL Injection in 74CMS v5.2.8 via Admin Ad Category Sort Parameter Remote Code Execution Vulnerability in Qibosoft 7 Secure Storage Vulnerability in Cisco IOS and IOS XE Software Allows Unauthorized Access to Sensitive System Information Remote Command Execution Vulnerability in D-Link DIR-859 Wi-Fi Router Stack-based Buffer Overflow in XQueryKeymap Function in X.Org X Server 1.20.4 Stored XSS Vulnerability in Rambox 0.6.9 Allows Code Execution via Name Field Remote Code Execution in ReportLab through 3.5.26 via colors.py Yale Bluetooth Key Vulnerability: Unauthorized Unlock via BLE Traffic Sniffing Stored XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.11 via Crafted Image Filename Cisco IP Phone 8800 Series Web Management Interface Authorization Bypass and DoS Vulnerability Stored XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.11 via Crafted Image Filename Unrestricted Access to Diagnostic Operations in Eclipse OpenJ9 0.15 to 0.16 Unescaped Exception Messages in Error Output in Eclipse Jetty Arbitrary Workspace Start Vulnerability in Eclipse Che Versions 6.16 to 7.3.0 Cross Site Scripting (XSS) Vulnerability in Eclipse Memory Analyzer Deserialization Vulnerability in Eclipse Memory Analyzer Unrestricted File Access Vulnerability in Eclipse Theia Mini-Browser Extension XML External Entity (XXE) Vulnerability in Eclipse Web Tools Platform Double Release of ByteBuffer in Eclipse Jetty (CVE-2020-27223) Vulnerability: System.arraycopy Length Mismatch in Eclipse OpenJ9 on Power Platforms Cross-Site Request Forgery (CSRF) Vulnerability in Cisco IP Phone 8800 Series Path Traversal Vulnerability in Eclipse Vert.x StaticHandler CSRF Vulnerability with Remote Command Execution in Centreon Autodiscovery Plugin Sensitive Information Disclosure in Centreon via Unauthenticated Direct Request Sensitive Information Disclosure in Centreon via Unauthenticated Direct Request Unauthenticated Information Disclosure in Centreon Unauthenticated Information Disclosure in Centreon via api/external.php SQL Injection Vulnerability in Centreon's hostXML.php Arbitrary File Write Vulnerability in Cisco IP Phone 8800 Series SIP Software FortiClient for Mac OS Root Process Command Injection Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in FortiSIEM Device Maintenance Schedule Stack Buffer Overflow Vulnerability in FortiClient for Linux 6.2.1 and Below CSRF Vulnerability in Fortinet FortiSIEM 5.2.5 Allows Remote Attackers to Hijack User Sessions FortiManager Cross-Site WebSocket Hijacking (CSWSH) Vulnerability Cleartext Storage of SSL VPN User Credentials in FortiOS and FortiProxy Stack-based Buffer Overflow in FortiOS and FortiProxy HTTPD Daemon Uncontrolled Resource Consumption Vulnerability in Fortinet Products: Slow HTTP DoS Attacks Elevated Privileges Vulnerability in FortiClient FortiTray Component Cisco IP Phone 8800 Series SIP Software Disk Utilization Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in LimeSurvey 3.19.1 and Earlier CSV Injection in Codepress-Admin-Columns Plugin 3.4.6 for WordPress Allows Remote Code Execution Arbitrary File Read Vulnerability in ThinVNC 1.0b1 D-Link DIR-866L 1.03B04 XSS Vulnerability in Common Gateway Interface Untrusted Search Path Vulnerability in NSA Ghidra DLL Hijacking Vulnerability in NSA Ghidra 9.0.2 and Earlier Buffer Overflow Vulnerability in rtl_p2p_noa_ie in Linux Kernel XSS and HTML Injection Vulnerability in Comtech H8 Heights Remote Gateway 2.5.1 Site Name Field Security Vulnerability: Unregistered Fingerprint Unlock Exploit on Samsung Galaxy S10 and Note10 Devices WordPress SSRF Vulnerability in URL Validation Buffer Overflow and Command Injection Vulnerability in Cisco NX-OS Software WordPress 5.2.4 SSRF Vulnerability in Windows Path Handling Unauthenticated Content Viewing Vulnerability in WordPress 5.2.4 Stored XSS Vulnerability in WordPress before 5.2.4 Allows Injection of JavaScript into STYLE Elements Cache Poisoning Vulnerability in WordPress JSON GET Requests Stored XSS Vulnerability in WordPress Customizer CSRF Vulnerability in WordPress before 5.2.4 CSRF Vulnerability in MetInfo 7.0.0beta Allows Unauthorized User Account Addition Buffer Overflow and Command Injection Vulnerability in Cisco NX-OS Software Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Privilege Escalation Vulnerability in Cisco NX-OS Software Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Privilege Escalation Vulnerability in Cisco NX-OS CLI Cross-Site Scripting (XSS) Vulnerability in Cisco Registered Envelope Service Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Arbitrary Command Execution Vulnerability in Cisco FXOS and NX-OS CLI Arbitrary Command Execution Vulnerability in Cisco FXOS and NX-OS Software Arbitrary Command Execution Vulnerability in Cisco FXOS and NX-OS CLI Arbitrary Command Execution Vulnerability in Cisco FXOS and NX-OS CLI Privilege Escalation Vulnerability in Cisco NX-OS Software Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Denial of Service Vulnerability in ClamAV RAR File Scanning Denial of Service Vulnerability in ClamAV PDF Scanning Functionality ClamAV PDF Scanning Functionality Denial of Service Vulnerability Denial of Service Vulnerability in ClamAV Software's OLE2 File Scanning Functionality Denial of Service Vulnerability in ClamAV Prior to 0.101.2 Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Arbitrary Command Execution Vulnerability in Cisco NX-OS Software Cross-Site Scripting (XSS) Vulnerability in Cisco Umbrella URL Block Page Uncontrolled Search Path Vulnerability in Cisco Directory Connector Arbitrary Command Execution Vulnerability in Cisco FXOS and NX-OS CLI IAPP Message Handling Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Software Cross-Site Request Forgery (CSRF) Vulnerability in Cisco Wireless LAN Controller (WLC) Software Denial of Service Vulnerability in ClamAV Software's PE File Scanning Functionality IAPP Message Handling Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Software IAPP Message Handling Denial of Service Vulnerability in Cisco Wireless LAN Controller (WLC) Software Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Web Interface Privilege Escalation Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Default SSH Key Pair Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Title: Unauthenticated Access Control Vulnerability in Cisco Wireless LAN Controller Software Cisco Small Business Switches SNMP Input Packet Processor Denial of Service Vulnerability Session Hijacking Vulnerability in Cisco Umbrella Dashboard Image Signature Verification Bypass Vulnerability in Cisco NX-OS Software Image Signature Verification Bypass Vulnerability in Cisco NX-OS Software Vulnerability: Image Signature Verification Bypass in Cisco Nexus Switches Vulnerability: Image Signature Verification Bypass in Cisco NX-OS Software Vulnerability: Image Signature Verification Bypass in Cisco NX-OS Software Vulnerability: Image Signature Verification Bypass in Cisco NX-OS Software Memory Exhaustion DoS Vulnerability in Cisco Small Business 300 Series Managed Switches Command Injection Vulnerability in Cisco Web Security Appliance (WSA) Log Subscription Subsystem Cisco Web Security Appliance Web Proxy Denial of Service Vulnerability Information Disclosure Vulnerability in Citrix ADC and Citrix Gateway Use After Free Vulnerability in Real Time Engineers FreeRTOS+FAT 160919a Ticket Listing Vulnerability in Open Ticket Request System (OTRS) Improper Input Sanitization in Cisco Prime Infrastructure and Cisco EPN Manager Allows Unauthorized File Access Endless Loop Vulnerability in OTRS Community Edition and OTRS Bypassing Restricted Functionality in CloudVision Portal via CVP API Calls Arbitrary Command Injection in Pacman's download_with_xfercommand() Function Arbitrary Command Injection in Pacman's apply_deltas() Function Remote Command Execution Vulnerability in Crestron DMC-STRO 1.0 Devices via Ping Function Directory Traversal Vulnerability in Trend Micro OfficeScan Allows Remote Code Execution Command Injection Vulnerability in Trend Micro Apex One Allows Remote Code Execution Root User Authentication Bypass Vulnerability in Trend Micro Apex One, OfficeScan, and Worry-Free Business Security Improper Input Sanitization in Cisco Prime Infrastructure and Cisco EPN Manager Allows Unauthorized File Access Null Pointer Dereference Vulnerability in Trend Micro Security (Consumer) 2020 (v16.x) Privilege Escalation Vulnerability in Trend Micro Deep Security as a Service Quick Setup Cloud Formation Template Local Privilege Escalation in GNU Guix 1.0.1: Arbitrary User Account Access Inadvertent Logging of Key Material in Unisys Stealth Quarantine Flaw in TotalAV 2020 4.14.31 Allows Privilege Escalation via NTFS Directory Junction Privilege Elevation Vulnerability in TerraMaster FS-210 4.0.19 Devices DLL Side Loading Vulnerability in TeamViewer Windows Service Memory Corruption Vulnerability in libxslt 1.1.33's xsltCopyText Function Linux Kernel FIB6 Rule Suppression Memory Corruption Vulnerability Vulnerability: Replay Attacks on Fujitsu Wireless Keyboard Set LX390 GK381 Devices Improper Input Sanitization in Cisco Prime Infrastructure and Cisco EPN Manager Allows Unauthorized File Access Vulnerability: Keystroke Injection Attacks on Fujitsu Wireless Keyboard Set LX390 GK381 Devices Lack of Encryption in Fujitsu Wireless Keyboard Set LX390 GK381 Devices Allows Password Eavesdropping Improper Access Control Allows Information Disclosure on WAGO Series PFC100 and PFC200 Devices RICOH MP 501 Printer: HTML Injection and Stored XSS Vulnerabilities in Address Entry Arbitrary Code Execution Vulnerability in Zucchetti InfoBusiness 4.4.1 Multiple Reflected Cross-site Scripting (XSS) Vulnerabilities in Zucchetti InfoBusiness 4.4.1 and Earlier Arbitrary File Upload Vulnerability in Zucchetti InfoBusiness 4.4.1 and Earlier Client-Side Code Injection in Zucchetti InfoBusiness Web Component XSS Vulnerability in Etherpad-Lite 1.7.5 via Unencoded URL Path in templates/pad.html Remote Code Execution Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Persistent XSS vulnerability in Moodle's /course/modedit.php allows authenticated users to inject JavaScript into the session of other users Arbitrary Remote Code Execution in Orckestra C1 CMS through 6.6 Arbitrary File Write Vulnerability in XML Language Server XML Language Server (lsp4xml) XXE Vulnerability with SSRF and SMB Connection Initiation Denial of Service Vulnerability in Video_Converter App 0.1.0 for Nextcloud DLL Preloading Vulnerability in Comodo Internet Security Vulnerability: BIOS Configuration Vulnerability on ASUS ROG Zephyrus M GM501GS Laptops Remote Denial-of-Service Vulnerability in ProFTPD Versions 1.3.6b and 1.3.7rc Heap-based Buffer Overflow in cdf_read_property_info in file through 5.37 Cross-Site Scripting (XSS) Vulnerability in Sitemagic CMS 4.4.1 Remote Code Execution Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Cross-Site Request Forgery (CSRF) Vulnerability in Sitemagic CMS 4.4.1 Stored XSS Vulnerability in CoreHR Core Portal before 27.0.7 ECDSA Signature Vulnerability in Arm Mbed Crypto and Mbed TLS Multiple Authenticated Stored XSS Vulnerabilities in ZOOM International Call Recording 6.3.1 Heap-based Buffer Overflow in idn2_to_ascii_4i in GNU libidn2 Authentication Bypass Vulnerability in Citrix Application Delivery Controller (ADC) and Gateway Replay Attack Vulnerability in Honeywell equIP and Performance Series IP Cameras and Recorders XXE Vulnerabilities in Advantech WISE-PaaS/RMM Versions 3.3.29 and Prior: Potential Data Disclosure Honeywell equIP Series IP Cameras: Denial of Service Vulnerability SQL Injection Vulnerabilities in Advantech WISE-PaaS/RMM Versions 3.3.29 and Prior Remote Code Execution Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Unauthenticated Audio Streaming Vulnerability in Honeywell equIP and Performance Series IP Cameras Clear Text Transmission of Logins and Passwords in Advantech Spectre RT ERT351 Versions 5.1.3 and Prior Privilege Escalation and DLL Execution Vulnerability in SafeNet Sentinel LDK License Manager Reflected XSS Vulnerability in Advantech Spectre RT Industrial Routers ERT351 5.1.3 and Prior Critical SQL Injection Vulnerability in Equinox Control Expert All Versions Insufficient Login Authentication Parameters in Advantech Spectre RT ERT351 Versions 5.1.3 and Prior Buffer Overflow Vulnerabilities in PLC Editor Version 1.3.5_20190129 Unencrypted Storage of Sensitive Information in Moxa ioLogik 2500 Series Firmware and IOxpress Configuration Utility Arbitrary SQL Query Execution Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Heap-based Buffer Overflow Vulnerabilities in Fuji Electric V-Server 4.0.6 and Prior Weak SSH Ciphers Vulnerability in Philips IntelliBridge EC40 and EC80 Hubs Web Server Failure Vulnerability in Moxa ioLogik 2500 Series Firmware Privilege Escalation via Registry Modification in HMI/SCADA iFIX (Versions 6.1 and prior) Local Information Disclosure Vulnerability in OSIsoft PI System Vulnerability: Code Execution with Elevated Privileges in Reliable Controls LicenseManager Lack of Mutual Authentication in BIOTRONIK CardioMessenger II Denial of Service Vulnerability in Relion 650 and 670 Series Clear-text Transmission of Credentials in BIOTRONIK CardioMessenger II Command Execution Vulnerability in Reliable Controls MACH-ProWebCom/Sys Arbitrary SQL Query Execution Vulnerability in Cisco Prime Infrastructure and Cisco EPN Manager Authentication Bypass Vulnerability in ABB Power Generation Information Manager (PGIM) and Plant Connect Obsolete Function Vulnerability in Omron CX-Supervisor with Teamviewer Version 5.0.8703 QS Credential Reuse Vulnerability in BIOTRONIK CardioMessenger II Directory Traversal Vulnerability in Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) Unencrypted Data Disclosure Vulnerability in BIOTRONIK CardioMessenger II Local Privilege Escalation in HMI/SCADA iFIX (Versions 6.1 and prior) through Section Object Manipulation Vulnerability: Credential Exposure and Data Decryption in BIOTRONIK CardioMessenger II Multiple Stack-Based Buffer Overflow Vulnerabilities in Advantech DiagAnywhere Server Arbitrary Message Spoofing and Command Execution Vulnerability in Omron PLC CJ and CS Series Cisco Aironet Series Access Points Denial of Service Vulnerability Insufficient Authentication Rate Limiting in Omron PLC CS, CJ, and NJ Series Weak Encryption Scheme in Philips Veradius Unity, Pulsera, and Endura Dual WAN Routers Cross-Site Scripting (XSS) Vulnerability in Digital Alert Systems’ DASDEC Software Arbitrary JavaScript Injection and Stored Cross-Site Scripting Vulnerability in GE S2020/S2020G Fast Switch 61850 Unrestricted Externally Accessible Lock Vulnerability in Omron's CS and CJ Series PLCs Reflected Cross-Site Scripting Vulnerability in Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Cross-Site Request Forgery Vulnerability in OSIsoft PI Vision Administration Site Cross-Site Scripting Vulnerability in OSIsoft PI Vision Improper Access Control in OSIsoft PI Vision Privilege Escalation Vulnerability in GNU Bash HTTP Request Smuggling Vulnerability in HAProxy Code Execution Vulnerability in VideoLAN VLC Media Player 3.0.8 with libqt on Windows Privilege Escalation Vulnerability in Phoenix SCT WinFlash Weak Encryption Algorithm Vulnerability in Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Cross Site Request Forgery (CSRF) Vulnerability in Sourcecodester Online Grading System 1.0 Denial of Service Vulnerability in Qt qtbase 5.11.x and 5.12.x Device Tracking Vulnerability in Linux Kernel 4.3 through 5.x Unauthenticated Remote Code Execution in SPPA-T3000 Application Server Unauthenticated Access to AdminService in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2) Unencrypted RMI Communication in SPPA-T3000 Application Server SPPA-T3000 Application Server Directory Listing and Sensitive Information Exposure Vulnerability Directory Listing and Sensitive Information Exposure in SPPA-T3000 Application Server Remote Code Execution via Unsecured File Upload in SPPA-T3000 Application Server SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability Vulnerability: Unauthorized Access to Cisco Aironet Series Access Points via CLI SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability Title: SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability Title: SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability Local Privilege Escalation Vulnerability in SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server Authenticated Remote DoS Vulnerability in Cisco Wireless LAN Controller (WLC) LSC Management Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server Local Privilege Escalation Vulnerability in SPPA-T3000 MS3000 Migration Server Local Privilege Escalation Vulnerability in SPPA-T3000 MS3000 Migration Server Bypassing Content Filters in Cisco Email Security Appliance Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server Denial-of-Service Vulnerability in SPPA-T3000 MS3000 Migration Server SPPA-T3000 MS3000 Migration Server Network Enumeration Vulnerability Remote Code Execution Vulnerability in SPPA-T3000 MS3000 Migration Server Remote Code Execution Vulnerability in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2) Remote Code Execution Vulnerability in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2) Remote Code Execution Vulnerability in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2) Denial-of-Service Vulnerability in SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2) SPPA-T3000 Application Server Denial-of-Service Vulnerability Denial-of-Service Vulnerability in SPPA-T3000 Application Server Cisco Firepower Threat Defense (FTD) Software ICMP Packet Bypass Vulnerability Arbitrary File Upload Vulnerability in SPPA-T3000 Application Server Arbitrary File Read/Write Vulnerability in SPPA-T3000 MS3000 Migration Server Arbitrary File Read/Write Vulnerability in SPPA-T3000 MS3000 Migration Server SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability Denial-of-Service and Remote Code Execution Vulnerability in SPPA-T3000 MS3000 Migration Server Vulnerability in SPPA-T3000 MS3000 Migration Server Allows Remote Code Execution and Denial-of-Service SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability Denial-of-Service and Remote Code Execution Vulnerability in SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability in SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability in SPPA-T3000 MS3000 Migration Server Vulnerability: Bypassing Configured Policies in Cisco Firepower Threat Defense (FTD) Software SPPA-T3000 MS3000 Migration Server Denial-of-Service and Remote Code Execution Vulnerability Path Disclosure Vulnerability in SPPA-T3000 Application Server Directory Listing Vulnerability in SPPA-T3000 Application Server SPPA-T3000 Application Server Filename Disclosure Vulnerability User Enumeration Vulnerability in SPPA-T3000 Application Server SPPA-T3000 Application Server Vulnerability: Unauthorized Access to Logs and Configuration Files Vulnerability in SIMATIC S7-300 CPU Family and Other Siemens Devices Authentication Bypass Vulnerability in Control Center Server (CCS) Directory Traversal Vulnerability in Control Center Server (CCS) Authentication Bypass Vulnerability in SiNVR/SiVMS Video Server Vulnerability in Cisco Aironet Series Access Points Allows DoS Attack via Malformed Wireless Packets Weak Cryptography Vulnerability in Control Center Server and SiNVR/SiVMS Video Server Authentication Bypass Vulnerability in Control Center Server (CCS) Unrestricted File Access and Resource Exploitation in Control Center Server (CCS) Unauthenticated SQL Injection Vulnerability in Sourcecodester Online Grading System 1.0 Reflected XSS Vulnerability in DAViCal through 1.1.8 CSRF Vulnerability in DAViCal through 1.1.8 Allows Unauthorized Actions Stored XSS Vulnerability in DAViCal 1.1.8: Unsanitized User Input Execution CRLF Injection Vulnerability in urllib2 and urllib Privilege Escalation Vulnerability in HotkeyP (CVE-2021-XXXX) Directory Traversal Vulnerability in Cisco Aironet Access Points (APs) Reflected XSS Vulnerability in Ant Design Pro 4.0.0 Login Redirect Improper Access Control in PHOENIX CONTACT FL NAT Devices with MAC-based Port Security Legacy Web Launcher in Thycotic Secret Server before 10.7 is vulnerable to SSRF issue Cross-Site Scripting (XSS) Vulnerability in Thycotic Secret Server before 10.7 (Issue 1 of 2) Cross-Site Scripting (XSS) Vulnerability in Thycotic Secret Server before 10.7 (Issue 2 of 2) Buffer Over-read Vulnerability in MP3Gain 1.6.2 Leads to Remote Denial of Service Vulnerability: Symbolic Link Overwrite in Cisco Nexus 9000 Series Fabric Switches Username Enumeration Vulnerability in JetBrains Hub Local Privilege Escalation in JetBrains IntelliJ IDEA before 2019.2 Network Port Exposure in JetBrains MPS before 2019.2.2 Access to History of Deleted Build Configurations in JetBrains TeamCity (CVE-2019-12345) Remote Code Execution Vulnerability in JetBrains TeamCity before 2019.1.4 through Insecure Java Deserialization Reverse Tabnabbing Vulnerability in JetBrains TeamCity Exposure of Secure Values in JetBrains TeamCity Unauthorized Non-Destructive Operation in JetBrains TeamCity Privilege Escalation Vulnerability in JetBrains Toolbox App for Windows Unauthorized Removal of Tags in JetBrains YouTrack Cisco Unified Communications Manager (Unified CM) User Data Services (UDS) API Denial of Service Vulnerability Command Injection Vulnerability in Xiaomi Mi WiFi R3G Devices Directory Traversal Vulnerability in Xiaomi Mi WiFi R3G Devices Privilege Escalation Vulnerability in Symantec Endpoint Protection Norton App Lock Vulnerability: Bypass Exploit Allows Unauthorized Access Authentication Bypass Vulnerability in Symantec Critical System Protection (CSP) 8.0, 8.0 HF1 & 8.0 MP1 Session Hijacking Vulnerability in ASG and ProxySG Management Consoles CSRF Token Disclosure Vulnerability in Management Center (MC) Privilege Escalation Vulnerability in Symantec Messaging Gateway (prior to 10.7.3) Cross-Site Scripting (XSS) Vulnerability in Symantec Messaging Gateway Server-side Request Forgery (SSRF) Vulnerability in Symantec Messaging Gateway Cisco APIC Web-Based Management Interface Cross-Site Scripting Vulnerability Unauthorized Access Vulnerability in Symantec Industrial Control System Protection (ICSP) 6.x.x Cross-Origin Resource Sharing (CORS) Vulnerability in Norton Password Manager Denial of Service Vulnerability on AVStar PE204 IP Camera Devices Unauthorized Remote Download of Backup Files on TerraMaster FS-210 4.0.19 Devices Unauthorized Access to Shared Files on TerraMaster FS-210 4.0.19 Devices Unauthenticated Log File Download Vulnerability in TerraMaster FS-210 4.0.19 Vulnerability in Unisys ClearPath Forward Libra and ClearPath MCP Software Series: Crafted Message Payloads Impact Systems Management Communication Channel Unauthenticated SQL Injection in Sourcecodester Hotel and Lodge Management System 1.0 NULL Pointer Dereference Vulnerability in virglrenderer Heap-based Buffer Overflow in vrend_renderer_transfer_write_iov Function in virglrenderer Root Privilege Escalation Vulnerability in Cisco Remote PHY Device Software Denial of Service Vulnerability in vrend_blit_need_swizzle Function Heap-based Buffer Overflow in vrend_renderer_transfer_write_iov Function in virglrenderer Directory Traversal Vulnerability in PluginServlet.java Arbitrary HTTP GET Request Vulnerability in Ignite Realtime Openfire Command Injection Vulnerability in Oi Third-Party Firmware for Technicolor TD5130v2 Devices Buffer Overflow in fribidi_get_par_embedding_levels_ex() Function in GNU FriBidi through 1.0.7 Cisco Prime Network Registrar DHCPv6 Input Packet Processor Denial of Service Vulnerability Use-after-free vulnerability in libarchive's RAR format reader Local Privilege Escalation Vulnerability in ruby_parser-legacy Gem 1.0.0 Cisco DNA Center Software Image Management Feature Vulnerability CSRF Vulnerability in Zoho ManageEngine ADSelfService Plus 5.x through 5803 XXE Vulnerability in JetBrains IDETalk Plugin Bypassing Input Validation in TypeStack class-validator 0.10.2 Cross Site Request Forgery (CSRF) Vulnerability in Sourcecodester Restaurant Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Sourcecodester Restaurant Management System 1.0 Cross-Site Scripting (XSS) Vulnerability in Sourcecodester Restaurant Management System 1.0 Arbitrary File Upload Vulnerability in Sourcecodester Restaurant Management System 1.0 Unauthenticated Remote Access to ClonOS WEB Control Panel via Change Password Requests ClonOS WEB Control Panel 19.09 - Cross-Site Scripting (XSS) Vulnerability in index.php Cisco IOS XR Software SSH Authentication Function Vulnerability Denial of Service Vulnerability in Xen through 4.12.x via VCPUOP_initialise Hypercall Race Conditions in Pagetable Promotion and Demotion Operations in Xen ARM Guest OS Privilege Escalation and Denial of Service Vulnerability in Xen Denial of Service Vulnerability in Xen for ARM Systems via XENMEM_add_to_physmap Hypercall Privilege Escalation via DMA in Xen with PCI Pass-Through Privilege Escalation in Xen for 32-bit PV Guest OS WhatsApp Desktop and iPhone Pairing Vulnerability: Cross-Site Scripting and Local File Reading Denial of Service Vulnerability in Cisco RV Series Routers Bypassing Attachment Filtering in Cisco Email Security Appliance Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition 8.15 through 12.4 Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition before 12.4 Insecure Permissions in GitLab Autocomplete Feature Denial of Service Vulnerability in Cisco Unified Communications Manager IM and Presence Service Insecure Permissions Vulnerability in GitLab Project Labels Feature Open Redirect Vulnerability in GitLab Community and Enterprise Edition 10.7.4 through 12.4 Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition Insecure Permissions Vulnerability in GitLab's Email Comment Feature XSS Vulnerability in GitLab's RDoc Wiki Pages Link Validation Infinite Loop Vulnerability in GitLab Community and Enterprise Edition 11 through 12.4 Insecure Permissions in GitLab's Elasticsearch Integration Search Feature Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition 11.8 through 12.4 Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition (Issue 2/4) Insecure Permissions in GitLab Protected Environments Cisco ASR 9000 Series MPLS OAM Denial of Service Vulnerability Incorrect Access Control in GitLab Comments Search with Elasticsearch Integration Incorrect Access Control in GitLab Community and Enterprise Edition 11.3 through 12.3 when adding a sub group epic to a public group Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition 11.3 through 12.4 Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition (Issue 4/4) SQL Injection Vulnerabilities in MOVEit Transfer REST API Unauthorized Access via SSH (SFTP) Interface in MOVEit Transfer 11.1 Symlink Resolution Vulnerability in Podman Unauthenticated Access to Critical Internal Services in Cisco DNA Center Cisco IOS XR Software BGP EVPN Denial of Service Vulnerability Arbitrary Command Injection Vulnerability in Cisco IMC Software Arbitrary Certificate Generation Vulnerability in Cisco ISE's ERS API Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Network Registrar Web Interface Improper Bounds Checks in Cisco AnyConnect Secure Mobility Client for Linux Allow Remote Information Disclosure Directory Traversal Vulnerability in Cisco Expressway Series Web Interface Title: Cisco Jabber for Windows DLL Preloading Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Collaboration Assurance (PCA) Web Interface Race Condition Vulnerability in Bromium Client Version 4.0.3.2060 and Prior to 4.1.7 Update 1 Local Privilege Escalation Vulnerability in Avira Free Antivirus 15.0.1907.1514 Cross-Site Request Forgery (CSRF) Vulnerability in Cisco HyperFlex HX-Series Web Management Interface Reflected Cross-Site Scripting Vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance Products Improper Authentication in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance Products Session Fixation Vulnerability in RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance Products Stored Cross-Site Scripting Vulnerability in RSA Authentication Manager Security Console Uncontrolled Search Path Vulnerability in Dell Command Configure Information Disclosure Vulnerability in Dell EMC XtremIO XMS Versions Prior to 6.3.0 Incorrect Permission Assignment Vulnerability in Dell EMC XtremIO XMS Versions Prior to 6.3.0 Stored Cross-Site Scripting Vulnerability in Dell EMC XtremIO XMS Versions Prior to 6.3.0 BIOS Configuration Vulnerability Allows DMA Attack on Dell XPS 13 2-in-1 (7390) Memory Leak Vulnerability in Cisco FXOS and NX-OS SNMP Packet Processor Dell EMC Storage Monitoring and Reporting 4.3.1 - Java RMI Deserialization of Untrusted Data Vulnerability Dell EMC Data Protection Advisor REST API Server Authorization Bypass Vulnerability Server-side Template Injection Vulnerability in Dell EMC Data Protection Advisor Cross-Site Scripting (XSS) Vulnerability in Dell EMC Unisphere for PowerMax and PowerMax OS Vulnerability: Bypassing Client-Side Certificate Authentication in Cisco Small Business Switches SSH Unauthenticated Remote Code Execution in Cisco Unified Intelligence Center Dashboard Gadget Rendering OpenAFS Denial of Service Vulnerability in VOTE_Debug RPC Handler Uninitialized Scalar Information Disclosure Vulnerability in OpenAFS Information Leakage in OpenAFS before 1.6.24 and 1.8.x before 1.8.5 due to Uninitialized RPC Output Variables sprintf Mishandling Vulnerability in axohelp.c Unauthorized Order-Information Modification in Cezerin v0.33.0 Integer Overflow and Heap Memory Corruption in amqp_handle_input Arbitrary Code Execution Vulnerability in Cisco Industrial Network Director Arbitrary Command Execution via Originate AMI Request in Sangoma Asterisk Sensitive Information Exposure in CheckUser Extension for MediaWiki Vulnerability: Disclosure of Hidden AbuseFilter Filters in MediaWiki Buffer Overflow Vulnerability in Cypress CYW20735 Evaluation Board User Password Exposure in CloudVision Portal (CVP) Application Logs Firmware Vulnerability: Unauthorized Data Access in Synaptics VFS75xx Fingerprint Sensors Arbitrary Code Execution Vulnerability in Synaptics WBF Drivers Command Execution Vulnerability in Cisco IOS XE Software Web UI SQL Injection Vulnerability in phpMyAdmin Designer Feature Privilege Escalation Vulnerability in EnergyCAP 7 through 7.5.6 Vulnerability in Opera Mini for Android Allows Bypassing of .apk File Restrictions via RTLO Approach TCP Session Bypass/Evasion Vulnerability in Suricata 5.0.0 Harris Ormed Self Service Information Disclosure Vulnerability Vulnerability: Data Encryption Bypass in Xerox AltaLink and C80xx Multifunction Printers Unwanted Binary Execution Vulnerability in Xerox AltaLink and C80xx Multifunction Printers Unauthorized Configuration Changes in Cisco IMC Software Unencrypted Executable Code Vulnerability on Xerox AltaLink and C80xx Multifunction Printers Unspecified Exception Handling Vulnerability in Centrify Authentication and Privilege Elevation Services Certificate Faking Vulnerability in European Commission eIDAS-Node Integration Package before 2.3.1 Missing Certificate Validation in European Commission eIDAS-Node Integration Package before 2.3.1 Stack-based Buffer Overflow in Sudo with pwfeedback Enabled NULL Pointer Dereference in MPDevice_win.cpp Arbitrary Web Script Injection Vulnerability in Jitbit .NET Forum 8.3.8 Arbitrary Command Injection Vulnerability in Cisco IMC Software Improper Access Control in Rock RMS before 1.8.6 Account Takeover Vulnerability in Rock RMS Version Before 8.6 File Upload Bypass Vulnerability in Rock RMS Versions 8.10 and 9.0-9.3 Vulnerability: TOCTOU Bug in Total Defense Anti-virus 11.5.2.28 Allows Symbolic Link Attacks for Privileged File Deletion Vulnerability: Symbolic Link Attack in Total Defense Anti-virus 11.5.2.28 Quarantine Restoration Function Authenticated Inline-Query SQL Injection Vulnerability in Untangle NG Firewall 14.2.0 Authenticated Command Injection Vulnerability in Untangle NG Firewall 14.2.0 Reflected XSS Vulnerability in Untangle NG Firewall 14.2.0 Stored XSS Vulnerability in Untangle NG Firewall 14.2.0 Title Input Field Arbitrary Command Injection Vulnerability in Cisco Integrated Management Controller (IMC) Software CSRF Vulnerability in Joomla! com_template CSRF Vulnerability in 3xLogic Infinias Access Control Allows Unauthorized Actions DOM Based XSS Vulnerability in WatchGuard XMT515 through 12.1.3 Cross Site Scripting (XSS) Vulnerability in Avast AntiVirus Network Notification Popup Cross Site Scripting (XSS) Vulnerability in AVG AntiVirus Network Notification Popup File Sharing Wizard v1.5.0: Remote Command Execution via Structured Exception Handler Buffer Overflow XSS Vulnerability in Pimcore 6.2.3 Translations Grid HTTP Header Injection in ClickHouse via url table function Helm 2.x Directory Loading and Packaging Vulnerability Vulnerability: Presidential Alert Spoofing in Wireless Emergency Alerts (WEA) Protocol Improper Validation of Host Header Values in Cisco Webex Business Suite Information Exposure Vulnerability in Linux Kernel on PowerPC CPUs (CID-39e72bf96f58) Partial Authentication Bypass in Fastweb FASTGate 1.0.1b Devices SQL Injection Vulnerability in YouPHPTube Live Chat Plugin SQL Injection Vulnerability in ARP-GUARD 4.0.0-5 Login Forgot1 POST Request Cross-Site Scripting (XSS) Vulnerability in SECUDOS DOMOS Log Module Local File Inclusion Vulnerability in SECUDOS DOMOS before 5.6 Undocumented Telnet Service Activation Vulnerability on D-Link DAP-1360 Revision F Devices Cross-Site Scripting (XSS) Vulnerability in freeradius_view_config.php Currency Switcher Addon for WooCommerce Vulnerability: Price Manipulation through Nonexistent Currency Authentication Bypass Vulnerability in Cisco Elastic Services Controller REST API DLL Hijacking Vulnerability in Acer Quick Access Service Out-of-Bounds Write Vulnerability in ShapeShift KeepKey Hardware Wallet Firmware 6.2.2 Vulnerability: Insufficient Checks in ShapeShift KeepKey Hardware Wallet's Finite State Machine Side Channel Vulnerability: Power Consumption Analysis of SHIFT BitBox02's Row-Based OLED Display Path Disclosure Vulnerability in Joomla! before 3.9.13 Integer Overflow in cpia2_remap_buffer in Linux Kernel 5.3.13: Privilege Escalation Vulnerability Heap-based Buffer Overflow in Squid Proxy Server Improper Traffic Redirection Vulnerability in Squid 3.x and 4.x HTTP Request Smuggling Vulnerability in Squid Proxy Server Information Disclosure Vulnerability in Squid HTTP Digest Authentication Improper Access Control in Cisco Webex Meetings Server Allows Unauthorized Access to Sensitive System Information NULL Pointer Dereference in rds_tcp_kill_sock() in Linux Kernel 4.4.x Race conditions and use-after-free vulnerability in vivid driver Race condition vulnerability in Sudo allows local users to escalate to root Denial of Service Vulnerability in Cisco StarOS Operating System Cross-Site Scripting (XSS) Vulnerability in Cisco ECE Center Web Interface Buffer Overflow Vulnerability in Cisco IMC Import Configuration Utility Arbitrary Network Request Vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series Software Vulnerability: Remote Reboot Exploit in Cisco ASA and FTD Software Cross-Site Request Forgery Vulnerability in Cisco Prime Service Catalog Software Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Service Catalog Web Interface Insufficient Authentication in Cisco WAAS Software Allows Unauthorized HTTPS Proxy Access Unauthenticated File Download Vulnerability in Cisco Enterprise Chat and Email API Arbitrary Command Injection Vulnerability in Cisco TelePresence Codec and Collaboration Endpoint Software Arbitrary Command Injection Vulnerability in Veritas InfoScale Cluster Server Open Redirect Vulnerability in Zoho ManageEngine ADSelfService Plus 5.x before 5809 Inadequate .htaccess Protection in SuiteCRM 7.10.x and 7.11.x SQL Injection Vulnerability in SuiteCRM 7.10.x and 7.11.x API Access Token and Credential Mishandling in SuiteCRM 7.10.x and 7.11.x Uninitialized Memory Disclosure in rcar_drif_g_fmt_sdr_cap in Linux Kernel through 5.3.8 Arbitrary Command Injection Vulnerability in Cisco Integrated Management Controller (IMC) CLI SIP Peer IP Address Hijacking Vulnerability Stored XSS Vulnerability in Lexmark Printers' Embedded Web Server TCP Segment Overlapping Vulnerability in Suricata 5.0.0 Cross-Site Scripting (XSS) Vulnerability in Parallels Plesk Panel 9.5 via fileName Parameter BASS Audio Library 2.4.14 Windows Use after Free Vulnerability via Crafted .ogg File BASS Audio Library 2.4.14 Windows WAV File Out of Bounds Read Vulnerability BASS Audio Library 2.4.14 Windows Denial of Service Vulnerability via Crafted .mp3 File Uncontrolled Recursion Vulnerability in LibSass 3.6.1 Heap-Based Buffer Over-Read Vulnerability in LibSass before 3.6.3 NULL Pointer Dereference in LibSass: parseCompoundSelector in parser_selectors.cpp Vulnerability: Compromised BIOS Firmware Installation in Cisco UCS C-Series Rack Servers Viber Account Hijacking via Unencrypted Traffic and UDID Manipulation HTTP/2 Heap Corruption Vulnerability in Envoy 1.12.0 Whitespace Bypass Vulnerability in Envoy 1.12.0 NULL Pointer Dereference in DJVU::filter_fv at IW44EncodeCodec.cpp Signed Integer Overflow in tcp_ack_update_rtt() in Linux Kernel Memory Leak Vulnerability in ql_alloc_large_buffers() Function in Linux Kernel Memory leaks in sja1105_static_config_upload() function in Linux kernel before 5.3.5 Memory Leak Vulnerability in ccp_run_sha_cmd() Function in Linux Kernel Memory Leak Vulnerability in af9005_identify_state() Function in Linux Kernel Cisco Industrial Network Director (IND) Cross-Site Request Forgery (CSRF) Vulnerability Memory Leak in Linux Kernel's komeda_wb_connector_add() Function Memory Leak in sof_set_get_large_ctrl_data() Function in Linux Kernel (CVE-2020-XXXX) Memory Leak Vulnerability in sof_dfsentry_write() Function in Linux Kernel (CVE-2020-12345) Memory Leak in dwc3_pci_probe() Function in Linux Kernel (CVE-2020-12345) Use-after-free vulnerability in aa_audit_rule_init() in Linux kernel through 5.3.9 Open Redirection Vulnerability in PopojiCMS 2.0.1 Stored XSS Vulnerability in po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 Denial of Service Vulnerability in Istio 1.3.x (CVE-2019-18836) Password Reset Vulnerability in Strapi Versions Before 3.0.0-beta.17.5 Eximious Logo Designer 3.82 User Mode Write AV Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Industrial Network Director Heap Corruption Vulnerability in Eximious Logo Designer 3.82 Eximious Logo Designer 3.82 User Mode Write AV Vulnerability Privilege Escalation Vulnerability in ZOOM Call Recording 6.3.1 via callrec-rs@.service Incorrect Access Control in HTCondor: Impersonation of Users in condor_schedd Missing Integrity Check in Barco ClickShare Button Devices Insecure Credentials Management in Barco ClickShare Huddle CS-100 and CSE-200 Devices Improper Certificate Chain Validation in Barco ClickShare Button Devices JTAG Access Vulnerability on Barco ClickShare Button Devices Weak Root Password Vulnerability in Barco ClickShare Button Devices Missing Integrity Check in Barco ClickShare Button R9861500D01 Devices Command Injection Vulnerability in Cisco IMC CLI Barco ClickShare Button R9861500D01 Devices OS Command Injection Vulnerability Information Exposure in Barco ClickShare Button Firmware Insecure Credentials Management in Barco ClickShare Button R9861500D01 Devices ClickShare Button R9861500D01 devices before 1.9.0 vulnerable to Man-in-the-Middle attack for encryption key retrieval Persistent XSS in WooCommerce Subscriptions Plugin Allows Remote Code Execution Improper Signature Handling in Matrix Synapse Federation APIs Remote Denial of Service Vulnerability in Envoy 1.12.0 due to Resource Loops Symlink Traversal Vulnerability in crun NULL Pointer Dereference in Envoy 1.12.0 due to Malformed HTTP Request Handling Stored XSS and Remote Code Execution in FUDForum 3.0.9 via nlogin Parameter Cisco Web Security Appliance (WSA) Web Proxy Denial of Service Vulnerability Heap-based Buffer Overflow and Invalid Free in ASN.1 Certificate Parsing of wolfSSL 4.1.0 - 4.2.0c Prototype Pollution Vulnerability in Chartkick.js Cross-Site Scripting (XSS) Vulnerability in Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module Allows Credential Leakage Denial of Service Vulnerability in ACRN Device Model Arbitrary Memory Access Vulnerability in Patriot Viper RGB Drivers SSRF Vulnerability in OX App Suite through 7.10.2 Critical Remote Code Execution Vulnerability in Enterprise Access Client Auto-Updater (Versions Prior to 2.0.1) Insufficient Element Count in JSON-JWT Gem for Ruby (CVE-2021-2345) Heap-based Buffer Over-read Vulnerability in TNEF before 1.4.18 Redfish Protocol Command Injection Vulnerability in Cisco IMC Vulnerability: Fingerprinting and Predictable Responses in TrevorC2 v1.1/v1.2 Hardcoded Alphanetworks User Account Vulnerability in D-Link Devices Denial of Service Vulnerability in ImageMagick's SVG Parsing Unlimited Recursion Denial of Service Vulnerability in safe-svg WordPress Plugin Denial of Service Vulnerability in safe-svg WordPress Plugin Denial of Service Vulnerability in SVG Sanitizer Module for Drupal Improper Handling of Script and Data Values in Attributes in darylldoyle svg-sanitizer before 0.12.0 Buffer Overflow Vulnerability in CODESYS 3 Web Server Cross-Site Scripting (XSS) Vulnerability in Digi AnywhereUSB 14 via Digi Page Link Cisco Web Security Appliance (WSA) HTTPS Decryption DoS Vulnerability HTML Injection Vulnerability in Squid's cachemgr.cgi Local Privilege Escalation in GNU Mailutils URL Mode Mitel 6800 and 6900 SIP Series Phones: SRTP 128-bit Key Length Vulnerability Unauthenticated Information Disclosure in Blaauw Remote Kiln Control v3.00r4 Error Message Discrepancies in Blaauw Remote Kiln Control v3.00r4: Username Enumeration Vulnerability Unauthenticated SQL Injection in Blaauw Remote Kiln Control v3.00r4 Vulnerability: Directory Enumeration in Blaauw Remote Kiln Control v3.00r4 Blaauw Remote Kiln Control v3.00r4: Unauthenticated Access to Cleartext MySQL Credentials Arbitrary PHP Code Execution Vulnerability in Blaauw Remote Kiln Control v3.00r4 Cisco Unified Communications Manager SIP Protocol Implementation Denial of Service Vulnerability Arbitrary File Download Vulnerability in Blaauw Remote Kiln Control v3.00r4 Arbitrary File Upload and Remote Code Execution Vulnerability in Blaauw Remote Kiln Control v3.00r4 Weak Password Requirements in Blaauw Remote Kiln Control v3.00r4 Stored XSS and Remote Code Execution in FUDForum 3.0.9 via User-Agent HTTP Header Double Free Vulnerability in psutil (aka python-psutil) through 5.6.5 Arbitrary File Upload and Command Execution Vulnerability in Cisco Unified Contact Center Express Administration Web Interface Unauthenticated Reflected XSS Vulnerability in WSO2 IS Key Manager 5.7.0 Dashboard User Profile Stored XSS in WSO2 IS Key Manager 5.7.0 via mishandling of Content-Type in download-userinfo.jag Cross-Site Scripting (XSS) Vulnerability in Lavalite CMS 5.7 via Admin/Profile Name or Designation Field CSRF Vulnerability in RISE Ultimate Project Manager 2.3 Allows Unauthorized User Addition NULL pointer dereference vulnerability in btrfs_verify_dev_extents in Linux kernel before 5.1 User Enumeration Vulnerability in Symfony Security Timing Attack Vulnerability in Symfony's UriSigner Arbitrary Command Execution via Unvalidated MIME Type Validation in Symfony Remote Code Injection Vulnerability in Symfony Cache Adapter Interfaces Privilege Escalation Vulnerability in Cisco APIC Software REST API Redmine SQL Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in Avast and AVG Secure Browsers' Video Downloader Component Arbitrary OS Command Execution Vulnerability in Avast Premium Security 19.8.2393 Insecure Permissions in Scanguard Installation Directory: Privilege Escalation Vulnerability Privilege Escalation via Symlink Following in SUSE Linux Enterprise Server and openSUSE Factory Privilege Escalation via Symlink Following in trousers package of SUSE Linux Enterprise Server 15 SP1 and openSUSE Factory Privilege Escalation Vulnerability in apt-cacher-ng on openSUSE Leap 15.1 Vulnerability: Unauthorized Server Connection in Cisco Nexus 9000 Series ACI Mode Switch Software Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 Local Privilege Escalation via Symlink Following in mariadb packaging of SUSE Linux Enterprise Server 12 and 15 Use After Free Vulnerability in Wicked of SUSE Linux Enterprise Server and openSUSE Leap Use After Free Vulnerability in Wicked of SUSE Linux Enterprise Server and openSUSE Leap Uncontrolled Resource Consumption Vulnerability in rmt of SUSE Linux Enterprise and openSUSE Leap 15.1 Insufficient Verification of Data Authenticity in autoyast2 of SUSE Linux Enterprise Server 12 and 15 Improper Authentication in cryptctl: Bypassing Hashed Passwords Command Injection Vulnerability in HP ThinPro VPN Software Cisco Small Business Managed Switches Web Interface Denial of Service Vulnerability Command Injection Vulnerability in Citrix Receiver Wrapper Function Security Vulnerability in HP Printers and MFPs with Troy Solutions: FutureSmart Firmware Bundle Version 4.9 or 4.9.0.1 Pre-Boot DMA Vulnerability: Unauthorized UEFI Code Execution via Open-Case Attacks HP Printer and MFP Vulnerability: Cross-Site Scripting via Malicious Links Arbitrary Code Execution Vulnerability in HP System Event Utility Unauthorized Elevation of Privilege Vulnerability in HP LaserJet Solution Software Account Lockout Bypass Vulnerability Discovered in HP Printers and All-in-Ones Memory Corruption Vulnerability in Cisco Small Business Managed Switches Directory Traversal Vulnerability in Allied Telesis AT-GS950/8 Web Interface Arbitrary Content Serving Vulnerability in go-camo before 2.1.1 Directory Traversal Vulnerability in Systematic IRIS WebForms 5.4 Unauthenticated Access to Systematic IRIS WebForms 5.4 Unauthenticated Reflected Cross Site Scripting (XSS) in Systematic IRIS Standards Management (ISM) v2.1 SP1 89 HTTP Request Privilege Escalation in Cyrus IMAP 2.5.x and 3.x Arbitrary Code Execution Vulnerability in Western Digital My Cloud EX2 Ultra Firmware 2.31.183 Arbitrary Command Execution Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Arbitrary Code Execution Vulnerability in Western Digital My Cloud EX2 Ultra Firmware 2.31.183 Buffer Overflow Vulnerability in Western Digital My Cloud EX2 Ultra Firmware 2.31.195 Local Privilege Escalation in Squid Analysis Report Generator (sarg) through 2.3.11 Vulnerability: API Key Theft in Zulip Server Social Authentication Vulnerability in Unbound's IPsec Module Allows for Shell Code Execution .NET Deserialization Vulnerability in Progress Telerik UI for ASP.NET AJAX Denial of Service Vulnerability in UniValue::read() Remote Code Execution in eQ-3 Homematic CCU2 and CCU3 via exec.cgi Remote Code Execution Vulnerability in eQ-3 Homematic CCU2 and CCU3 with E-Mail AddOn Remote Code Execution in eQ-3 Homematic CCU2 and CCU3 with HM-Print AddOn Arbitrary File Overwrite/Read Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Stored XSS Vulnerability in Micro Focus Solutions Business Manager XML External Entity Processing (XXE) Vulnerability in Micro Focus Solutions Business Manager Reflected XSS Vulnerability in Micro Focus Solutions Business Manager Application Repository Privilege Escalation Vulnerability in Micro Focus Solutions Business Manager Application Repository Session Fixation Vulnerability in Micro Focus Solutions Business Manager Application Repository Information Disclosure Vulnerability in Micro Focus Solutions Business Manager Application Repository Arista EOS VxLAN Code Malformed ARP Packet Vulnerability Unintended JavaScript Execution via Redirection Chain in SnowHaze Insufficient Authentication Mechanism in Cisco NFVIS VNC Console Allows Unauthorized Access Arbitrary File Read Vulnerability in SibSoft Xfilesharing through 2.5.1 Arbitrary File Upload and Remote Code Execution in SibSoft Xfilesharing through 2.5.1 Arbitrary Attribute Overwrite Vulnerability in Pomelo v2.2.5 XSS Vulnerability in Lansweeper 7.2.105.2 Web Console Remote Code Execution via Untrusted Java Deserialization in Divisa Proxia Suite, SparkSpace, and Proxia PHR Reflected XSS Vulnerability in MicroStrategy Library Nitro Pro OCR Debug.log File Creation Vulnerability Arbitrary Command Injection Vulnerability in Cisco Integrated Management Controller (IMC) Firecracker vsock Buffer Overflow Vulnerability in Versions 0.18.0 and 0.19.0 Unauthorized Disconnection of Clients on Cisco RV Routers NULL Pointer Dereference and Crash in res_pjsip_t38.c Directory Traversal Vulnerability in rack-cors Gem Quarantine Flaw in Adaware Antivirus Allows Privilege Escalation via NTFS Directory Junction Unauthorized Access to Syslog File in Cisco RV110W, RV130W, and RV215W Routers Unprotected API Allows Remote Control of Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb Pimcore Vulnerability: Lack of Access Denied Outcome for Incorrect Recipient ID in Notifications Script Execution in Email Log Preview Window in Pimcore before 6.3.0 Brute Force Vulnerability in Pimcore 2FA Token Username Enumeration Vulnerability in Pimcore before 6.2.2 Exposure of Private Information in AbuseFilter Extension for MediaWiki Shared AES Key Vulnerability in TeamViewer Desktop Partial Authentication Bypass Vulnerability on Mediatek MT7620N 1.06 Devices Unauthorized Access to Guest Network Device List in Cisco RV Routers Partial Authentication Bypass Vulnerability on Realtek RTL8812AR, RTL8196D, RTL8192ER, and RTL8881AN Devices Partial Authentication Bypass Vulnerability on Atheros AR9132, AR9283, and AR9285 Devices Cross-Site Scripting (XSS) Vulnerability in OpenWrt 18.06.4 Cross-Site Scripting (XSS) Vulnerability in OpenWrt 18.06.4 via New port forward Name Field Denial of Service Vulnerability in ABB PB610 Panel Builder 600 Denial of Service Vulnerability in ABB PB610 Panel Builder 600 HMISimulator Arbitrary DLL Execution Vulnerability in ABB PB610 Panel Builder 600 Path Traversal Vulnerability in ABB PB610 Panel Builder 600 HMISimulator Insufficient Access Control in ABB Asset Suite Web Interface Cisco IMC Web Server Denial of Service Vulnerability Improper Configuration of Cache-Control and Pragma Headers in ABB eSOMS 4.0 to 6.0.3 Missing X-Frame-Options Header in ABB eSOMS Versions 4.0 to 6.0.2 Allows ClickJacking Attacks Missing X-XSS-Protection Header in ABB eSOMS Versions 4.0 to 6.0.2 Increases Cross-Site Scripting Risk Missing HTTPOnly Flag in ABB eSOMS Versions 4.0 to 6.0.2 Allows Cross Site Scripting Integer Overflow in autotrace 0.31.1: Exploiting a BiWidth*biBitCnt Vulnerability Bitmap Double Free Vulnerability in autotrace 0.31.1 Incorrect Access Control in Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below Intelbras IWR 3000N 1.8.7 - Administrator Login Disclosure Vulnerability Vulnerability in Cisco Nexus 9000 Series ACI Mode Switch Software Allows for DoS and Arbitrary Code Execution Eval Injection Vulnerability in Limnoria and Supybot IRC Plugins NULL Pointer Dereference in GifIndexToTrueColor in MiniUPnP ngiflib 0.4 Integer Overflow in Oniguruma's search_in_range Function CSRF Vulnerability in Pagekit 1.0.17 Allows Arbitrary File Upload Privilege Escalation Vulnerability in TitanHQ WebTitan Unauthenticated Remote Database Access in TitanHQ WebTitan SQL Injection Vulnerability in TitanHQ WebTitan Administration Interface Hard-coded Root Password Vulnerability in TitanHQ WebTitan Database Configuration File Exposure in TitanHQ WebTitan Remote Code Execution Vulnerability in TitanHQ WebTitan Arbitrary Code Execution via Crafted Backup File Upload in TitanHQ WebTitan Hidden Support Account with Hard-Coded Password in TitanHQ WebTitan Insufficient Documentation of Search History in iTerm2 Allows for Sensitive Information Disclosure Privilege Escalation Vulnerability in VMware Harbor Container Registry for Pivotal Platform CSRF Vulnerability in Harbor Container Registry for Pivotal Platform SQL Injection in Harbor Container Registry for Pivotal Platform: Prior to 1.8.6 and 1.9.3 SQL Injection in Harbor Container Registry for Pivotal Platform: User-Groups Vulnerability XML Entity Expansion Vulnerability in Cisco Security Manager Resource Enumeration Vulnerability in Harbor Before 1.10.3 and 2.x Before 2.0.1 XML External Entity Injection in Easy XML Editor v1.7.8: Arbitrary File Read and DoS Vulnerability Arbitrary File Read Vulnerability in XMLBlueprint Jalios JCMS 10 Backdoor Account Vulnerability Unvalidated SCCM Database Username in Zoho ManageEngine Asset Explorer 6.5 Allows Arbitrary Command Execution Heap-Based Buffer Over-Read Vulnerability in jhead 3.03 NULL Pointer Dereference in btrfs_root_node in Linux Kernel NULL Pointer Dereference in ext4_empty_dir in Linux Kernel Potential Information Disclosure in btrfs_free_extent Function in Linux Kernel Cross-Site Request Forgery Vulnerability in Cisco IOS XE Software Web UI XSS Vulnerability in KairosDB 1.2.2: Exploiting showErrorMessage in view.html Arbitrary Code Execution via Modified Upgrade Packages in Xorux Lpar2RRD and Stor2RRD Memory Leak in i40e_setup_macvlans() Function in Linux Kernel (CVE-2020-12345) Memory leaks in v3d_submit_cl_ioctl() function in Linux kernel before 5.3.11 leading to denial of service Memory Leak in mlx5_fpga_conn_create_cq() Function in Linux Kernel Memory Leak Vulnerability in Linux Kernel's __ipmi_bmc_register() Function Memory Leak in mlx5_fw_fatal_reporter_dump() Function in Linux Kernel Memory Leak Vulnerability in crypto_reportstat() Function in Linux Kernel Memory Leak Vulnerability in unittest_data_add() Function in Linux Kernel Bypassing Content Filters in Cisco Email Security Appliance through GZIP Decompression Vulnerability Memory Leak Vulnerability in crypto_reportstat() Function in Linux Kernel Memory Leak in i2400m_op_rfkill_sw_toggle() Function in Linux Kernel Memory Leak Vulnerability in gs_can_open() Function in Linux Kernel Memory Leak Vulnerability in Linux Kernel's rpmsg_eptdev_write_iter() Function Memory Leak Vulnerability in cx23888_ir_probe() Function in Linux Kernel Memory Leak in nl80211_get_ftm_responder_stats() Function in Linux Kernel Memory Leak Vulnerability in mwifiex_pcie_alloc_cmdrsp_buf() Function Memory Leak Vulnerabilities in mwifiex_pcie_init_evt_ring() Function Memory Leak Vulnerability in alloc_sgtable() Function in Linux Kernel Memory leaks in iwl_pcie_ctxt_info_gen3_init() function in Linux kernel through 5.3.11 leading to denial of service Cisco Prime Infrastructure Virtual Domain Configuration Privilege Escalation Vulnerability Memory Leak Vulnerability in adis_update_scan_mode() Function in Linux Kernel Memory Leak Vulnerability in adis_update_scan_mode_burst() Function in Linux Kernel Memory Leak Vulnerability in crypto_report() Function in Linux Kernel (CVE-2020-12345) Memory leaks in rtl_usb_probe() function in Linux kernel through 5.3.11 leading to denial of service (CID-3f9361695113) Memory Leak Vulnerability in fsl_lpspi_probe() Function in Linux Kernel Memory Leak in sdma_init() Function in Linux Kernel (CVE-2020-12345) Memory Leak Vulnerability in Linux Kernel's bfad_im_get_stats() Function Memory Leaks in acp_hw_init() Function in Linux Kernel (CVE-2020-12345) Memory Leak Vulnerability in Linux Kernel's rtl8xxxu_submit_int_urb() Function Memory Leak Vulnerability in Linux Kernel's fastrpc_dma_buf_attach() Function Cisco IMC Web Server Vulnerability: Unauthorized Configuration Modification and Privilege Escalation Memory Leak Vulnerability in spi_gpio_probe() Function in Linux Kernel Memory Leak Vulnerability in rsi_send_beacon() Function in Linux Kernel Memory Leak Vulnerability in Linux Kernel's predicate_parse() Function (CID-96c5c6e6a5b6) Memory Leak Vulnerability in ath9k_htc_hst.c in Linux Kernel (CVE-2020-12345) Memory Leak Vulnerability in ath9k_wmi_cmd() Function in Linux Kernel (CVE-2020-12345) Memory Leak in ca8210_probe() Function in Linux Kernel Memory Leak in nfp_abm_u32_knode_replace() Function in Linux Kernel Memory Leak in bnxt_re_create_srq() Function in Linux Kernel (CVE-2020-12345) Memory Leak Vulnerability in ath10k_usb_hif_tx_sg() Function in Linux Kernel Memory Leak Vulnerability in qrtr_tun_write_iter() Function in Linux Kernel IPMI Implementation Vulnerability in Cisco IMC Allows Unauthorized Access to Sensitive System Information Memory leaks in nfp_flower_spawn_phy_reprs() function in Linux kernel before 5.3.4 leading to denial of service (CID-8572cea1461a) Memory Leak in nfp_flower_spawn_vnic_reprs() Function in Linux Kernel Memory Leak Vulnerability in AMD Display Drivers Memory Leak Vulnerability in *clock_source_create() Functions in AMD Display Drivers Octopus Deploy Package Upload Vulnerability Persistent XSS Vulnerability in Octopus Server 3.4.0 through 2019.10.5 Insecure Permissions in Gitlab Enterprise Edition (EE) before 12.5.1 Insecure Permissions in Gitlab Enterprise Edition (EE) before 12.5.1 Directory Traversal Vulnerability in Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 Missing X-Content-Type-Options Header in ABB eSOMS Versions 4.0 to 6.0.3 Allows Unauthorized Code Execution Cisco IOS XR Software BGP Denial of Service Vulnerability Unencrypted Cookie Information Vulnerability in ABB eSOMS Versions 4.0 to 6.0.2 Sensitive Information Leakage in ABB eSOMS Versions 4.0 to 6.0.3 via HTTPS Responses Unauthenticated Viewstate Tampering Vulnerability in ABB eSOMS Versions 4.0 to 6.0.3 Password Complexity Bypass in eSOMS Versions 4.0 to 6.0.3 SQL Injection Vulnerability in ABB eSOMS Versions 3.9 to 6.0.3 Stored Cross-Site Scripting Vulnerability in ABB eSOMS Versions 4.0 to 6.0.2 Clear Text Storage of Credentials in ABB eSOMS Redis Data Structure Component Medium Strength Cipher Vulnerability in ABB eSOMS Versions 4.0 to 6.0.3 Denial of Service (DoS) Vulnerability in Cisco IOS XR Software's IS-IS Routing Protocol Implementation Privilege Escalation Vulnerability in B&R Automation Studio Upgrade Service Unauthenticated MITM Attack Vulnerability in B&R Automation Studio Upgrade Service Zip Slip Vulnerability in B&R Automation Studio Upgrade Service Unauthenticated Access Control Vulnerability in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Plaintext Storage of Credentials in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Backup Function Access Control Bypass in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Plaintext Password Vulnerability in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway Authentication Bypass Vulnerability in B&R Automation Runtime SNMP Service CSRF Vulnerability in wpForo Plugin 1.6.5 for WordPress Vulnerability: Local Privilege Escalation in Cisco Unified Communications Domain Manager XSS Vulnerability in wpForo Plugin 1.6.5 for WordPress via wp-admin/admin.php?page=wpforo-phrases s Parameter XSS Vulnerability in wpForo Plugin 1.6.5 for WordPress XSS Vulnerability in wpForo Plugin 1.6.5 for WordPress via wpf-dw-td-value Class in dashboard.php SQL Injection Vulnerability in New Bee Mall Goods Mapper Nahimic APO Software Component Driver Privilege Escalation Vulnerability Command Injection Vulnerability in PHICOMM K2(PSG1218) V22.5.9.163 Unintended Model Editing Vulnerability in Django Admin Insufficient Access Control on Local Registry Keys in PRTG Allows Unauthorized Access to Administrative Credentials Arbitrary File Upload Vulnerability in Cisco Small Business 220 Series Smart Switches Bypassing ASLR in setuid programs through LD_PREFER_MAP_32BIT_EXEC vulnerability Unencrypted Communications Authentication Bypass Vulnerability in Tribal SITS:Vision 9.7.0 Remote Stored XSS Vulnerability in Afterlogic WebMail Pro 8.3.11 and Afterlogic Aurora 8.3.11 via Attachment Name Buffer Overflow Vulnerabilities in Cisco Small Business 220 Series Smart Switches Reflected XSS Vulnerability in CSS Hero Plugin for WordPress Unauthenticated XSS Vulnerability in Hero Maps Premium Plugin for WordPress Insufficient Random Number Generation in OPC UA .NET Standard Codebase Allows Credential Reuse Integrity Degradation Vulnerability in Ivanti Workspace Control Command Injection Vulnerability in Cisco Small Business 220 Series Smart Switches Remote Code Execution via Camera Upload in Plex Media Server Unauthenticated Firmware Replacement Vulnerability in Intelbras WRN240 Devices Unauthenticated Firmware Replacement Vulnerability in TP-LINK TL-WR849N 0.9.1 4.16 Devices Remote Command Execution Vulnerability in Tellabs Optical Line Terminal (OLT) 1150 Devices Cross-Site Request Forgery Vulnerability in Cisco Unified Communications Manager and Unity Connection Client-Session-ID Leakage Vulnerability Authenticated User Privilege Escalation in F5 BIG-IP, BIG-IQ, iWorkflow, and Enterprise Manager Vulnerability: Arbitrary Code Execution in Reportexpress ProPlus via VBscript Injection Insufficient Verification in CyMiInstaller322 ActiveX Allows Unauthorized DLL Downloads Code Execution Vulnerability in TOBESOFT XPLATFORM Versions 9.1 to 9.2.2 Firmware Vulnerability in COMMAX WallPad (CDP-1020MB) Allows Arbitrary Code Execution Remote Code Execution Vulnerability in Dext5 Upload ActiveX Control Remote Code Execution Vulnerability in Inogard Ebiz4u ActiveX Control (AxECM.cab) Unauthenticated DLL Loading Vulnerability in Tobesoft XPlatform v9.1-9.2.2 Arbitrary Code Execution Vulnerability in Tobesoft Nexacro v2019.9.25.1 and Earlier Versions Arbitrary File Download and Execution Vulnerability in Dext5.ocx ActiveX 5.0.0.116 and Earlier Versions Arbitrary File Download and Code Execution Vulnerability in Dext5.ocx ActiveX 5.0.0.116 and Earlier Versions Authentication Bypass Vulnerability in Cisco Vision Dynamic Signage Director REST API Cisco IOS XR Software IS-IS Routing Protocol Denial of Service Vulnerability Root Privilege Escalation Vulnerability in Cisco FindIT Network Management Software VM Images Privilege Escalation Vulnerability in Shibboleth Service Provider (SP) 3.x before 3.1.0 Vulnerability: Event Deadlock and Crash in STMicroelectronics BLE Stack for STM32WB5x Devices Denial of Service Vulnerability in Texas Instruments SIMPLELINK-CC2640R2-SDK and BLE-STACK Zero Long Term Key (LTK) Vulnerability in Telink Semiconductor BLE SDK Bluetooth Low Energy Implementation Vulnerability in Microchip Technology BluSDK Smart Buffer Overflow Vulnerability in Telink Semiconductor BLE SDK Privilege Escalation and Code Execution via IOCTL Handling in Kyrol Internet Security 9.0.6.9 Scoutnet Kalender Plugin 1.1.0 for WordPress XSS Vulnerability Insufficient Session Expiration in REDDOXX MailDepot 2032 SP2 2.2.1242 Denial of Service Vulnerability in Cisco IOS Access Points Software Authenticated User Mailbox Access Vulnerability in REDDOXX MailDepot 2032 2.2.1242 Privilege Escalation in Vtiger 7.x before 7.2.0 Heap-based Buffer Over-read in Oniguruma 6.x before 6.9.4_rc2 Heap-based Buffer Over-read in Oniguruma 6.x before 6.9.4_rc2 Stored XSS in Dolibarr CRM/ERP 10.0.3 via JavaScript execution in SVG profile picture SQL Injection Vulnerability in rConfig 3.9.2 via devices.php?searchColumn= Codiad Web IDE 2.8.4 - PHP Code Injection Vulnerability SQL Injection Vulnerability in Dolibarr ERP/CRM before 10.0.3 Bypassing Content Filters in Cisco Email Security Appliance Dolibarr ERP/CRM XSS Vulnerability in Uploaded HTML Documents Insufficient Filtering in Dolibarr ERP/CRM Leads to user/card.php XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in Dolibarr ERP/CRM 3.0 through 10.0.3 Buffer Overflow Vulnerability in BMC Control-M/Agent 7.0.00.000 with On-Do Action Destination as Mail Insecure File Copy Vulnerability in BMC Control-M/Agent 7.0.00.000 BMC Control-M/Agent 7.0.00.000 OS Command Injection Vulnerability Insecure Password Storage in BMC Control-M/Agent 7.0.00.000 Arbitrary File Download Vulnerability in BMC Control-M/Agent 7.0.00.000 Cisco SIP IP Phone Software Denial of Service Vulnerability OS Command Injection in BMC Control-M/Agent 7.0.00.000 Out-of-Bounds Read Vulnerability in Libarchive 3.4.0 Stored XSS Vulnerability in D-Link DSL-2680 Web Administration Interface (Firmware EU_1.03) Unauthenticated Reboot Vulnerability in D-Link DSL-2680 Router Unauthenticated Download of Configuration Settings in D-Link DSL-2680 Web Administration Interface Unauthenticated DNS Server Manipulation in D-Link DSL-2680 Web Administration Interface Unauthenticated Access Control Bypass in D-Link DSL-2680 Firmware EU_1.03 Potential NULL Pointer Dereference in AppleTalk Subsystem of Linux Kernel Authentication Bypass Vulnerability in Fronius Solar Inverter Devices Directory Traversal Vulnerability in Fronius Solar Inverter Devices Arbitrary Command Execution Vulnerability in Cisco Small Business SPA500 Series IP Phones Unsafe Deserialization Vulnerability in CA Release Automation (Nolio) 6.6 with DataManagement Component Insecure File Access Vulnerability in CA Client Automation Agent for Windows Impersonation of Nonexistent Users in Sudo Vulnerability: Impersonation of Blocked Users in Sudo Unsigned Code Execution Vulnerability in ASUS ATK Package Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows GoAhead Web Server Host Header Overflow Vulnerability Privilege Escalation via io_uring in Linux Kernel SQLite 3.30.1 Vulnerability: Mishandling of pExpr->y.pTab in sqlite3ExprCodeTarget Crash Vulnerability in SQLite 3.30.1 with DISTINCT, Window Functions, and ORDER BY Pre-Authentication SQL Injection Vulnerability in NAPC Xinet Elegant 6 Asset Library 6.1.655 Heap-Based Buffer Over-read in Oniguruma's str_lower_case_match Origin Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in Electronic Arts Origin (Issue 2 of 2) Invitations Mishandling in QueryTree before 3.0.99-beta Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows SQL Injection Vulnerability in OpenTrade (pre-2019-11-23) via server/modules/api/v1.js and server/utils.js Insecure Transmission of API Key in Last.fm Desktop App Unrestricted Write Access to vcsu Devices in Linux Kernel (CID-0c9acb1af77a) Incorrect Access Control in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.6 through 12.5 Incorrect Access Control in GitLab Enterprise Edition (EE) 12.3-12.5 Incorrect Access Control in GitLab Enterprise Edition (EE) 12.2 - 12.5 Incorrect Access Control in GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 Improper Access Control in GitLab Enterprise Edition (EE) 10.8 and later through 12.5 Insecure Direct Object Reference (IDOR) Vulnerability in GitLab Enterprise Edition (EE) 11.3 - 12.5 Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Incorrect Access Control in GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 SSRF Vulnerability in GitLab Enterprise Edition (EE) 6.7 and later through 12.5 Insecure Permissions in GitLab Enterprise Edition (EE) 11.9 and later through 12.5 Insecure Permissions in GitLab Enterprise Edition (EE) 8.2 and later through 12.5 Remote File Access Vulnerability in Simplifile RecordFusion Cross-Site Scripting (XSS) Vulnerability in IceWarp WebMail Server 12.2.0 and 12.1.x XSS Vulnerability in IceWarp WebMail Server's Object Notes NULL Pointer Dereference in ProFTPD TLS Certificate Validation Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Failure to Check CRL Entry Field Allows Revoked Certificates to Connect Improper CRL Verification in ProFTPD 1.3.6 NULL Pointer Dereference in tls_verify_crl Leads to Server Crash Arbitrary Memory Write Vulnerability in Samsung Exynos 8895 Chipset (SVE-2019-16265) Out-of-Bounds Read Vulnerability in typed_ast 1.3.0 and 1.3.1 Out-of-bounds read vulnerability in typed_ast 1.3.0 and 1.3.1 SNMP Service Crash Vulnerability in SIMATIC HMI Comfort Panels and KTP Mobile Panels SIPORT MP < 3.1.4 - Privilege Escalation Vulnerability Vulnerability: Unauthenticated Device Restoration in SINAMICS PERFECT HARMONY GH180 Drives Vulnerability in SIPROTEC 4 and SIPROTEC Compact Relays with EN100 Ethernet Communication Modules: Denial-of-Service via Crafted Packets Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Title: Denial-of-Service Vulnerability in SIMATIC ET 200SP Open Controller and SIMATIC S7-1500 CPUs Denial-of-Service Vulnerability in Multiple Siemens Products Information Disclosure Vulnerability in XHQ (All Versions < 6.1) Cross-Site Scripting (XSS) Vulnerability in XHQ (All Versions < 6.1) Web Interface XHQ Web Interface XSS Injection Vulnerability SQL Injection Vulnerability in XHQ Web Interface (All Versions < 6.1) File System Traversal Vulnerability in XHQ (All Versions < 6.1) Cross-Site Scripting (XSS) Vulnerability in XHQ Web Interface (All Versions < 6.1) Cross-Site Request Forgery (CSRF) Vulnerability in XHQ (All Versions < 6.1) Web Interface Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Control Center Server (CCS) Path Traversal Vulnerability Clear-text Storage of Login Credentials in SiVMS/SiNVR Video Server and Control Center Server SQL Injection Vulnerability in Control Center Server (CCS) (All versions < V1.5.0) Control Center Server (CCS) Reflected XSS Vulnerability Stored Cross-site Scripting (XSS) Vulnerabilities in Control Center Server (CCS) Web Interface Unlogged Security Activities in Control Center Server (CCS) SiNVR/SiVMS Video Server FTP Path Traversal Vulnerability Path Traversal Vulnerability in SiNVR/SiVMS Video Server (All versions < V5.0.0) Allows Unauthorized File Access Input Validation Vulnerability in SiNVR/SiVMS Video Server Allows Remote Denial-of-Service Attacks Weak Cryptography Vulnerability in SiNVR/SiVMS Video Server Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) RSS Dashboard Denial of Service Vulnerability in Development/Evaluation Kits for PROFINET IO and SIMATIC Controllers Denial of Service Vulnerability in VxWorks-based Profinet TCP Stack Zoho CRM Lead Magnet Plugin 1.6.9.1 for WordPress XSS Vulnerability Integer Overflow in parse_mqtt: Remote DoS and Out-of-Bounds Write Vulnerability in Cesanta Mongoose 6.16 NULL Pointer Dereference in text_to_glyphs function in gnome-font-viewer 3.34.0 Incorrect Access Control in GitLab Enterprise Edition (EE) 8.90 and later through 12.5 Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) RSS Dashboard GitLab Enterprise Edition (EE) 9.0 through 12.5 Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 Incorrect Access Control in GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6: Information Leakage in Private Project Forks Denial of Service Vulnerability in GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 Plaintext Token Storage Vulnerability in GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 Elevation of Privilege Vulnerability in Nalpeiron Licensing Service 7.3.4.0 Cleartext Transmission of Azure SAS Token and State Snapshot in Terraform Versions Prior to 0.12.17 Denial of Service and Potential Impact in SQLite 3.30.1 due to lookupName Vulnerability Double Mounting Vulnerability in Linux Kernel 5.3.11: rwsem_down_write_slowpath Use-After-Free Slab-out-of-bounds Write Access Vulnerability in Linux Kernel Arbitrary Code Execution Vulnerability in Cisco AMP for Endpoints for Windows Untrusted Accidental JWT Acceptance Vulnerability in Xmidt cjwt through 1.0.1 Reflected XSS Vulnerability in SilverStripe Forms HTTP Cache Poisoning Vulnerability in Silverstripe CMS HTML Injection in ResultView.js in Wikibase Wikidata Query Service GUI HTML Injection Vulnerability in Wikibase Wikidata Query Service GUI Arbitrary JavaScript Execution via Mathematical Expressions in Wikibase Wikidata Query Service GUI Bypassing Configured Filters in Cisco Email Security Appliance Intermediary Encapsulation Attacks in HAProxy HTTP/2 Implementation Denial of Service Vulnerability in Knot Resolver 4.3.0 and Earlier Versions Linux Kernel KVM Hypervisor Denial of Service Vulnerability Stack-based buffer overflow in libyang YANG file parsing with bits leaf type Stack-based buffer overflow in libyang before 1.0-r5 when parsing YANG files with identityref leaf type Insecure File Permissions in OpenShift 4.2 Installation Tool Cross-Site Scripting (XSS) Vulnerability in oVirt-engine's OAuth Authorization Endpoint Remote Denial of Service Vulnerability in Red Hat Ceph Storage 3 Vulnerability Title: Flaw in Linux Kernel Speculative Execution Handling on Cascade Lake CPUs Incomplete Fix for CVE-2018-12207: Privileged Guest User Can Induce Hardware Machine Check Error on Red Hat Enterprise Linux 8 Privilege Escalation Vulnerability in Cisco ASA Software RabbitMQ Management Interface Exposed in Ansible Tower World-readable files in Ansible Tower's backup directory pose a significant data exposure vulnerability Password Disclosure and Brute Force Vulnerability in Ansible Tower Memory Leak in Undertow's HttpOpenListener Leads to Denial of Service Use-After-Free Vulnerability in Samba Versions 4.9.x, 4.10.x, and 4.11.x Insecure Modification Vulnerability in openshift/mediawiki-apb Container Insecure Modification Vulnerability in openshift/mariadb-apb Container Insecure Modification Vulnerability in openshift/apb-base Container Insecure Modification Vulnerability in Operator-Metering Container Default Account Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Insecure Modification Vulnerability in openshift/ansible-service-broker Insecure Modification Vulnerability in openshift/jenkins Container Insecure Modification Vulnerability in operator-framework/presto Container Insecure Modification Vulnerability in operator-framework/hive Allows Privilege Escalation Insecure Modification Vulnerability in operator-framework/hadoop in Red Hat Openshift 4 Insecure Modification Vulnerability in openshift/ocp-release-operator-sdk Authenticated Remote Code Execution (RCE) as Root in Netis WF2419 Router Arbitrary Command Execution Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, UCS Director, and UCS Director Express for Big Data Memory Leakage Vulnerability in TeamViewer Chat Functionality Local Privilege Escalation Vulnerability in Ricoh Windows Printer Drivers DLL Hijacking Vulnerability in CatalystProductionSuite and CatalystBrowseSuite Installers Cross-Site Scripting (XSS) Vulnerability in FusionPBX 4.4.1 via redirect parameter in xml_cdr_search.php Arbitrary Web Script Injection Vulnerability in FusionPBX 4.4.1 Reflected Cross Site Scripting Vulnerability in Rumpus FTP Web File Manager 8.2.9.1 Login Page Session Token Bypass Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Mitel MiCollab Android App XSS Vulnerability Mitel MiCollab AWV Join Meeting Interface XSS Vulnerability rConfig Download File Path Traversal Vulnerability Arbitrary Unserialization and Remote Code Execution in Squiz Matrix CMS Arbitrary File Deletion Vulnerability in Squiz Matrix CMS File Upload Field Type CSRF Cookie Insecure Attribute Vulnerability in Octopus Deploy Authenticated User Denial of Service Vulnerability in Octopus Deploy Use-after-free vulnerability in btrfs_queue_work in Linux kernel 5.0.21 Slab-Out-of-Bounds Write Vulnerability in Btrfs Filesystem Mounting Bypassing Tagging Restrictions in MISP 2.4.118 Authentication Bypass Vulnerability in Cisco UCS Director and UCS Director Express for Big Data Reflected Cross Site Scripting (XSS) in Abacus OAuth Login 2019_01_r4_20191021_0000 Insecure Permissions on Max Secure Anti Virus Plus 19.0.4.020 Installation Directory Allows Privilege Escalation Post-Authentication Buffer Overflow in freeFTPd 1.0.8 via Crafted SIZE Command Arbitrary Web Script Injection Vulnerability in FusionPBX 4.4.1 Arbitrary Web Script Injection Vulnerability in FusionPBX 4.4.1 Arbitrary Web Script Injection Vulnerability in FusionPBX 4.4.1 Arbitrary Web Script Injection Vulnerability in FusionPBX 4.4.1 Arbitrary Code Injection via dialplan_uuid Parameter in FusionPBX 4.4.1 HTTP Response Splitting Vulnerability in JetBrains Ktor Framework (<=1.2.5) Arbitrary Command Execution Vulnerability in Cisco Webex Teams Client for Windows Multiple Reflected XSS Vulnerabilities in Matrix42 Workspace Management 9.1.2.2765 and below Type Confusion Vulnerability in LuaJIT's debug.getinfo Function Privilege Escalation: Unprivileged User Can Create Administrators in forDNN.UsersExportImport Module Persistent XSS Vulnerability in Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 Devices Cross-Site Scripting (XSS) Vulnerability in Northern.tech CFEngine Enterprise Kernel Crash Vulnerability in illumos Vulnerability in Huawei Products: Weak Algorithm Default Setting Leads to Information Leaks Insufficient Input Validation Vulnerability in M5 Lite 10 (Version 8.0.0.182(C00)) Unauthenticated Remote Read Access Vulnerability in Cisco Industrial Network Director Cisco Identity Services Engine (ISE) Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability Information Leakage Vulnerability in USG9500 with Multiple Versions Factory Reset Protection (FRP) Bypass Vulnerability in Huawei Smart Phones Integer Overflow Vulnerability in Huawei LDAP Client: Remote Crash Exploit Integer Overflow Vulnerability in Huawei LDAP Server: Remote Crash Exploit Huawei SIP Module Denial of Service (DoS) Vulnerability Huawei SIP Module Denial of Service (DoS) Vulnerability Huawei SIP Module Denial of Service (DoS) Vulnerability Arbitrary SQL Query Execution Vulnerability in Cisco ISE Sponsor Portal Open Redirect Vulnerability in Cisco Small Business Switches Software Privilege Escalation and Malicious Library Loading Vulnerabilities in Cisco ASA Smart Tunnel Functionality Information Leak Vulnerability in HUAWEI P30 Smartphones Use-after-free vulnerability in ext4_put_super in Linux kernel 5.0.21 Use-after-free vulnerability in try_merge_free_space in btrfs filesystem Slab-out-of-bounds Read Access Vulnerability in f2fs_build_segment_manager Privilege Escalation and Malicious Library Loading Vulnerabilities in Cisco ASA Smart Tunnel Functionality Remote Code Execution in ReportLab's Paraparser Endless Loop Vulnerability in GNOME Dia Thumbnailer Service Buffer Overflow Vulnerability in Patriot Viper RGB (Version 1.1) Allows Privilege Escalation XSS Vulnerability in Wowza Streaming Engine Proxy License Editing Arbitrary File Download Vulnerability in Wowza Streaming Engine <= 4.x.x Insecure Permissions Vulnerability in Wowza Streaming Engine Reflected XSS Vulnerability in Wowza Streaming Engine <= 4.x.x Cross-Site Scripting (XSS) Vulnerability in SALTO ProAccess SPACE 5.4.3.0 Directory Traversal Vulnerability in SALTO ProAccess SPACE 5.4.3.0 Data Export Feature Arbitrary File Write Vulnerability in SALTO ProAccess SPACE 5.4.3.0 Authentication Bypass Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Web Interface Privilege Escalation in SALTO ProAccess SPACE 5.4.3.0 Post-authentication Stored XSS in Team Password Manager Denial of Service Vulnerability in Linux Kernel's relay_open Function Unencrypted Update Check in Anhui Huami Mi Fit Application for Android (Version < 4.0.11) Unencrypted Analytics in CBC Gem Application Cross-Site Scripting (XSS) Vulnerability in SCEditor 2.1.3 Arbitrary Code Execution Vulnerability in Free Photo Viewer 1.3 CSRF Vulnerability in Zmanda Management Console 3.3.9 Allows Command Injection with Shell Metacharacters Denial of Service (DoS) Vulnerability in Cisco Email Security Appliance Privilege Escalation via .NET Deserialization in TinyWall Named Pipe Message Processing Privilege Escalation Vulnerability in ManageEngine Applications Manager 14 Incorrect Read Operation in OpenSC's SETCOS File Attribute Parsing Unauthenticated Remote Attackers Can Gain Unauthorized Read Access to Sensitive Data in Cisco Webex Meetings Mobile (iOS) Due to Insufficient SSL Certificate Validation Incorrect Free Operation in sc_pkcs15_decode_prkdf_entry Buffer Limit Mishandling in libopensc/card-cac1.c for CAC Certificates Open Redirect Vulnerability in Centreon Login Page (Versions 19.04.4 and below) Local File Inclusion Vulnerability in minPlayCommand.php in Centreon (19.04.4 and below) Command Injection in minPlayCommand.php in Centreon (19.04.4 and below): Achieving Command Injection via Plugin Test Buffer Overflow Vulnerability in SMPlayer 19.5.0 via Long .m3u File Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center Weak Permissions in LiteManager 4.5.0: Everyone has Full Control in LiteManagerFree - Server Folder Cross-Site Scripting (XSS) Vulnerabilities in TestLink 1.9.19 Default Password Vulnerability in FreeSWITCH 1.6.10 through 1.10.1 Inconsistent Content-Type Header and File Extension in Kentico before 12.0.50 Allows XSS via File Uploads Buffer Overflow Vulnerability in Broadcom-based Cable Modems: Remote Code Execution via JavaScript Vulnerability: DNS Rebinding Exploit Enables Remote Access to Technicolor TC7230 Cable Modem Stored XSS Vulnerability in Alfresco Enterprise before 5.2.5 via Uploaded HTML Document XSS Vulnerability in MDaemon Email Server 17.5.1 via Attachment Filename Arbitrary File Read Vulnerability in Grafana <= 6.4.3 Default Credentials Vulnerability in Cisco IOS XE SD-WAN Software Stored XSS Vulnerability in Matrix42 Workspace Management 9.1.2.2765 and Below via Unfiltered Description Parameters Local Privilege Escalation Vulnerability in VeraCrypt 1.24 Arbitrary PHP Code Execution Vulnerability in Image Uploader and Browser for CKEditor Stack-based buffer overflow vulnerability in Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 Tenda PA6 Wi-Fi Powerline Extender 1.0.1.21 Denial of Service Vulnerability Bypassing Type Detection in jpv (aka Json Pattern Validator) 2.1.1 and Earlier Command Execution Vulnerability in rConfig 3.9.3 Bypassing L3 and L4 Traffic Filters in Cisco SD-WAN Solution Out of Bounds Write Vulnerability in BASSMIDI Plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows Stored XSS Vulnerability in Ayision Ays-WR01 v28K.RPT.20161224 Devices via SSID Stored XSS Vulnerability in Ayision Ays-WR01 v28K.RPT.20161224 Wireless Settings CSRF Vulnerability in Intelbras WRN 150 1.0.18 Devices Allows Unauthorized Password Change CSRF Vulnerability in Intelbras RF1200 1.1.3 Devices Allows Bypass of Login.html Form Unauthenticated Remote Command Execution in CA Automic Sysload Vulnerability in OpenBSD 6.6: Logic Error in su/su.c Allows Local Users to Achieve Any Login Class Directory Traversal Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) CLI Privilege Escalation via xlock in OpenBSD 6.6 Authentication Bypass Vulnerability in OpenBSD 6.6 libc Privilege Escalation via S/Key or YubiKey Authentication in OpenBSD 6.6 Use-after-free vulnerability in Linux kernel drivers/usb/misc/adutux.c driver (CID-44efc269db79) Use-after-free vulnerability in Linux kernel drivers/input/ff-memless.c (CID-fa3a5a1880c9) Use-after-free vulnerability in Linux kernel drivers/net/ieee802154/atusb.c Use-after-free vulnerability in Linux kernel USB driver (drivers/nfc/pn533/usb.c) prior to 5.3.9 (CID-6af3aa57a098) Use-after-free vulnerability in Linux kernel before 5.2.10 in drivers/hid/usbhid/hiddev.c driver Use-after-free vulnerability in Linux kernel USB driver (drivers/usb/misc/iowarrior.c) prior to 5.3.7 (CID-edc4746f253d) Use-after-free vulnerability in Linux kernel before 5.3.11 in drivers/net/can/usb/mcba_usb.c driver Clear Text Password Exposure Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Web Portal Use-after-free vulnerability in Linux kernel before 5.2.10 in drivers/usb/class/cdc-acm.c driver Use-after-free vulnerability in Linux kernel before 5.2.9 in drivers/usb/misc/yurex.c driver Out-of-Bounds Write Vulnerabilities in Linux Kernel HID Drivers USB Device Info-Leak Vulnerability in Linux Kernel (CVE-2020-12345) USB Device Info-Leak Vulnerability in Linux Kernel (CID-f7a1337f0d29) Info-leak vulnerability in Linux kernel's PCAN USB FD driver (CID-30a8beeb3042) USB Device Info-Leak Vulnerability in Linux Kernel (CID-ead16e53c2f0) Race condition vulnerability in Linux kernel USB character device driver (CID-303911cfc5b9) Remote Command Execution Vulnerability in Sangoma FreePBX and sysadmin Modules: Privilege Escalation Password Disclosure Vulnerability in Idelji Web ViewPoint Cisco Webex Meetings Server Software: Unauthenticated Remote Redirect Vulnerability Reflected XSS Vulnerability in ListingPro WordPress Theme (v2.0.14.2 and earlier) via Homepage What Field Persistent XSS Vulnerability in ListingPro WordPress Theme Persistent XSS Vulnerability in ListingPro WordPress Theme Use-after-free vulnerability in serial_ir_init_module() in Linux kernel before 5.1.6 Privilege Escalation Vulnerability in CA Automic Dollar Universe 5.3.3 Cross-Origin Resource Sharing (CORS) Vulnerability in Norton Password Manager Unintentional Information Disclosure Vulnerability in Norton Password Manager Cross-Site Scripting (XSS) Vulnerability in Symantec Endpoint Detection and Response (SEDR) Privilege Escalation Vulnerability in Norton Power Eraser (CVE-2021-XXXX) Cisco Email Security Appliance SPF Bypass Vulnerability Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37: Unauthorized Access to Sensitive User Information Cross-Site Scripting (XSS) Vulnerability in Sangoma FreePBX User Management Screen Cross-Site Scripting (XSS) Vulnerability in Sangoma FreePBX User Management Screen Vulnerability: Crash in Wireshark CMS Dissector Stack-based Buffer Overflow in read_textobject() Function in Xfig fig2dev 3.2.7b Authentication Bypass Vulnerability in Mercedes-Benz HERMES 1 Debug Interface Debug Interface Misconfiguration in Mercedes-Benz HERMES 1: Exposing Cellular Modem Information Cross-Site Scripting (XSS) Vulnerability in Cisco SPA112 2-Port Phone Adapter Authentication Bypass Vulnerability in Mercedes-Benz HERMES 1.5 Debug Interface Debug Interface Misconfiguration in Mercedes-Benz HERMES 1.5 Exposes Cellular Modem Information Authentication Bypass Vulnerability in Mercedes-Benz HERMES 2.1 Debug Interface Debug Interface Misconfiguration in Mercedes-Benz HERMES 2.1 Exposes Cellular Modem Information Cisco IoT Field Network Director Web Interface Denial of Service Vulnerability Missing .phar Extension Check in class.upload.php Xen AMD HVM Guest OS Privilege Escalation and Denial of Service Vulnerability Denial of Service Vulnerability in Xen through 4.12.x via Degenerate Chains of Linear Pagetables Incomplete Fix for CVE-2019-18424 Allows Privilege Escalation via DMA in Xen Cross-Site Request Forgery (CSRF) Vulnerability in Cisco HyperFlex Software Privilege Escalation Vulnerability in Xen PV Guests (XSA-299) Denial of Service Vulnerability in Xen for 32-bit Arm Systems Denial of Service Vulnerability in Xen Hypervisor due to Mishandling of Bit Iteration Denial of Service Vulnerability in Xen through 4.12.x for x86 HVM/PVH Guests Privilege Escalation Vulnerability in rConfig 3.9.3 Reflected XSS vulnerability in WSO2 Enterprise Integrator 6.5.0 Management Console Infinite Loop Vulnerability in Python Validators Package (CVE-2021-12345) Lever PDF Embedder Plugin 4.4 for WordPress Allows Distribution of Polyglot PDF Documents Arbitrary File Read Vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) Integer Overflow leading to Use-After-Free vulnerability in radare2 through 4.0 Stored Cross-Site Scripting Vulnerability in Jama Connect 8.44.0 Arbitrary Code Execution via File Upload in RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 Arbitrary Code Execution via File Upload in RESET.PRO Adobe Stock API Integration 4.8 for PrestaShop Local File XSS Vulnerability in GitBook (Version 2.6.9) Arbitrary Remote Code Execution in D-Link DAP-1860 Devices Unauthenticated Access to Administrator Functions in D-Link DAP-1860 Devices Arbitrary File Read Vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) Buffer Overflow Vulnerability in OpenDetex 2.8.5: Incorrect sprintf in TexOpen in detex.l Memory Corruption Vulnerability in Linux Kernel (CVE-2020-8835) SQLite 3.30.1 VIEW SELECT Statement Vulnerability Arbitrary Command Execution Vulnerability in Git Submodule Update Arbitrary Memory Write Vulnerability in X-Plane 11.41 Arbitrary File Access and Command Execution Vulnerability in X-Plane before 11.41 SQL Injection Vulnerability in Mitel MiCollab AWV Mitel MiCollab AWV Web Conferencing SQL Injection Vulnerability Remote Code Execution in Strapi Admin Panel Plugin Installation and Uninstallation Arbitrary File Read Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Session Fixation Vulnerability in Halvotec RaQuest 10.23.10801.0 User Enumeration and Session Cookie Exposure in Halvotec RaQuest 10.23.10801.0 Stored Cross-site Scripting (XSS) Vulnerability in Halvotec RaQuest 10.23.10801.0 Open Redirect Vulnerability in Halvotec RaQuest 10.23.10801.0 Wildcard Injection Vulnerability in Halvotec RAQuest 10.23.10801.0 XSS Vulnerabilities in FreePBX Backup & Restore Module Arbitrary File Download Vulnerability in Xtivia Web Time and Expense Interface for Microsoft Dynamics NAV Unescaped Git Information Vulnerability in phpMyAdmin Untrusted Markdown Content Vulnerability in Documize before 3.5.1 Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability Bypassing Telemetry Alerts by Removing NT AUTHORITY\SYSTEM Permissions in SecureWorks Red Cloak Windows Agent Out-of-Bounds Read Vulnerability in OpenCV's dis_flow.cpp Default Configuration Leak in SROS 2 0.8.1: Exposing Node Information Information Leakage Vulnerability in SROS 2 0.8.1 Insufficient Parameter Sanitization in GitLab EE Maven Package Registry: Privilege Escalation and Remote Code Execution Vulnerabilities Disclosure of Private Code via Group Search API in GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8 Denial of Service Vulnerability in Cisco FXOS and NX-OS Software's SNMP Input Packet Processor Stack-based Buffer Overflow in HTMLDOC 1.9.7's hd_strlcpy() Function Session Cookie Exposure Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Big Switch Products Arbitrary File Upload Vulnerability in class.upload.php Heap-based Buffer Overflow in libsixel's sixel_decode_raw_impl function Integer Overflow in sixel_encode_body function in libsixel 1.8.2 Integer Overflow in sixel_decode_raw_impl function Heap-based Buffer Overflow in libsixel's load_pnm Function IPv6 Traffic Processing Vulnerability in Cisco NX-OS Software Command Injection Vulnerability in SuperMicro X8STi-F Motherboards with IPMI Firmware 2.06 and BIOS 02.68 Denial of Service Vulnerability in ISE Smart Connect KNX Vaillant 1.2.839 Infinite Recursion Vulnerability in SQLite ALTER TABLE Statements SQLite Integrity Check PRAGMA Command Vulnerability Arbitrary Write Vulnerability in radare2 through 4.0.0 Out-of-Bounds Memory Access Vulnerability in YARA 3.11.0 Remote Unauthenticated SQL Injection in Zoho ManageEngine Applications Manager Cisco NX-OS Software Virtual Shell (VSH) Session Management Denial of Service Vulnerability Remote Authenticated SQL Injection in Zoho ManageEngine Applications Manager CSRF Vulnerability in Rumpus FTP Server 8.2.9.1's Web File Manager Edit Accounts Functionality Elevated Privileges Vulnerability in Cisco UCS Fabric Interconnect Software CSRF Vulnerability in Rumpus FTP Server 8.2.9.1's Web File Manager Network Setting Functionality Cookie-based Reflected XSS Vulnerability in Rumpus FTP Server 8.2.9.1 Web File Manager CSRF Vulnerability in Rumpus FTP Server 8.2.9.1's Web File Manager Allows Unauthorized Account Manipulation CSRF Vulnerability in Rumpus FTP 8.2.9.1 Allows Unauthorized Folder Creation and Deletion CSRF Vulnerability in Rumpus FTP 8.2.9.1 Web File Manager's Web Settings CSRF Vulnerability in Rumpus FTP 8.2.9.1 Web File Manager FTP Settings CSRF Vulnerability in Rumpus FTP 8.2.9.1 Event Notices Settings CSRF Vulnerability in Rumpus FTP 8.2.9.1 Web File Manager's Block Clients Component CSRF Vulnerability in Rumpus FTP 8.2.9.1 Web File Manager's File Types Component CSRF Vulnerability in Rumpus FTP 8.2.9.1 Upload Center Forms Component Cisco NX-OS Software Network Time Protocol (NTP) Denial of Service Vulnerability HTTP Response Splitting Vulnerability in Rumpus FTP Server 8.2.9.1 Web Settings Component Bypassing Managed Application Security in Ivanti Workspace Control CSV Injection in arxes-tolina 3.0.0: Remote Control Exploit via Malicious CSV File User Enumeration Vulnerability in arxes-tolina 3.0.0 Cross-Site Scripting (XSS) Vulnerability in Xray Test Management for Jira prior to version 3.5.5 Cross-Site Scripting (XSS) Vulnerability in Xray Test Management for Jira prior to version 3.5.5 NX-API Denial of Service Vulnerability File-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD) allows bypassing of protection mechanisms through malformed multipart email Remote Code Execution Vulnerability in Pandora FMS 7.x XSS Vulnerability in nopCommerce Admin News and Blog Controllers Path Traversal Vulnerability in RoxyFileman of nopCommerce v4.2.0 Privilege Escalation via Crafted Facebook Auth Plugin Upload in nopCommerce v4.2.0 CSRF Vulnerability in RoxyFileman of nopCommerce v4.2.0 Data Leakage in OpenStack Keystone 15.0.0 and 16.0.0: Unauthorized Access to Credentials API Privilege Escalation Vulnerability in Trend Micro HouseCall for Home Networks (Versions Below 5.3.0.1063) DLL Hijack Vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) SNMP ACL Length Check Vulnerability in Cisco NX-OS Software Bypassing App Password Protection in Trend Micro Mobile Security for Android Vulnerability in Trend Micro Apex One and OfficeScan XG Allows Exposure of Masked Credential Key Cross-Site Scripting (XSS) Vulnerability in Trend Micro Apex One (2019) Product Console Vulnerability in Trend Micro Security 2020 Allows Local Attackers to Disclose Sensitive Information or Cause Denial-of-Service Denial of Service Vulnerability in Trend Micro Security 2019 (15.0.0.1163 and below) Privilege Escalation Vulnerability in Trend Micro Antivirus for Mac 2019: Symbolic Link Attack RootCA Vulnerability in Trend Micro Password Manager: Unauthorized Access to localhost.key Arbitrary Code Execution Vulnerability in Trend Micro Security 2019 (v15) Products NULL Pointer Dereference in wav_content_read() at libwav.c Authenticated Remote Code Execution in Centreon Infrastructure Monitoring Software via Pollers Misconfiguration Bypassing File Policies in Cisco Firepower Threat Defense Software XML External Entity Injection (XXE) Vulnerability in modoboa-dmarc Plugin 1.1.0 HTTP Authorization Header Data Resending Vulnerability in Ktor 1.2.6 Incorrect User Matching Algorithm in JetBrains Upsource: A Potential Information Disclosure Vulnerability DLL Preloading Vulnerability in Realtek Audio Drivers for Windows Denial of Service Vulnerability in Moxa EDS-G508E, EDS-G512E, and EDS-G516E Devices via PROFINET DCE-RPC Endpoint Discovery Packets XSS Vulnerability in VisualEditor Extension for MediaWiki Arbitrary Title Bypass Vulnerability in MediaWiki Command Injection Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Web Portal Insecure Permissions Vulnerability in Contao 4.0 through 4.8.5 Improper Encoding or Escaping of Output in Contao 4.8.4 and 4.8.5 Login Module Cross-Site Scripting (XSS) Vulnerability in Tableau Server 10.3 through 2019.4 Privilege Escalation Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) CLI Heap-Based Buffer Overflow in Yabasic 2.86.1 via Crafted BASIC Source File Off-by-one Error in DecodeBlock Function in VLC Media Player Allows Remote Memory Corruption NULL Pointer Dereference Vulnerability in Dovecot Push-Notification Driver Insecure Permissions on Newly Created Singularity Directory: Potential Information Leak and Malicious Redirection Double Free Vulnerability in sysstat through 12.2.0 Local Privilege Escalation via LD_LIBRARY_PATH in OpenBSD Weak Permissions in SchedMD Slurm's slurmdbd.conf File Privilege Escalation in SchedMD Slurm BSON ObjectID Package 1.3.0 for Node.js Allows Malformed ObjectID Generation Cross-Site Scripting (XSS) Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Web Portal Framework Path Traversal Vulnerability in Roxy Fileman 1.4.5 for .NET Allows Arbitrary File Write and Code Execution SQL Injection in MFScripts YetiShare 3.5.2 through 4.5.3 via translation_manage_text.ajax.php and *_manage.ajax.php Cross-Site Scripting (XSS) vulnerability in get_all_file_server_paths.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 SQL Injection in _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 Insecure Password Reset Hash Generation in MFScripts YetiShare Session Cookie HttpOnly Flag Not Set in MFScripts YetiShare Cross-Site Request Forgery Vulnerability in MFScripts YetiShare 3.5.2 through 4.5.3 Cross-Site Scripting (XSS) Vulnerability in MFScripts YetiShare 3.5.2 through 4.5.3 Session Cookie Insecurity in MFScripts YetiShare 3.5.2 through 4.5.3 Authentication Bypass Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data SQL Injection Vulnerability in Octeth Oempro 4.7 and 4.8: Campaign.Get CampaignID Parameter Origin 10.5.55.33574 Local Privilege Escalation Vulnerability Blind XSS Vulnerability in D-Link DIR-615 User Account Configuration Page Unauthorized Root User Creation Vulnerability on D-Link DIR-615 Devices Local File Inclusion Vulnerability in Contao Form Generator Integer Overflow and Out-of-Bounds Write Vulnerability in Xfig fig2dev 3.2.7b's make_arrow Function Authentication Bypass Vulnerability in NeuVector 3.1 Cross-Site Scripting (XSS) Vulnerability in Work Time Calendar App for Jira Cisco HyperFlex Software: Cross-Frame Scripting Vulnerability Lack of Unique SSH Key in minerstat msOS before 2019-10-23 Clear text storage of Windows OS credentials in LXCA version 2.6.0 during Windows driver updates DOM-based Cross-Site Scripting Vulnerability in Lenovo XClarity Administrator (LXCA) Versions Prior to 2.6.6 Unauthenticated Remote Redirect Vulnerability in Lenovo EZ Media & Backup Center Improper Access Restrictions in Cisco Industrial Network Director (IND) Allow Unauthorized Access to Sensitive Information Critical Vulnerability: Unwanted KDF in Bitwarden Server 1.32.0 Use-after-free vulnerability in ext4_expand_extra_isize in Linux kernel before 5.4.2 Use-after-free vulnerability in __blk_add_trace function in Linux kernel 5.4.0-rc2 Use-after-free vulnerability in perf_trace_lock_acquire function in Linux kernel 5.3.10 Denial of Service Vulnerability in Cisco Nexus 9000 Series Switches Use-after-free vulnerability in debugfs_remove function in Linux kernel 4.19.83 Lodahs Package 0.0.1: Trojan Horse Targeting Cryptocurrency Wallets Reflected XSS Vulnerability in Lexmark Embedded Web Server Stored XSS Vulnerability in Lexmark Embedded Web Server Credential Data Bypass Vulnerability in Zoho ManageEngine EventLog Analyzer 10.0 SP1 Open Redirect Vulnerability in Zulip Server Image Thumbnailing Handler Heap-Based Buffer Over-Read in stb_image.h (Version 2.23) Heap-based Buffer Over-read in libsixel's load_sixel function Stream Reassembly Bypass Vulnerability in Cisco Firepower Software Directory Traversal Vulnerability in Citrix Application Delivery Controller (ADC) and Gateway Buffer Overflow Vulnerability in AceaXe Plus 1.0 FTP Client Privilege Escalation via Sieve Script in Cyrus IMAP Stack-Based Buffer Overflow in ATasm 1.06's to_comma() Function via Crafted .m65 File Stack-Based Buffer Overflow in ATasm 1.06 via Crafted .m65 File Stack-Based Buffer Overflow in ATasm 1.06 via Crafted .m65 File Sandboxed Cross-Origin Iframe Bypass Vulnerability in Opera for Android NULL Pointer Dereference Vulnerability in CODESYS SP Realtime NT, CODESYS Runtime Toolkit 32 bit full, and CODESYS PLCWinNT Path Traversal Vulnerability in RadChart in Telerik UI for ASP.NET AJAX Improper Access Restriction in LemonLDAP::NG Apache Configuration Privilege Escalation via File Appending in ESET Cyber Security for macOS Privilege Escalation Vulnerability in Cyxtera AppGate SDP Client Predictable TXID Generation in miekg Go DNS Package Heap-Based Buffer Overflow in Samurai 0.7 via Crafted Build File Heap-Based Buffer Overflow in Yabasic 2.86.2 via Crafted BASIC Source File Out-of-Bounds Write Vulnerability in Xfig fig2dev 3.2.7b's read_colordef Function Remote Unauthenticated Information Disclosure in Zoho ManageEngine Applications Manager Bypassing Filtering Protections in Cisco Firepower Software Information Disclosure Vulnerability in Zoho ManageEngine Applications Manager 14 Unprivileged Authenticated User Backup Vulnerability in Gallagher Command Centre Server Unauthenticated User Can View Replicated Data in Gallagher Command Centre Server Account Enumeration Vulnerability in MFScripts YetiShare Account Enumeration Vulnerability in MFScripts YetiShare Use-after-free vulnerability in Linux kernel before 5.3.11 due to erroneous code refactoring in sound/core/timer.c (CID-e7af6307a8a5) Insufficient Normalization Vulnerability in Cisco Firepower Software Java Deserialization Vulnerability in Zoom Call Recording 6.3.1 from Eleveo Use-after-free vulnerability in Linux kernel 5.0.21 through crafted btrfs filesystem image Slab-Out-of-Bounds Write Access in Linux Kernel 5.0.21 when Mounting Crafted f2fs Filesystem Image Vulnerability: NULL Pointer Dereference in f2fs_recover_fsync_data in Linux Kernel 5.0.21 Slab-out-of-bounds Write Access Vulnerability in Btrfs Filesystem Image Mounting Out-of-Bounds Read Vulnerability in Nitro Free PDF Reader 12.0.0.112 Out-of-Bounds Read Vulnerability in Nitro Free PDF Reader 12.0.0.112 NULL Pointer Dereference Vulnerability in Nitro Free PDF Reader 12.0.0.112 Vulnerability: Bypassing Filtering Protections in Cisco Firepower Software Invalid Pointer Vulnerability in Kyrol Internet Security 9.0.6.9's kyrld.sys Driver Allows Privilege Escalation and Code Execution Post-Authentication Privilege Escalation in Combodo iTop Web Application Remote Retrieval of Configuration and Sensitive Data in TOTOLINK, Rutek, Sapido, CIK TELECOM, KCTVJEJU, Fibergate, Hi-Wifi, HCN, T-broad, Coship, and IO-Data Routers Cleartext Administrative Password Storage Vulnerability in Multiple Router Models Arbitrary OS Command Execution Vulnerability in TOTOLINK Realtek SDK Based Routers CAPTCHA Bypass Vulnerability in TOTOLINK Realtek SDK Based Routers Insecure Unserialize Calls in Views Dynamic Fields Module for Drupal Cross-Site Scripting (XSS) Vulnerability in SolarWinds Serv-U FTP Server 15.1.7 (Email Parameter) Denial of Service Vulnerability in Cisco Email Security Appliance and Content Security Management Appliance Remote Code Injection in SPIP 3.2.x before 3.2.7 CSRF Vulnerability in Xerox AltaLink C8035 Printers: Unauthorized User Addition via xerox.set URI CSRF Vulnerability in Tautulli 2.1.9 Allows Remote Shutdown of Media Server Directory Traversal Vulnerability in Ruckus Wireless Unleashed CLI Remote Denial of Service Vulnerability in Ruckus Wireless Unleashed through 200.7.10.102.64 via SSRF in AjaxRestrictedCmdStat Remote Code Execution Vulnerability in Ruckus Wireless Unleashed through 200.7.10.102.64 via AjaxRestrictedCmdStat Remote Information Disclosure in Ruckus Wireless Unleashed Web Interface Remote Command Execution in Ruckus Wireless Unleashed through 200.7.10.102.64 via admin/_cmdstat.jsp Command Execution Vulnerability in Ruckus Wireless Unleashed through 200.7.10.102.64 Vulnerability: Arbitrary File Overwrite in Cisco NFVIS Remote Code Execution Vulnerability in Ruckus Unleashed through 200.7.10.102.64 Command Execution Vulnerability in Ruckus Wireless Unleashed through 200.7.10.102.64 Command Execution Vulnerability in Ruckus Wireless Unleashed through 200.7.10.102.64 Remote Credential Fetch Vulnerability in Ruckus Wireless Unleashed Web Interface Account Takeover Vulnerability in Django Path Disclosure Vulnerability in Joomla! before 3.9.14 SQL Injection Vulnerability in Joomla! before 3.9.14 Stack-Based Buffer Overflow in Libspiro's spiro_to_bpath0() Function Directory Traversal Vulnerability in TYPO3 Extension Manager Insecure Deserialization Vulnerability in TYPO3 QueryGenerator and QueryView Untrusted Spell Checker Permissions Bypass Vulnerability SQL Injection Vulnerability in TYPO3 QueryGenerator XSS Injection Vulnerability in Sangoma FreePBX and PBXact Superfecta Module XSS Injection Vulnerability in Sangoma FreePBX and PBXact CSRF Vulnerability in Serpico 1.3.0 Allows Privilege Escalation Stored XSS Vulnerability in Serpico 1.3.0 via admin/list_user Endpoint Stored XSS Vulnerability in Serpico 1.3.0 via User Type Parameter Insecure Password Change Functionality in Serpico 1.3.0 Stored XSS Vulnerability in Serpico 1.3.0 via admin/add_user/UID Endpoint Unrestricted Data Input Vulnerability in Serpico 1.3.0 Out of Bounds Write Vulnerability in SkSwizzler::onSetSampleX of SkSwizzler.cpp Stored XSS Vulnerability in Atos Unify OpenScape UC Application V9 and V10 Information Disclosure Vulnerability in Atos Unify OpenScape UC Web Client Unencrypted PV Modification Vulnerability in B&R Industrial Automation APROL Out of Bounds Write Vulnerability in SkSwizzler.cpp (Android) Arbitrary Command Execution Vulnerability in B&R Industrial Automation APROL Authentication Bypass Vulnerability in B&R Industrial Automation APROL Arbitrary Command Execution Vulnerability in B&R Industrial Automation APROL Arbitrary Command Injection via AprolCluster Script in B&R Industrial Automation APROL SQL Injection Vulnerability in B&R Industrial Automation APROL EnMon PHP Script Directory Traversal Vulnerability in B&R Industrial Automation APROL before R4.2 V7.08 Authentication Bypass Vulnerability in B&R Industrial Automation APROL Incorrect Parsing of Negation in HashiCorp Sentinel Policy Expressions (CVE-2021-12345) Out-of-bounds Write Vulnerability in SkSwizzler.cpp (Android) Invalid Pointer Dereference in SQLite 3.30.1 due to Mishandling of Constant Integer Values in ORDER BY Clauses Vulnerability: Privilege Escalation in Shadow 4.8 Unauthorized Access to Configuration Data in Bender COMTRAXX Devices Denial of Service Vulnerability in Trustwave ModSecurity 3.0.0 - 3.0.3 NULL Pointer Dereference in bitstr_tell function in ffjpeg Divide-by-Zero Error in jfif_decode Function of ffjpeg Credential Exposure in Humax Wireless Voice Gateway HGB10R-2 Backup File Out-of-bounds Write Vulnerability in ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c Clear-text Transmission of Admin Credentials in Humax Wireless Voice Gateway HGB10R-2 Mitel SIP-DECT Wireless Devices Encryption Key Vulnerability: Enabling Man-in-the-Middle Attacks Directory Traversal Vulnerability in IXP EasyInstall 6.2.13723 Allows Unauthenticated Remote Filesystem Access IXP EasyInstall 6.2.13723 Vulnerability: Unauthorized UAC Disabling via Agent Service Lateral Movement Vulnerability in IXP EasyInstall 6.2.13723 Remote Code Execution via Weak Permissions on IXP EasyInstall 6.2.13723 Engine Service Share Remote Code Execution via Agent Service in IXP EasyInstall 6.2.13723 Cleartext Credentials Vulnerability in IXP EasyInstall 6.2.13723 Vulnerability: Bypassing Protection Mechanism in Pebble Templates 3.1.2 Out-of-bounds Write Vulnerability in ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c Cross-Site Scripting (XSS) Vulnerability in Backdrop CMS Cross-Site Scripting (XSS) Vulnerability in Backdrop CMS Arbitrary Code Execution via Configuration Archive Upload in Backdrop CMS Cross-Site Scripting (XSS) Vulnerability in Backdrop CMS 1.14.x Buffer Overflow Vulnerability in NetHack 3.6.x Allows Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Cyrus SASL 2.1.27 Leading to Remote Denial-of-Service in OpenLDAP Out-of-Bounds Access Vulnerability in HrAddFBBlock Function in Kopano Groupware Core Reflected XSS Vulnerability in phpMyChat-Plus 1.98 via Password Reset URL Code Injection Vulnerability in PKP pkp-lib Buffer overflow vulnerability in btif_dm_data_copy of btif_core.cc allows for remote code execution on Android devices XSS and IP Address Disclosure Vulnerability in MinervaNeue Skin in MediaWiki Pillow DoS Vulnerability: Integer Overflow in FpxImagePlugin.py Cross-Site Scripting (XSS) Vulnerability in Intland codeBeamer ALM 9.5 and Earlier: Upload Flash File Feature Stored XSS Vulnerability in Intland codeBeamer ALM 9.5 and Earlier via Trackers Title Parameter Vulnerability: Unauthenticated Remote Code Execution and Cross-Site Scripting (XSS) in 301 Redirects - Easy Redirect Manager Plugin CSP Bypass Vulnerability in Midori Browser 0.5.11 Buffer Overflow Vulnerability in Lout 3.40's StringQuotedWord() Function Heap-Based Buffer Overflow in Lout 3.40's srcnext() Function in z02.c Handlebars Prototype Pollution leading to Remote Code Execution Race condition vulnerability in bta_hl_sdp_query_results of bta_hl_main.cc allows for use-after-free and potential remote code execution in Android Arbitrary Code Execution in sa-exim 4.2.1 via .cf File or Rule Incorrect Access Control in runc 1.0.0-rc9 Allows Privilege Escalation via libcontainer/rootfs_linux.go Denial of Service Vulnerability in Linux Kernel's CPU Scheduling Algorithm NULL Pointer Dereference in SQLite 3.30.1 SELECT DISTINCT with LEFT JOIN and View SQLite 3.30.1 Parser-Tree Rewriting Vulnerability NULL Pathname Mishandling in zipfileUpdate Function in SQLite 3.30.1 Incomplete Fix for MultiSelect Parsing Errors in SQLite 3.30.1 Slab-out-of-bounds Read Access Vulnerability in Linux Kernel 5.0.0-rc7 Untrusted Search Path Vulnerability in Malwarebytes AdwCleaner before 8.0.1 Allows Arbitrary Code Execution Integer Overflow Vulnerability in register_app of btif_hd.cc Integer Signedness Error in MmsValue_newOctetString Function in libIEC61850 1.4.0 Heap-Based Buffer Overflow in libIEC61850 1.4.0's MmsValue_decodeMmsData Function Cross-Site Scripting (XSS) Vulnerability in Froala Editor before 3.2.3 Unrestricted System and Repository Imports in JFrog Artifactory Insecure Default Value in DevelopmentTiles.java Allows Unauthorized Access to Development Settings Command Injection Vulnerability in Swisscom Centro Grande (before 6.16.12) Remote Code Execution via DNS Injection in Swisscom Centro Grande Router DNS Spoofing Vulnerability in Swisscom Centro Grande and Centro Business Remote Unauthenticated Heap Memory Corruption in Pablo Quick 'n Easy Web Server 3.3.8 Out-of-Bounds Read Vulnerability in libIEC61850 1.4.0's BerDecoder_decodeUint32 Function Integer Signedness Error in uhttpd: Out-of-Bounds Heap Buffer Access and Crash Unauthorized Access to Project Content in Dradis Pro 3.4.1 API Uninitialized Memory Information Leak in Linux Kernel USB Driver (CID-da2311a6385c) Heap-Based Buffer Overflow in WriteSGIImage Function of ImageMagick 7.0.8-43 Q16 Heap-based Buffer Over-read Vulnerability in ImageMagick 7.0.8-43 Q16's WritePNGImage Function Silent File Attachment Vulnerability in ComposeActivityEmail Use-after-free vulnerability in GraphicsMagick 1.4 snapshot-20190403 Q8 Heap-Based Buffer Overflow in ImportRLEPixels of GraphicsMagick 1.4 snapshot-20190423 Q8 Use-after-free vulnerability in ImageMagick 7.0.9-7 Q16: MngInfoDiscardObject function in coders/png.c Heap-Based Buffer Over-Read Vulnerability in GraphicsMagick 1.4 snapshot-20191208 Q8 Privilege Escalation Vulnerability in Signal Desktop on Windows Memory Leak in xmlParseBalancedChunkMemoryRecover in libxml2 parser.c Out-of-Bounds Read Vulnerability in libIEC61850 1.4.0's getNumberOfElements Function Integer Signedness Issue in StringUtils_createStringFromBuffer in libIEC61850 1.4.0 Memory Management Error in SQLite 3.30.1 with Embedded Null Characters in Filenames Out-of-bounds Read Vulnerability in avrc_pars_browse_rsp of avrc_pars_ct.cc Side-channel vulnerability in wc_ecc_mulmod_ex in wolfSSL before 4.3.0 Fault Injection Vulnerability in RSA Cryptography in wolfSSL before 4.3.0 Side-Channel Attack Vulnerability in DSA Signing Algorithm of wolfSSL Authentication Bypass Vulnerability in NETGEAR GS728TPS Devices NULL Pointer Dereference Vulnerability in Linux Kernel SCSI Driver Use-after-free vulnerability in cpia2_exit() in Linux kernel before 5.1.6 Cleartext Password Vulnerability in Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH Devices Multiple XSS Vulnerabilities in PandoraFMS 742 Insecure Default Value in random_get_bytes of random.c Stack-based Buffer Over-read in libESMTP through 1.0.6 WP Maintenance Plugin 5.0.6 CSRF and XSS Vulnerability Resource Exhaustion Vulnerability in Android Keymaster App Privilege Bypass Vulnerability in Email Subscribers & Newsletters WordPress Plugin CSRF Vulnerability in Email Subscribers & Newsletters WordPress Plugin Unauthenticated Option Creation Vulnerability in Email Subscribers & Newsletters WordPress Plugin Path Disclosure Vulnerability in Fast Velocity Minify WordPress Plugin Vulnerability: Privilege Escalation in Email Subscribers & Newsletters WordPress Plugin Unauthenticated File Download and User Information Disclosure Vulnerability in Email Subscribers & Newsletters WordPress Plugin SQL Injection in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29 Cross-Site Request Forgery (CSRF) Vulnerability in Selesta Visual Access Manager (VAM) 4.15.0 - 4.29 Arbitrary File Creation and Write Vulnerability in Selesta Visual Access Manager (VAM) Unauthenticated Access to Files in Selesta Visual Access Manager (VAM) Double Free Vulnerability in binder_alloc_free_page of Android Kernel (CVE-2021-12345) Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Selesta Visual Access Manager (VAM) 4.15.0 - 4.29 Multiple Reflected Cross-site Scripting (XSS) Vulnerabilities in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29 XML File Disclosure Vulnerability in Selesta Visual Access Manager (VAM) Full Path Disclosure Vulnerability in Selesta Visual Access Manager (VAM) 4.15.0 - 4.29 Blind Command Injection in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29 CSRF Vulnerability in Intelbras IWR 3000N 1.8.7 Devices Allows Complete Router Control Denial of Service Vulnerability in Intelbras IWR 3000N 1.8.7 Devices XXE Vulnerability in Xiuno BBS 4.0 via plugin/xn_wechat_public/route/token.php Server Side Template Injection (SSTI) vulnerability in Halo before 1.2.0-beta.1 due to insecure FreeMarker configuration Use-after-free vulnerability in binder.c allows for local privilege escalation in Android kernel TOCTOU Vulnerability in BullGuard Premium Protection 20.0.371.8 Allows Privileged File Deletion via Symbolic Link Attack Local Privilege Escalation Vulnerability in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client SolarWinds WebHelpDesk 12.7.1 Formula Injection Vulnerability in TicketActions/view?tab=group TSV Export Stored XSS Vulnerability in Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 via Debug-Log and Display-Log Components Vulnerability: Unauthorized Administrative Access on Intelbras IWR 3000N 1.8.7 Devices Heap-based Buffer Over-read in ezXML's ezxml_decode Function Segmentation Fault Vulnerability in ezXML NULL Pointer Dereference and Crash in ezXML Stored XSS Vulnerability in Archery 1.3 and Earlier Versions Excessive Memory Allocation Vulnerability in GNU LibreDWG World-readable permissions on /proc/iomem in Android kernel - Local Information Disclosure Vulnerability Use-after-free vulnerability in GNU LibreDWG 0.92: resolve_objectref_vector in decode.c Heap-Based Buffer Over-read in GNU LibreDWG 0.92's decode_R13_R2000 Function Excessive Memory Allocation Vulnerability in GNU LibreDWG 0.92 Excessive Memory Allocation Vulnerability in GNU LibreDWG Double-Free Vulnerability in GNU LibreDWG Excessive Memory Allocation Vulnerability in GNU LibreDWG 0.92 Stack Consumption Vulnerability in libmysofa Stack-Based Buffer Over-read in Mat_VarReadNextInfo5 in Matio 1.5.17 Stack-Based Buffer Over-read in ReadNextCell in Matio 1.5.17 Memory Allocation Vulnerability in Mat_VarRead5 Stack-Based Buffer Over-Read Vulnerability in matio 1.5.17 Heap-Based Buffer Over-Read Vulnerability in UPX 3.95 via Crafted Mach-O File Invalid Memory Address Dereference in libsixel's load_pnm Function Memory Leak in image_buffer_resize in libsixel 1.8.4 Heap-Based Buffer Overflow in libsixel's image_buffer_resize() Function Static Credential Vulnerability in NEC SV9100 Software Unauthenticated Remote Password Reset Vulnerability in NEC SV9100 Software Blank Username and Password Vulnerability in Aspire-derived NEC PBXes Unauthenticated Read-Only Access Vulnerability in NEC PBXes with InMail Software Privilege Escalation Vulnerability in Aspire-derived NEC PBXes Potential Phishing Vector Exploiting addLinks in Linkify.java Vulnerability: Unauthorized Access to NEC UM8000 Voicemail System via Modem Access Number Vulnerability: Brute Force Attack on NEC UM8000 and UM4730 Voicemail Systems Vulnerability: Unauthorized Access to Administration Modem in Aspire-derived NEC PBXes Static Login Credentials Vulnerability in NEC PBXes Uninitialized Data Vulnerability in InputTransport.cpp Allows Local Information Disclosure Bypassing Input Sanitization in WordPress wp_kses_bad_protocol Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in WordPress 3.7 to 5.3.0 Authenticated Users Can Bypass Post Publishing Restrictions via REST API in WordPress 3.7 to 5.3.0 Privilege Escalation in Zsh via MODULE_PATH and zmodload Vulnerability in HUSKY RTU 6049-E70 Firmware Versions 5.0 and Prior: Disconnection and Reboot Exploit Authentication Bypass Vulnerability in HUSKY RTU 6049-E70 Firmware Versions 5.0 and Prior Vulnerability: Unauthorized Access to Administrative LDAP Credentials in Alcatel-Lucent OmniVista 4760 and 8770 Devices Remote Code Execution Vulnerability in Alcatel-Lucent OmniVista 8770 Devices Remote Code Execution Vulnerability in Alcatel-Lucent OmniVista 4760 Devices Possible Local Escalation of Privilege Vulnerability in GrantPermissionsActivity.java Remote Code Execution Vulnerability in Pandora FMS ≤ 7.42 via Tricky Folder Name and Disabled php-fileinfo Extension Floating-Point Exception Vulnerability in UPX 3.95 Memory Leak in Mat_VarCalloc in Matio 1.5.17 Due to SafeMulDims Rank==0 Case Vulnerability Invalid Memory Address Dereference in canUnpack Function in UPX 3.95 via Crafted Mach-O File NULL pointer dereference vulnerability in drop_sysctl_table() in fs/proc/proc_sysctl.c SSRF Vulnerability in LuquidPixels LiquiFire OS 4.8.0 via call%3Durl Substring Assertion Failure in stbi__shiftsigned in stb_image.h (Version 2.23) Privileged Helper Tool in Proxyman for macOS 1.11.0 and earlier: System Proxy Manipulation and MITM Vulnerability XSS Vulnerability in Bolt 3.7.0 with Symfony Web Profiler SQL Injection in MFScripts YetiShare 3.5.2 through 4.5.4 via sSortDir_0 parameter in *_manage.ajax.php Use-after-free vulnerability in HalDeathHandlerHidl.cpp allows for local privilege escalation in Android audio server Sensitive Information Leakage in MFScripts YetiShare v3.5.2 - v4.5.4 via Referer Header Cleartext Password Leakage in MFScripts YetiShare User-Introduction Email Password Reset Vulnerability in MFScripts YetiShare v3.5.2 through v4.5.4 Uninitialized Memory Use in libmysofa before 0.8 Integer Overflow Vulnerability in FifoControllerBase.cpp Could Lead to Local Privilege Escalation Cross-Site Scripting (XSS) Vulnerability in Netis DL4323 Devices via urlFQDN Parameter CSRF Vulnerability: Log Deletion on Netis DL4323 Devices XSS Vulnerability in Netis DL4323 Devices via form2Ddns.cgi Hostname Parameter Cross-Site Scripting (XSS) Vulnerability in Netis DL4323 Devices via form2userconfig.cgi Sensitive Information Exposure on Netis DL4323 Devices via form2saveConf.cgi XSS Vulnerability in Netis DL4323 Ping6 Diagnostic Cross-Site Scripting (XSS) Vulnerability in Netis DL4323 Devices via form2Ddns.cgi Username Parameter CSRF Vulnerability in Typesetter CMS 5.1 Logout Functionality Autocmd Feature in Vim Allows Access to Freed Memory Race condition vulnerability in createEffect of AudioFlinger.cpp allows for local privilege escalation (Android ID: A-122309228) Buffer Overflow Vulnerability in ASUS RT-N53 3.0.0.4.376.3754 Devices via Advanced_LAN_Content.asp TVT NVMS-1000 Directory Traversal Vulnerability Heap-Based Buffer Over-Read Vulnerability in GoPro GPMF-parser 1.2.3 Heap-Based Buffer Over-read Vulnerability in GoPro GPMF-parser 1.2.3 Heap-Based Buffer Over-Read Vulnerability in GoPro GPMF-parser 1.2.3 Heap-Based Buffer Over-read in GoPro GPMF-parser 1.2.3 Out of Bounds Write Vulnerability in l2c_lcc_proc_pdu of l2c_fcr.cc Use-after-free vulnerability in Bento4 1.5.1.0: AP4_Sample::GetOffset in Core/Ap4Sample.h NULL Pointer Dereference in Bento4 1.5.1.0: AP4_Descriptor::GetTag Vulnerability NULL Pointer Dereference in Bento4 1.5.1.0: AP4_Descriptor::GetTag Vulnerability NULL Pointer Dereference Vulnerability in PoDoFo PDF Library Heap-based Buffer Overflow in libsixel's gif_init_frame Function Memory Leak and Denial of Service Vulnerability in mwifiex_tm_cmd in Linux Kernel Memory Leak in __feat_register_sp() in Linux Kernel (CVE-2020-XXXX) Remote Code Execution Vulnerability in Bitbucket Server and Bitbucket Data Center via post-receive hook Cross-Site Request Forgery (CSRF) Vulnerability in Atlassian Jira Server and Data Center before 8.7.0 CSRF Vulnerability in VerifyPopServerConnection!add.jspa Component in Atlassian Jira Server and Data Center Out-of-Bound Write Vulnerability in phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc Vulnerability: Cross-Site Request Forgery (CSRF) in Atlassian Application Links Plugin Broken Access Control vulnerability in Atlassian Jira Server and Data Center allows unauthorized access to whitelist rules Stored Cross-Site Scripting (SXSS) Vulnerability in Atlassian Confluence Server XML Entity Expansion Vulnerability in Atlassian Crowd Improper Access Control Vulnerability in Atlassian Application Links Plugin Broken Access Control Vulnerability in Atlassian Jira Server and Data Center Multiple SQL Injection Vulnerabilities in TestLink Out-of-bounds Write Vulnerability in readNullableNativeHandleNoDup of Parcel.cpp Out-of-Bound Write Vulnerability in rw_t3t_act_handle_fmt_rsp of Android Out-of-Bound Write Vulnerability in rw_t3t_act_handle_sro_rsp of rw_t3t.cc Weak Password Hashing Vulnerability in Nim's HTTP Authentication Library Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.9 Allows Attack on Admin User Out-of-Bound Write Vulnerability in rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc Heap-based Buffer Overflow in libsixel's gif_out_code Function XSS Vulnerability in Laborator Neon Theme 2.0 for WordPress GitLab Community Edition and Enterprise Edition Denial of Service Vulnerability Incorrect Access Control Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6 Incorrect Access Control Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1 Incorrect Access Control Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1 Uncontrolled Resource Consumption Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6 Incorrect Access Control Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1 Incorrect Access Control Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1 Prototype Pollution Vulnerability in kind-of v6.0.2 Out-of-Bound Write Vulnerability in rw_t3t_act_handle_check_rsp of Android Exposed SSH/SFTP Credentials Vulnerability in TreasuryXpress 19191105 Cross-Site Scripting (XSS) Vulnerability in TreasuryXpress 19191105 XSS Vulnerability in TreasuryXpress 19191105: Execution of Malicious JavaScript via Custom Workflow Component XML External Entity (XXE) Vulnerability in Determine Contract Lifecycle Management (CLM) v5.4 Allows Unauthorized File Reading Cross-Site Scripting (XSS) Vulnerability in Determine Contract Lifecycle Management (CLM) v5.4 Arbitrary Code Execution Vulnerability in Determine Contract Lifecycle Management (CLM) v5.4 Memory Leak in dinf_New() in GPAC Out-of-Bound Write Vulnerability in NFA_SendRawFrame of nfa_dm_api.cc Stack-based Buffer Overflow in av1_parse_tile_group() Function Heap-based Buffer Overflow in ReadGF_IPMPX_WatermarkingInit() Function Heap-based Buffer Overflow in gf_isom_box_parse_ex() Function NULL Pointer Dereference in gf_odf_avc_cfg_write_bs() Function NULL Pointer Dereference in gf_isom_box_del() Function NULL Pointer Dereference in ilst_item_Read() Function NULL Pointer Dereference in gf_isom_dump() Function NULL Pointer Dereference in senc_Parse() Function Use-after-free vulnerability in GPAC's gf_isom_box_dump_ex() function in isomedia/box_funcs.c Use-after-free vulnerability in GPAC's trak_Read() function in isomedia/box_code_base.c Out-of-Bound Write Vulnerability in rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc Invalid Pointer Dereference in GF_IPMPX_AUTH_Delete() Function Memory leaks in metx_New and abst_Read functions in GPAC version 0.8.0 and 0.9.0-development-20191109 Kernel Stack Return Address Overwrite Vulnerability Cross-Site Scripting (XSS) Vulnerability in Auth0 wp-auth0 Plugin for WordPress XSS Vulnerability in Auth0 Lock before 11.21.0 with untrusted placeholder in additionalSignUpFields QEMU SCSI_IOCTL_SEND_COMMAND Crash Vulnerability Stack Exhaustion Vulnerability in Pure-FTPd 1.0.49's listdir Function CSRF Vulnerability in Advisto PEEL Shopping 9.2.1 Allows Unauthorized User Deletion SQL Injection Vulnerability in SOPlanning 1.45 via user_list.php by Parameter Bypass of Password Reset Protection in DevicePolicyManagerService TablePress Plugin 1.9.2 for WordPress: Editor CSV Injection Vulnerability XSS Vulnerability in awesome-support Plugin 5.8.0 for WordPress via post_title Parameter XSS Vulnerability in FooGallery Plugin 1.8.12 for WordPress via post_title Parameter Arbitrary PHP Code Execution Vulnerability in Employee Records System 1.0 CSV Injection Vulnerability in KeePass 2.4.1 Title Field Out-of-Bound Read Vulnerability in ce_t4t_data_cback of ce_t4t.cc Critical XXE Vulnerability in Oxygen XML Editor 21.1.1 Allows Unauthorized File Access Arbitrary OS Command Execution Vulnerability in Nagios XI 5.6.9 Stack Consumption Vulnerability in ezXML NULL Pointer Dereference in ezXML's ezxml_decode Function Out-of-Bound Read Vulnerability in llcp_dlc_proc_rr_rnr_pdu of Android Heap-based Buffer Over-read in ezXML's normalize line endings feature Infinite Loop Vulnerability in ezXML XML Parsing Functions Invalid Free and Segmentation Fault in ezXML 0.8.3-0.8.6 Postie Plugin 1.9.40 for WordPress - Remote Post Publication Vulnerability Cross-Site Scripting (XSS) Vulnerability in Postie Plugin 1.9.40 for WordPress Integer Overflow in sixel_frame_resize in libsixel 1.8.4 Stack-Based Buffer Overflow in dimC_Read in GPAC 0.8.0 Insecure Direct Object Reference (IDOR) Vulnerability in CTHthemes CityBook, TownHub, and EasyBook WordPress Themes Out-of-Bound Read Vulnerability in rw_t3t_act_handle_ndef_detect_rsp of Android Reflected XSS Vulnerability in CTHthemes CityBook, TownHub, and EasyBook WordPress Themes Persistent XSS Vulnerability in CTHthemes CityBook, TownHub, and EasyBook WordPress Themes Persistent XSS Vulnerability in CTHthemes CityBook, TownHub, and EasyBook WordPress Themes Unauthenticated Information Disclosure in D-Link DIR-859 Routers via AUTHORIZED_GROUP Parameter Arbitrary OS Command Execution in D-Link DIR-859 1.05 and 1.06B01 Beta01 Devices Arbitrary OS Command Execution in D-Link DIR-859 1.05 and 1.06B01 Beta01 Devices Arbitrary OS Command Execution in D-Link DIR-859 Devices SQLite 3.30.1 SELECT Statement Parsing Error Handling Vulnerability Heap-Based Buffer Over-Read Vulnerability in ngiflib 0.4's GifIndexToTrueColor Function Out-of-Bound Read Vulnerability in rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of rw_t3t.cc XSS Vulnerability in SiT! 3.67 search_incidents_advanced.php XSS Vulnerability in Support Incident Tracker (SiT!) 3.67 XSS Vulnerability in SiT! 3.67 Config.php Page XSS Vulnerability in Support Incident Tracker (SiT!) 3.67 Arbitrary OS Command Execution in Pandora FMS 7.0NG via netflow_get_stats Vulnerability Open Redirect Vulnerability in MyBB Login Insecure Permissions Check in ServiceManager::add Function Allows Privilege Escalation Possible Use After Free Vulnerability in em28xx_unregister_dvb of em28xx-dvb.c Use-after-free vulnerability in binder_thread_read in binder.c allows local attackers to escalate privileges in the Android kernel. Missing Permission Check in updateAssistMenuItems of Editor.java Allows Escape from Setup Wizard and Local Privilege Escalation Out of Bounds Write Vulnerability in Android (A-119120561) NEON Register Preservation Vulnerability in libmpeg2 Use-after-free vulnerability in btm_proc_smp_cback of tm_ble.cc allows remote code execution in Android Possible Use After Free Vulnerability in removeInterfaceAddress of NetworkController.cpp in Android Out-of-Bound Write Vulnerability in rw_t3t_act_handle_check_ndef_rsp of Android Out-of-Bound Write Vulnerability in SetScanResponseData of ble_advertiser_hci_interface.cc Heap-based Buffer Overflow in _cairo_image_surface_create_from_jpeg() in gThumb and Pix Privilege Escalation Vulnerability in Centreon Infrastructure Monitoring Software OpenLambda 2019-09-10: DNS Rebinding Vulnerability in REST API on TCP Port 5000 Use-after-free vulnerability in create_hdr of dnssd_clientstub.c in Android allows local attackers to escalate privileges via crafted input. Jackson-databind Vulnerability: Lack of net.sf.ehcache Blocking Stack Consumption Vulnerability in NASM 2.14.02's expr# Functions XSS Vulnerability in PHP Scripts Mall Advanced Real Estate Script 4.0.9 SQL Injection Vulnerability in PHP Scripts Mall Advanced Real Estate Script 4.0.9 Integer Overflow leading to Out-of-Bounds Write in rw_i93_sm_read_ndef of rw_i93.cc Arbitrary Code Execution Vulnerability in MojoHaus Exec Maven Plugin 1.1.1 Root Terminal Access Vulnerability on OKER G232V1 v1.03.02.20161129 Devices Out-of-Bound Write Vulnerability in rw_i93_sm_update_ndef of Android Heap-Based Buffer Over-Read Vulnerability in NASM 2.15rc0 Arbitrary File Download Vulnerability in piSignage Player API Persistent Arbitrary Code Execution Vulnerability in Trend Micro Security 2020 and 2019 Consumer Products Vulnerability in Trend Micro Anti-Threat Toolkit (ATTK) Allows Arbitrary Remote Code Execution Possible Permission Bypass in okToConnect Method of HidHostService.java Unauthenticated Access to Personally Identifiable User Information in Give WordPress Plugin Blind SQL Injection Vulnerability in Email Subscribers & Newsletters Plugin Unquoted Service Path Vulnerability in Teradici PCoIP Agent and Client XSS Vulnerability in Ignite Realtime Openfire 4.4.4 via Alias to Manage Store Contents XSS Vulnerability in Ignite Realtime Openfire 4.4.4 via cacheName in SystemCacheDetails.jsp XSS Vulnerability in Ignite Realtime Openfire 4.4.4 via Users/Group Search XSS Vulnerability in Ignite Realtime Openfire 4.4.4: Exploiting isTrustStore to Manage Store Contents Out-of-Bounds Read Vulnerability in nlist.c Out-of-Bound Read Vulnerability in l2c_utils.cc of Android HTTP Request Smuggling Vulnerability in NGINX Vulnerability: Root Access Exploit in LTSP LDM Remote Code Execution via Mutation XSS in Typora Cross-Site Scripting (XSS) Vulnerability in Electronic Logbook (ELOG) 3.1.4 Cross-Site Scripting (XSS) Vulnerability in ELOG 3.1.4 via Crafted SVG Document XSS Vulnerability in TopList before 2019-09-03: Exploiting the Title Field Cross-Site Scripting (XSS) Vulnerability in Ganglia Web Frontend (ganglia-web) 3.7.5 via header.php ce Parameter Cross-Site Scripting (XSS) Vulnerability in Ganglia Web Frontend (ganglia-web) 3.7.5 via header.php cs Parameter Out-of-Bound Read Vulnerability in rw_i93_process_sys_info of Android Incomplete Fix for XSS Vulnerability in TestLink before 1.9.20 Memory Leak in QEMU 4.1.0 during VNC Disconnect Operation Privilege Escalation via File Manipulation in ABBYY FineReader 15 Network License Server Local Privilege Escalation Vulnerability in Gentoo Portage Arbitrary PHP Code Execution via CSV Upload in Logaritmo Aware CallManager 2012 Memory Leak in systemd's button_open Function Heap-based Buffer Over-read in repodata_schema2id in libsolv Memory Leak in xmlSchemaValidateStream in libxml2 2.9.10 Reflected Cross-Site Scripting (XSS) Vulnerability in Subrion CMS 4.2.1 Out-of-Bound Read Vulnerability in rw_i93_sm_detect_ndef of Android Subrion CMS 4.2.1 CSRF Vulnerability Allows Unauthorized File Deletion Invalid Memory Access Vulnerability in libyang resolve_feature_value() Function Invalid Memory Access Vulnerability in libyang resolve_feature_value() Function Double-Free Vulnerability in libyang's yyparse() Function Double-Free Vulnerability in libyang's yyparse() Function Stack Consumption Vulnerability in libyang before v1.0-r1 Segmentation Fault Vulnerability in libyang's yyparse Function Double-Free Vulnerability in libyang's yyparse() Function NULL Pointer Dereference Vulnerability in libyang's lys_extension_instances_free() Function Timing Vulnerability in Scalar::check_overflow Function in Parity libsecp256k1-rs Out-of-Bound Read Vulnerability in rw_i93_process_ext_sys_info of Android-9 (A-122316913) DLL Hijacking Vulnerability in Tomcat Used by Jira (CVE-XXXX) CSRF Vulnerability in Jira Installation Setup Resources Improper Authorization Vulnerability Allows Unauthorized Download of Support Zip Files in Atlassian Jira Server and Data Center Jira Server and Data Center Information Disclosure Vulnerability Improper Authorization Vulnerability in Atlassian Jira Server and Data Center Allows Unauthorized Access to Project Titles JMX Monitoring Flag CSRF Vulnerability in Atlassian Jira Server and Data Center DLL Hijacking Vulnerability in Tomcat for Confluence on Windows Unauthenticated Remote Attackers Can View Release Version Information in Jira Software and Jira Software Data Center Server Side Request Forgery (SSRF) vulnerability in Jira before version 8.7.0 allows unauthorized access to internal network resources via the /plugins/servlet/gadgets/makeRequest resource. Server Side Template Injection Vulnerability in Atlassian Jira Server and Data Center (CVE-2021-26084) Insecure Default Value in NFC Module Configuration on Android Devices Information Disclosure Vulnerability in Atlassian Jira Server and Data Center's Comment Restriction Feature CSRF Vulnerability in Atlassian Jira Server and Data Center Allows Unauthorized Modification of Wallboard Settings Improper Authentication Vulnerability in Atlassian Jira Server and Data Center Allows Information Enumeration Denial of Service (DoS) Vulnerability in Atlassian Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center's Issue Navigator Basic Search CSRF Vulnerability in Atlassian Jira Server and Data Center Allows Unauthorized Modification of Logging and Profiling Settings Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Project Configuration (CVE-2020-14179) Application Denial of Service Vulnerability in Atlassian Jira Server and Data Center (CVE-2021-26084) DLL Hijacking Vulnerability in Atlassian Jira Server and Data Center Denial of Service Vulnerability in Exiv2 0.27.2 via Infinite Loop in Jp2Image::readMetadata() Vulnerability: Mishandling of RT6_LOOKUP_F_DST_NOREF Flag in fib6_rule_lookup in Linux Kernel Buffer Overflow and Panic in Lustre File System: Integer Signedness Error in target_handle_connect() NULL Pointer Dereference and Panic in Lustre File System: Lack of Validation in mdt_object_remote Out-of-Bounds Access and Panic in Lustre File System: Lack of Validation in ptlrpc Module Out-of-Bounds Access and Panic in Lustre File System: Lack of Validation in ptlrpc Module Buffer Overflow and Remote Code Execution Vulnerability in Lustre File System Out-of-Bounds Read and Panic in Lustre File System: Lack of Validation in ptlrpc Module Out-of-Bounds Read and Panic Vulnerability in Lustre File System Possible Privilege Escalation via Overlay Attack in SmsDefaultDialog.onStart Lustre File System MDT Module LBUG Panic Vulnerability Out-of-bounds Access and Lack of Validation in Lustre File System Out-of-Bounds Access and Panic in Lustre File System (CVE-XXXX-XXXX) Buffer Over-read Vulnerability in GNU Aspell Reflected XSS Vulnerability in WSO2 API Manager 2.6.0 Datasource Creation Page Reflected XSS Vulnerability in WSO2 API Manager 2.6.0 XSS Vulnerability in WSO2 API Manager, WSO2 IS as Key Manager, and WSO2 Identity Server XSS Vulnerability in WSO2 API Manager and Identity Server Stored XSS Vulnerability in WSO2 API Manager 2.6.0 API Publisher Inline Documentation Editor Reflected XSS Vulnerability in WSO2 API Manager 2.6.0 Out-of-bounds Write Vulnerability in G4VideoCodecSpecificData of APacketSource.cpp Reflected XSS Vulnerability in WSO2 API Manager 2.6.0's Update API Documentation Feature Stored Cross-Site Scripting (XSS) Vulnerability in WSO2 API Manager 2.6.0 API Publisher Stored Cross-Site Scripting (XSS) Vulnerability in WSO2 Products Stored Cross-Site Scripting (XSS) Vulnerability in WSO2 Products HTTP Header Parsing Vulnerability in Netty Multiple Content-Length Headers Vulnerability Exponential Growth Denial of Service Vulnerability in GNOME librsvg SQL Injection Vulnerability in Jobberbase 2.0 via PATH_INFO to jobs-in Endpoint Out of Bounds Write Vulnerability in JSCallTyper of typer.cc Remote Code Execution via RebootSystem.lnk in Prismview System and Prismview Player PHP Object Injection Vulnerability in Pydio Core and Pydio Enterprise PHP Object Injection Vulnerability in Pydio Core and Pydio Enterprise PCRE Out-of-Bounds Read Vulnerability in JIT Compilation SSL Certificate Validation Bypass in Heartland & Global Payments PHP SDK Untrusted Search Path Vulnerability in Goverlan Reach Console, Server, and Client Agent Integer Overflow Vulnerability in CalculateInstanceSizeForDerivedClass of objects.cc Vulnerability: Denial of Service (DoS) via Crafted IP Traffic on Sannce Smart HD Wifi Security Camera Unauthenticated Access to Video Feed on Sannce Smart HD Wifi Security Camera Unauthenticated Remote Control of Sannce Smart HD Wifi Security Camera Vulnerability: Weakly Hashed Root Password on Sannce Smart HD Wifi Security Camera Default Backdoor Accounts on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 Devices Unnecessary Permissions in SeTracker2 for TK-Star Q90 Junior GPS Horloge Devices Type Confusion Vulnerability in UpdateLoadElement of ic.cc Allows Remote Code Execution in Android Proxy Auto-Config Vulnerability: Unauthorized Voice Communication Channel Setup on TK-Star Q90 Junior GPS Horloge Default Password Vulnerability on TK-Star Q90 Junior GPS Horloge 3.1042.9.8656 Devices Vulnerability: Lack of SIM Card PIN Configuration on TK-Star Q90 Junior GPS Horloge Authorization Bypass Vulnerability in Zoho ManageEngine Remote Access Plus 10.0.447 Insufficient Restrictions on PyYAML 5.1 through 5.1.2 Load Functions Remote Code Execution in ruamel.yaml's load Method Open Redirect Vulnerability in mod_auth_openidc CSRF Vulnerability in MIELE XGW 3000 ZigBee Gateway before 2.4.0 Unauthenticated Password Change Vulnerability in MIELE XGW 3000 ZigBee Gateway Cross-Site Scripting (XSS) Vulnerability in Viki Vera 4.9.1.26180 Unauthorized File Access in Viki Vera 4.9.1.26180 Denial of Service in libvirt's QEMU Driver due to Monitor Job Mishandling Stored XSS Vulnerability in NETGEAR WNR1000V4 1.1.0.54 Web Management Console Unauthenticated GET Request Vulnerability in NETGEAR WNR1000V4 1.1.0.54 Command Injection Vulnerability in NETGEAR WNR1000V4 1.1.0.54 Devices Authentication Bypass and Remote Compromise Vulnerability in NETGEAR WNR1000V4 1.1.0.54 Use-after-free vulnerability in avrcp_service.cc allows for local privilege escalation in Android Bluetooth service Authentication Bypass Vulnerability in cPanel (SEC-499) Virtual Mail Account Bypass Vulnerability in cPanel (SEC-508) Authentication Bypass Vulnerability in cPanel (SEC-516) Self-XSS vulnerability in cPanel before 82.0.18 due to mishandled JSON string escaping (SEC-520) Predictable Number Generation Vulnerability in cPanel (SEC-525) Arbitrary Database Read Vulnerability in cPanel (SEC-531) Arbitrary Chown Operations Vulnerability in cPanel (SEC-532) Stored XSS Vulnerability in cPanel's WHM Backup Restoration (SEC-533) WebDAV Authentication Bypass in cPanel (SEC-534) Authenticated OS Command Injection Vulnerability in D-Link DWL-2600AP 4.2.0.15 Rev A Devices via Restore Configuration Functionality Use-after-free vulnerability in tearDownClientInterface in WificondControl.java allows for local privilege escalation without additional execution privileges. Authenticated OS Command Injection Vulnerability in D-Link DWL-2600AP 4.2.0.15 Rev A Devices via Save Configuration Functionality Authenticated OS Command Injection Vulnerability in D-Link DWL-2600AP 4.2.0.15 Rev A Firmware Upgrade Functionality Buffer Overflow Vulnerability in EFS Easy Chat Server 3.1 via long body2.ghp message parameter Out-of-Bounds Reads in usrsctp's sctp_load_addresses_from_init (CVE-2019-XXXX) Remote Code Execution in Quest KACE K1000 Systems Management Appliance Out-of-bounds Read Vulnerability in spaces.h ERPNext 11.1.47 Blog Category Frame Injection Vulnerability Reflected XSS Vulnerability in Open edX Ironwood.1 Support/Certificates Course_ID Parameter Reflected XSS vulnerability in Open edX Ironwood.1 support/certificates?user= parameter Reflected XSS Vulnerability in ERPNext 11.1.47 via PATH_INFO Reflected XSS Vulnerability in ERPNext 11.1.47 via PATH_INFO in addresses/ URI Reflected XSS Vulnerability in ERPNext 11.1.47 via PATH_INFO in blog/ URI Reflected XSS Vulnerability in ERPNext 11.1.47 via PATH_INFO in contact/ URI Reflected XSS Vulnerability in ERPNext 11.1.47 via PATH_INFO Reflected XSS Vulnerability in ERPNext 11.1.47 via PATH_INFO in user/ URI Out-of-bounds Read Vulnerability in VisitPointers of heap.cc Reflected XSS Vulnerability in ERPNext 11.1.47 via PATH_INFO Reflected XSS Vulnerability in ERPNext 11.1.47 via api/ URI XSS Vulnerability in ilchCMS 2.1.23 via index.php/partner/index Link Parameter Cross-Site Scripting (XSS) Vulnerability in ilchCMS 2.1.23 via index.php/partner/index Name Parameter XSS Vulnerability in ilchCMS 2.1.23 via index.php/partner/index Banner Parameter XSS Vulnerability in Ignite Realtime Openfire 4.4.1 via setup-datasource-standard.jsp XSS Vulnerability in Ignite Realtime Openfire 4.4.1 via setup-datasource-standard.jsp XSS Vulnerability in Ignite Realtime Openfire 4.4.1 via setup-datasource-standard.jsp XSS Vulnerability in Ignite Realtime Openfire 4.4.1 via setup-datasource-standard.jsp Improper Access Control in Prepared Report File Storage Out-of-bounds read vulnerability in wnm_parse_neighbor_report_elem of wnm_sta.c Arbitrary Code Execution Vulnerability on Samsung Mobile Devices (SVE-2019-15266) Out-of-Bounds Read Vulnerability in Samsung Mobile Devices with P(9.0) (Exynos Chipsets) Software Unauthenticated Access to Developer Options on Samsung Mobile Devices (SVE-2019-15800) S Secure App Vulnerability: Unauthorized Launch of Masked Apps Samsung Mobile Devices Lock Screen Wallpaper Exposure Vulnerability Bluetooth Connection Vulnerability on Samsung Mobile Devices Vulnerability in Samsung Firewall Application's PermissionWhiteLists Protection Mechanism (SVE-2019-14299) Arbitrary Memory Overwrite Vulnerability in Samsung Mobile Devices (SVE-2019-14651, SVE-2019-14666) Heap Overflow Vulnerability in Samsung Knox_Kap Driver (SVE-2019-14857) Out-of-Bounds Read Vulnerability in Samsung Mobile Devices with Broadcom Chipsets Seccomp Bypass Vulnerability in Android Kernel Buffer Over-read and Information Leak in Samsung Exynos Touch Screen Driver (SVE-2019-14942) Stack Overflow Vulnerability in Samsung Wi-Fi Kernel Drivers on Exynos Chipsets Samsung Mobile Devices Exynos Kernel Driver Stack Overflow Vulnerability (SVE-2019-15034) Samsung Mobile Devices with P(9.0) Software Vulnerability: Bypassing Factory Reset Protection via SamsungPay Mini (SVE-2019-15090) Out-of-Bounds Write Vulnerability in Samsung Exynos Chipsets (SVE-2019-15274) Buffer Overflow Vulnerability in Samsung Exynos Chipsets' HDCP Trustlet Denial-of-Service Vulnerability in Samsung Mobile Devices with Broadcom Wi-Fi Chipsets (SVE-2019-15350) Bluetooth Debug Command Data Leakage Vulnerability Buffer Overflow Vulnerability in Samsung Mobile Devices with P(9.0) Software Heap Out-of-Bounds Access Vulnerability in Broadcom Bluetooth on Samsung Mobile Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution S Secure App Bypass Vulnerability on Samsung Mobile Devices Samsung Mobile Devices Factory Reset Protection Bypass via Class 0 Type Message (SVE-2019-14941) Samsung Mobile Devices with P(9.0) Software Vulnerability: Bypassing Factory Reset Protection (FRP) via RCS Call (SVE-2019-15035) Arbitrary Memory Read and Write Vulnerability in Samsung Mobile Devices (SVE-2019-15143) Samsung Mobile Devices with O(8.x) Software: Factory Reset Protection Bypass via External Keyboard (SVE-2019-15164) Gallery App Vulnerability: Unauthorized Access to Locked Device Pictures (SVE-2019-15189) RKP Memory Corruption Vulnerability on Samsung Mobile Devices (SVE-2019-15221) Samsung Mobile Devices Vulnerability: Factory Reset Protection Bypass via SIM Card Blocking Buffer Overflow Vulnerability in Samsung Exynos Touch Screen Driver (SVE-2019-14990) Lock Screen Photo Viewing Vulnerability on Samsung Mobile Devices Improper Crypto Usage in Android-10 Allows for RAM Disclosure with Shared Key Out of Bounds Write Vulnerability in Samsung BIOSUB Trustlet (SVE-2019-15261) Integer Signedness Error in Samsung Mobile Devices with Exynos Chipsets (SVE-2019-15230) Buffer Overflow Vulnerability in Samsung Mobile Devices with P(9.0) Software Out of Bounds Write Vulnerability in Samsung SEC_FR Trustlet (SVE-2019-15272) Vulnerability: Manipulation of IMEI on Samsung Mobile Devices (SVE-2019-15435) Unauthenticated USB Configuration Change Vulnerability on Samsung Mobile Devices Stack Corruption Vulnerability in Samsung Mobile Devices with SMP1300 Exynos Modem Chipsets Samsung Mobile Devices Exynos Bootloader Code Execution Vulnerability Race Condition Vulnerability in Samsung Mobile Devices (Exynos and Qualcomm Chipsets) Software (SVE-2019-15067) Bypassing Factory Reset Protection (FRP) via Status Bar on Samsung Mobile Devices (SVE-2019-15089) Bypassing Factory Reset Protection (FRP) via Smart Switch on Samsung Mobile Devices (SVE-2019-15138) Type Confusion Vulnerability in Samsung WVDRM Trustlet (SVE-2019-14885) Buffer Overflow Vulnerability in Samsung Mobile Devices with Exynos Chipsets (SVE-2019-14939) Local SQL Injection Vulnerability in Samsung Mobile Devices (SVE-2019-14059, SVE-2019-14685) Local SQL Injection in Samsung Wi-Fi History Content Provider (SVE-2019-14061) Vulnerability in Samsung Mobile Devices: WPA3 Handshake Downgrade and Dictionary Attack SQL Injection Vulnerability in Samsung Mobile Devices with P(9.0) Software Samsung Exynos Chipsets: Kernel Panic Vulnerability (SVE-2019-14372) Buffer Overflow Vulnerability in Samsung Mobile Devices with Exynos 9820 Chipsets Lock Screen Location Information Sharing Vulnerability on Samsung Mobile Devices Out of Bounds Read Vulnerability in libAACdec of Android-10 (A-136089102) Motion Photo Player Vulnerability: Bypassing Secure Folder on Samsung Mobile Devices Stack Overflow Vulnerability in Samsung Exynos Chipsets: SVE-2019-14665 Use After Free Vulnerability in Samsung Exynos9810 Chipsets (SVE-2019-14837) Type Confusion Vulnerability in Samsung Mobile Devices with TEEGRIS Software (SVE-2019-14847) Type Confusion Vulnerability in Samsung HDCP Trustlet Allows Arbitrary Code Execution Type Confusion Vulnerability in Samsung SEC_FR Trustlet Type Confusion Vulnerability in Samsung FINGERPRINT Trustlet (SVE-2019-14864) Type Confusion Vulnerability in Samsung Mobile Devices with TEEGRIS Software (SVE-2019-14867) Type Confusion Vulnerability in Samsung Mobile Devices with TEEGRIS Software (SVE-2019-14891) Type Confusion Vulnerability in Samsung SKPM Trustlet (SVE-2019-14892) Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Integer Underflow Vulnerability in Samsung Secure Storage Trustlet (SVE-2019-13952) Local SQL Injection in Samsung Gear VR Service Content Provider (SVE-2019-14058) Local SQL Injection in Samsung Story Video Editor Content Provider (SVE-2019-14062) Gallery Leaks Private Mode Thumbnails on Samsung Mobile Devices (SVE-2019-14208) Heap Overflow Vulnerability in Samsung Mobile Devices with Exynos Chipsets (SVE-2019-14371) Unauthenticated Bluetooth Stack Control on Samsung Mobile Devices (SVE-2019-14545) GateKeeper Trustlet Information Disclosure Vulnerability SPENgesture Vulnerability: Unauthorized Access to User-Input Logs on Samsung Mobile Devices Bixby Keyboard Data Leakage Vulnerability Voice Assistant Notification Audibility Vulnerability Out of Bounds Read Vulnerability in libxaac on Android-10 (A-112709994) Use-after-free vulnerability in Samsung Exynos8890 chipsets (SVE-2019-13921-1) RKP Memory Corruption Vulnerability on Samsung Mobile Devices Samsung Mobile Devices with Qualcomm Chipsets: Authnr Trustlet NULL Pointer Dereference Vulnerability (SVE-2019-13949) Samsung Mobile Devices ESECOMM Trustlet NULL Pointer Dereference Vulnerability Samsung Mobile Devices Gallery Permanent Disabling Vulnerability Heap Overflow Vulnerability in Samsung Mobile Devices with Exynos Chipsets OMACP Phishing Vulnerability on Samsung Mobile Devices Heap Overflow Vulnerability in Samsung Mobile Devices (SVE-2019-14126) Emergency Mode Vulnerability on Samsung Mobile Devices Smartwatch Exploit Allows Unauthorized Access to Secure Folder Notifications on Samsung Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Double-fetch vulnerability in Trustlet allows arbitrary TEE code execution on Samsung mobile devices Samsung Mobile Devices Experiencing Baseband Stack Overflow Vulnerability (SVE-2019-13963) Denial of Service Vulnerability in Samsung Mobile Devices with Broadcom and SEC Wi-Fi Chipsets Time-based SQL Injection Vulnerability in Samsung Contacts (SVE-2018-13452) Allshare Vulnerability: Unauthorized Access to Sensitive Information on Samsung Mobile Devices Bypassing Factory Reset Protection (FRP) via SVoice T&C on Samsung Mobile Devices (SVE-2018-13547) Gallery Thumbnail Leak in Samsung Mobile Devices Secure Folder Data Leak Vulnerability on Samsung Mobile Devices Unauthenticated Unpinning Vulnerability in Samsung Mobile Devices with P(9.0) Software Secure Startup Keyboard Suggested Words Leak on Samsung Mobile Devices (SVE-2019-13773) Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Unauthenticated Changes Vulnerability in Samsung Mobile Devices with P(9.0) Software Samsung Mobile Devices Experiencing Baseband Heap Overflow Vulnerability (SVE-2018-13187) Samsung Mobile Devices Experiencing Baseband Stack Overflow Vulnerability (SVE-2018-13188) Uninitialized Memory Disclosure Vulnerability in Samsung Mobile Devices S-Voice Keyboard Word Leak Vulnerability Information Disclosure Vulnerability on Samsung Mobile Devices with Exynos Chipsets (SVE-2018-13427) Vulnerability: Replay Attack Exploit in Honda HR-V 2017 Remote Keyless System XXE Vulnerability in AutoUpdater.NET Use-After-Free Vulnerability in GPAC's MP4Box Allows Denial of Service Heap-based Buffer Over-read Vulnerability in GPAC Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Heap-based Buffer Over-read Vulnerability in libgpac.a Invalid Pointer Dereference in GPAC's libgpac.a: Denial of Service Vulnerability Invalid Pointer Dereference in libgpac.a Can Cause Denial of Service Double Free Vulnerability in GNU Patch through 2.7.6 Proofpoint Email Protection Vulnerability: Exploiting ML Classification Model for Crafting Malicious Emails Arbitrary Code Execution and Java Class Loader Access Vulnerability in codeBeamer before 9.5.0-RC3 Out-of-Bounds Write Vulnerability in Linux Kernel's input.c (CID-cb222aed03d7) Pointer Leakage Vulnerability in Varnish Cache Administrative Credentials Disclosure in NETGEAR MR1100 Devices Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Lack of Function-Level Access Control in NETGEAR RAX40 Devices Authentication Bypass Vulnerability in NETGEAR RAX40 Devices Sensitive Information Disclosure in NETGEAR RAX40 Devices Stored XSS Vulnerability in NETGEAR RAX40 Devices (Versions prior to 1.0.3.62) Stored XSS Vulnerability in NETGEAR RAX40 Devices (Versions prior to 1.0.3.62) Administrative Credentials Disclosure in NETGEAR RAX40 Devices Denial of Service Vulnerability in NETGEAR RAX40 Devices Incorrect Configuration of Security Settings in NETGEAR RN42400 Devices Vulnerability: Sensitive Information Disclosure in NETGEAR MR1100 Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Title: Denial of Service Vulnerability in NETGEAR R8900, R9000, XR500, and XR700 Devices Command Injection Vulnerability in NETGEAR WAC505 and WAC510 Devices Disclosure of Sensitive Information Vulnerability in NETGEAR WAC505 Devices Denial of Service Vulnerability in NETGEAR WAC505 and WAC510 Devices NETGEAR WAC505 and WAC510 Devices Vulnerable to Incorrect Security Configuration Command Injection Vulnerability in NETGEAR XR500 and XR700 Routers Hardcoded Password Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Sensitive Information Disclosure Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Function Level Access Control Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in NETGEAR RBR50, RBS50, and RBK50 Devices Stored XSS Vulnerability in NETGEAR Devices Lack of Function-Level Access Control in NETGEAR MR1100 Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Command Injection Vulnerability in Multiple NETGEAR Devices Authentication Bypass Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Denial of Service Vulnerability in NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Authentication Bypass Vulnerability in NETGEAR Devices CSRF Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Security Configuration Vulnerability in NETGEAR WAC505 and WAC510 Devices Vulnerability: Disclosure of Sensitive Information in NETGEAR Devices Sensitive Information Disclosure Vulnerability in NETGEAR SRK60, SRR60, and SRS60 Devices Vulnerability: Sensitive Information Disclosure in NETGEAR WAC505 and WAC510 Devices Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Sensitive Information Disclosure Vulnerability in NETGEAR WAC505 and WAC510 Devices Buffer Overflow Vulnerability in NETGEAR Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR R7800 and XR500 Devices Command Injection Vulnerability in NETGEAR R7800 and XR500 Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in NETGEAR DGN2200v4 and DGND2200Bv4 Devices Denial of Service Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Stack-based buffer overflow vulnerability in certain NETGEAR devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Incorrect Configuration of Security Settings in Certain NETGEAR Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution SQL Injection Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based buffer overflow vulnerability in certain NETGEAR devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability Affects Multiple NETGEAR Devices Buffer Overflow Vulnerability in NETGEAR R8500 Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Stack-based Buffer Overflow Vulnerability in NETGEAR Devices Sensitive Information Disclosure in NETGEAR WAC510 Devices Stored XSS Vulnerability in NETGEAR WAC510 Devices Before 8.0.1.3 Stored XSS Vulnerability in NETGEAR WAC510 Devices Before 8.0.1.3 Sensitive Information Disclosure in NETGEAR WAC510 Devices Command Injection Vulnerability in NETGEAR WAC505 and WAC510 Devices Reflected XSS Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Stored XSS Vulnerability in Certain NETGEAR Devices Stack-based buffer overflow vulnerability in certain NETGEAR devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Reflected XSS vulnerability in certain NETGEAR devices Command Injection Vulnerability in NETGEAR R7800 Devices Buffer Overflow Vulnerability in NETGEAR R7000 Devices Stored XSS Vulnerability in NETGEAR R9000 Devices Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Authentication Bypass Vulnerability in NETGEAR R9000 Devices Command Injection Vulnerability in NETGEAR R7800 Devices Buffer Overflow Vulnerability in Certain NETGEAR Devices Stack-Based Buffer Overflow in NETGEAR R7800 Devices Stack-Based Buffer Overflow in NETGEAR R7800 Devices Stack-Based Buffer Overflow in NETGEAR R7800 Devices Stack-Based Buffer Overflow in NETGEAR R7800 Devices Stack-based buffer overflow vulnerability in certain NETGEAR devices Stored XSS Vulnerability in ServiceNow IT Service Management DLL Hijacking Vulnerability in LG PC Suite v5.3.27 and earlier Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Buffer Overflow Vulnerability in LG Mobile Devices with Android OS 9.0 Unconfirmed Configuration Changes Vulnerability in LG Mobile Devices LG Mobile Devices Authorization Bypass Vulnerability LG Mobile Devices Android OS Shell Command Execution Vulnerability Local Password Retrieval Vulnerability on LG Mobile Devices with Android OS 7.0-9.0 Weak Encryption Vulnerability on LG Mobile Devices with Android OS 9.0 LG Mobile Devices Android OS TZ Trusted Application Crash Vulnerability LG Mobile Devices OTA Provisioning Vulnerability LG Mobile Devices Backup Subsystem Input Validation Vulnerability LG Mobile Devices TrustZone Trusted Application Crash Vulnerability Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution LG Mobile Devices Security Settings Mishandling Vulnerability DLL Hijacking Vulnerability in LG Bridge on Windows LG Mobile Devices Buffer Overflow Vulnerability Bypass of AKA in LG Mobile Devices with Android OS 7.0-8.1 GPS Mishandling in LG Mobile Devices with Android OS 7.0-8.1 (MTK Chipsets) Uninitialized Variable Vulnerability in LG Mobile Devices with Android OS 8.0 and 8.1 Arbitrary Unencrypted Data Injection Vulnerability in Pion DTLS Integer Overflow in Teeworlds Prior to 0.7.4: Tilemap Size Calculation Vulnerability Integer Overflow and Heap-Based Buffer Overflow in LibVNCServer's cursor.c Cross-Site Scripting (XSS) Vulnerability in Croogo before 3.0.7 via Title in admin/menus/menus and admin/taxonomy/vocabularies Out of Bounds Read Vulnerability in libxaac on Android-10 (A-115509210) Bypassing SPF and DMARC Authentication via Inconsistent HELO and MAIL FROM Fields in OpenDMARC and pypolicyd-spf Stack-Based Buffer Overflow in OpenThread's MeshCoP::Commissioner::GeneratePskc Function Double Free Vulnerability in OpenSC before 0.20.0 Resource Exhaustion Vulnerability in Linux Kernel with Unprivileged User Namespaces Use-after-free vulnerability in iproute2 before 5.1.0 Buffer Overflow in e6y prboom-plus 2.5.1.5 UDP Packet Handling XSS Vulnerability in Cherokee Web Server Allows Arbitrary Command Execution Remote Memory Corruption Vulnerabilities in Cherokee Server Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Out-of-Bounds Write Vulnerability in Cherokee Server Cross-Origin Resource Sharing (CORS) and WebSocket Authorization Bypass in Readdle Documents iOS App Stored XSS Vulnerability in Readdle Documents App Reflected XSS Vulnerability in Gila CMS 1.11.6 via admin/content/postcategory id Parameter CSRF and XSS Vulnerability in Gila CMS Allows Admin Account Compromise Integer Overflow Vulnerability in p_lx_elf.cpp in UPX NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c Vulnerability: Arbitrary OS Command Execution in Vim Restricted Mode Out-of-Bounds Read Vulnerability in QEMU's ATI VGA Implementation Price Manipulation Vulnerability in Compound Finance Compound Price Oracle Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Memory leak in go7007_snd_init function in Linux kernel before 5.6 Reference Count Mishandling in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c Denial of Service Vulnerability in Linux Kernel's prb_calc_retire_blk_tmo() Function NULL Pointer Dereference Vulnerability in Foxit PhantomPDF Memory Consumption Vulnerability in Foxit PhantomPDF Stack Consumption Vulnerability in Foxit PhantomPDF XML Parsing NULL Pointer Dereference Vulnerability in Foxit PhantomPDF NULL Pointer Dereference Vulnerability in Foxit Reader and PhantomPDF Memory Consumption Vulnerability in Foxit Reader and PhantomPDF Stack Consumption Vulnerability in Foxit Reader and PhantomPDF Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution NULL Pointer Dereference Vulnerability in Foxit Reader and PhantomPDF NULL Pointer Dereference Vulnerability in Foxit PhantomPDF Mac Out-of-Bounds Write Vulnerability in Foxit Reader and PhantomPDF 3D Plugin Beta Buffer Overflow in Foxit PhantomPDF JavaScript Field APs Update NULL Pointer Dereference in Foxit PhantomPDF via FXSYS_wcslen in Epub File Out-of-Bounds Write Vulnerability in Foxit PhantomPDF NULL Pointer Dereference Vulnerability in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac Stack Consumption Vulnerability in Foxit PhantomPDF Mac and Foxit Reader for Mac Buffer Overflow Vulnerability in Foxit Reader and PhantomPDF NULL Pointer Dereference Vulnerability in Foxit Reader and PhantomPDF Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Out-of-Bounds Write Vulnerability in Foxit Reader and PhantomPDF Void Data Mishandling Vulnerability in Foxit Reader and PhantomPDF 3D Plugin Beta Homograph Mishandling Vulnerability in Foxit PhantomPDF Cloud Credential Mishandling in Foxit PhantomPDF Signature Validation Bypass in Foxit PhantomPDF Homograph Mishandling Vulnerability in Foxit Reader and PhantomPDF Cloud Credential Mishandling in Foxit Reader and PhantomPDF: Exploiting Google Drive Vulnerability Signature Validation Bypass Vulnerability in Foxit Reader and PhantomPDF Subject Buffer Over-read Vulnerability in libpcre Buffer Overflow in LibVNCServer's sockets.c via Long Socket Filename Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Crash Vulnerability in LibVNCServer's ws_decode.c CSRF Vulnerability in Mattermost Server for Account Takeover Attacks SQL Injection Vulnerability in Mattermost Server via SearchAllChannels Weak Permissions for Configuration Files in Mattermost Server Channel Spoofing Vulnerability in Mattermost Server Denial of Service Vulnerability in Mattermost Server via Large Slack Import Weak Permissions for Server-Local File Storage in Mattermost Server WebSocket User Typing Event Spoofing Vulnerability Quick Reply Vulnerability in Mattermost Mobile Apps Persistent Cookie Data Vulnerability Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution on Android Persistent View Cache Vulnerability in Mattermost Mobile Apps Arbitrary File Overwrite Vulnerability in Mattermost Mobile Apps Sensitive Information Leakage in Mattermost Mobile Apps Remote Code Execution Vulnerability in Mattermost Packages Denial of Service via LaTeX Message in Mattermost Server Sensitive Information Disclosure during Legacy Attachment Migration in Mattermost Server Mattermost Desktop App macOS Dylib Injection Vulnerability Denial of Service Vulnerability in Mattermost Server 5.16.0 Denial of Service (CPU Consumption) via Crafted Characters in SQL LIKE Clause Bypassing Login Access Control in Mattermost Server Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Denial of Service Vulnerability in Mattermost Server via Crafted SVG Document Arbitrary Code Execution Vulnerability in Mattermost Desktop App Unauthenticated Access to Team Slash Commands in Mattermost Server Unrestricted Creation of Incoming Webhooks in Mattermost Server GitHub Account Hijacking Vulnerability in Mattermost Plugins Cross-Site Request Forgery (CSRF) Vulnerability in Mattermost Server Improper Handling of Proxy HTTP Header in Mattermost Server Channel Post Loading Interference Vulnerability Improper Generation of Invite IDs in Mattermost Server Privilege Escalation in Mattermost Server: Unauthorized Update/Patch Channel Modification in Private Channels Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Bypassing Edited Flag Appearance in Mattermost Server Catastrophic Backtracking Vulnerability in Mattermost Server SSRF Vulnerability in Mattermost Server User Activation/Deactivation Information Disclosure Vulnerability Sensitive Information Disclosure during Role Change in Mattermost Server Password Reset Vulnerability during Email Address Change User Self-Deactivation Bypass Vulnerability Information Disclosure Vulnerability in Mattermost Server Allows 2FA Status Enumeration Email Address Mishandling Vulnerability in Mattermost Server Email Address Change without Credential Re-entry Vulnerability Out of Bounds Read Vulnerability in StatsService Denial of Service Vulnerability via OpenGraph in Mattermost Server Mattermost Server Brute-Force Attack Vulnerability Domain Requirement Bypass in Mattermost Server Post Pinning Vulnerability in Mattermost Server File Attachment Duplication Vulnerability Missing robots.txt file vulnerability in Mattermost Server Inadvertent System Admin Privileges Vulnerability in Mattermost Server Intra-team Post Permission Bypass in Mattermost Server Denial of Service Vulnerability in Mattermost Server User-Access Token Creation Permissions Mishandling Vulnerability Uninstallation Permission Retention Vulnerability in Android Email Address Discovery Bypass Vulnerability in Mattermost Server Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) Vulnerability in WooCommerce CSV Product Importer Double Free Vulnerability in net-snmp before 5.8.1.pre1 via SNMPv3 GetBulk Request Buffer Overflow Vulnerability in Call of Duty Modern Warfare 2 Allows Arbitrary Code Execution Traefik 2.x Vulnerability: Mutual TLS Verification Bypass SQL Injection Vulnerability in WebChess 1.0 Denial of Service Vulnerability in Atlassian Jira Server and Data Center via Crafted PNG File Unauthenticated Access to Sensitive Information in Atlassian Jira Server and Data Center Denial of Service Vulnerability in Atlassian Jira Server and Data Center Missing Permissions Check in isPackageDeviceAdminOnAnyUser of PackageManagerService.java Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center (Versions before 8.7.0) Open Redirect Vulnerability in Jira Login Page (CVE-2020-14181) XML Data Transfer Vulnerability in Crowd Allows Reactivation of Disabled OpenLDAP User Cross-Site Scripting (XSS) Vulnerability in atlaskit/editor-core Allows Arbitrary Code Injection via Hyperlinks Infinite Loop Vulnerability in Python's tarfile Module Incorrect Access Permissions for efivar_ssdt ACPI Variable Vulnerability NULL Pointer Dereference in dwg_encode_LWPOLYLINE Function Missing Permission Check in GetPermittedAccessibilityServicesForUser in DevicePolicyManagerService.java Heap-based Buffer Over-read in decode_R13_R2000 in GNU LibreDWG Denial of Service Vulnerability in GNU LibreDWG through 0.9.3 Stack Overflow Vulnerability in GNU LibreDWG Heap-based Buffer Over-read in dwg_encode_entity in GNU LibreDWG NULL Pointer Dereference in dwg_encode_common_entity_handle_data Heap-based Buffer Over-read in bit_write_TF in GNU LibreDWG Directory Traversal Vulnerability in pip Package (Versions before 19.2) NULL Pointer Dereference in InspIRCd MySQL Module Use After Free Vulnerability in InspIRCd 3 Allows Remote Server Crashing NULL Pointer Dereference in DBI Module Missing Permission Check in isSeparateProfileChallengeAllowed in DevicePolicyManagerService.java Arbitrary Code Execution via Lookup Helper in Handlebars Cross-Site Scripting (XSS) Vulnerability in bootstrap-select Handlebars Template Engine Regular Expression Denial of Service (ReDoS) Vulnerability Denial of Service Vulnerability in MongoDB Server v4.0.7 and Earlier Denial of Service Vulnerability in MongoDB Server v4.2.2 Memory Allocation Vulnerability in MongoDB Server Out-of-bounds Write Vulnerability in huff_dec_1D of nlc_dec.cpp in Android InfluxDB Authentication Bypass Vulnerability Use-after-free vulnerability in Linux kernel before 5.2.6 on NUMA systems Out-of-bounds Write Vulnerability in parseMPEGCCData of NuPlayerCCDecoder.cpp Race condition vulnerability in callGenIDChangeListeners and related functions in SkPixelRef.cpp allows for use after free, potentially leading to remote code execution without additional privileges. (Android-9, A-124232283) Double Free Vulnerability in EffectBundle.cpp Allows Local Privilege Escalation in Android Type Confusion Vulnerability in HAliasAnalyzer.Query of hydrogen-alias-analysis.h Missing Permissions Check in areNotificationsEnabledForPackage of NotificationManagerService.java Out-of-Bound Write Vulnerability in nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc Out-of-Bound Read Vulnerability in uvc_parse_standard_control of Android Kernel Remote Keystroke Injection Vulnerability in Android BLE Implementation Google Assistant in Android 9 Vulnerability: Permissions Bypass and Information Disclosure Uninitialized Field Vulnerability in HIDL and C++ Structs/Unions in Android Uninitialized Data Memory Corruption Vulnerability in FileInputStream::Read Out-of-bounds Write Vulnerability in ihevcd_sao_shift_ctb of Android Out-of-bounds Write Vulnerability in ihevcd_parse_pps of Android Out of Bounds Write Vulnerability in ihevcd_ref_list.c in Android 10 Out-of-bounds Write Vulnerability in MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp Missing Permission Check in ScreenRotationAnimation Allows for Secure Screen Capture Heap Memory Corruption Vulnerability in DnsTlsSocket.cpp Allows Remote Code Execution in Android Use-after-free vulnerability in alarm.cc allows for local code execution in Android Bypass of Factory Reset Protection in Android Setup Wizard Local Bypass of User Interaction Requirements in NFC Package Installation Double Free Vulnerability in GateKeeper::MintAuthToken in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9 Out-of-Bound Read Vulnerability in save_attr_seq of sdp_discovery.cc Missing Permission Check in checkQueryPermission of TelephonyProvider.java Uninitialized Stack Variables in Parcel.cpp: Local Information Disclosure Vulnerability Improper Locking in key_store_service.cpp Allows for Information Disclosure Insecure Default Value in OatFileAssistant::GenerateOatFile of oat_file_assistant.cc Race Condition Vulnerability in ActivityManagerService.attachApplication of Android Local Privilege Escalation Vulnerability in LockTaskController.lockKeyguardIfNeeded Memory Overwrite Vulnerability in execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9 Silent File Attachment Vulnerability in ComposeActivityEmailExternal Overlay Attack Vulnerability in ChangeDefaultDialerDialog.java Double Free Vulnerability in ParseContentEncodingEntry of mkvparser.cc Use-after-free vulnerability in AudioInputDescriptor::setClientActive in Android Out of Bounds Write Vulnerability in ACELP_4t64_fx of c4t64fx.c Out-of-bounds Read Vulnerability in extract3GPPGlobalDescriptions of TextDescriptions.cpp Remote Code Execution Vulnerability in CompilationJob::FinalizeJob of compiler.cc Overlay Permission Vulnerability in Android Android VPN Dialog Overlay Vulnerability Heap Buffer Overflow in Mfc_Transceive of phNxpExtns_MifareStd.cpp Integer Overflow Vulnerability in phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp Out of Bounds Read Vulnerability in Mfc_Transceive of phNxpExtns_MifareStd.cpp Out-of-bounds Read Vulnerability in Status::readFromParcel of Android Missing Permission Check in endCall() Function of TelecomManager.java Leads to Denial of Service Vulnerability in Android Out of Bounds Read Vulnerability in libxaac on Android-10 (A-118494320) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-117610049) Uninitialized Data Information Disclosure Vulnerability in libxaac Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Out of Bounds Read Vulnerability in libxaac on Android-10 (A-112768568) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-114746174) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-112856493) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-112858430) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-112859714) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-116474108) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-113508105) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-113262406) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-117935831) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-117495174) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-118145923) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-112611181) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-117610057) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-117655547) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-112552816) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-112611363) Out of Bounds Read Vulnerability in libxaac on Android-10 (A-118766492) Out of Bounds Write Vulnerability in libxaac Allows Remote Code Execution Out of Bounds Read Vulnerability in libxaac Allows Information Disclosure Out of Bounds Read Vulnerability in libxaac Allows Information Disclosure Out of Bounds Read Vulnerability in libxaac Allows Remote Information Disclosure Out of Bounds Read Vulnerability in libxaac Allows Information Disclosure Out of Bounds Read Vulnerability in libxaac Allows Information Disclosure Out of Bounds Read Vulnerability in libxaac Allows Information Disclosure Uninitialized Data Vulnerability in libxaac on Android-10 (A-117661478) Uninitialized Data Information Disclosure Vulnerability in libxaac Uninitialized Data Vulnerability in libxaac on Android-10 (A-118492594) Uninitialized Data in libxaac: Potential Information Disclosure Vulnerability Uninitialized Data Information Disclosure Vulnerability in libxaac Uninitialized Data in libxaac: Potential Information Disclosure Vulnerability Uninitialized Data Vulnerability in libxaac on Android-10 (A-113035224) Incorrect Permission Check in startActivityMayWait of ActivityStarter.java Allows for Local Privilege Escalation Use-after-free vulnerability in SensorManager::assertStateLocked in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9 Incorrect Order of Arguments in checkAccess Method Allows Local Privilege Escalation in Android 9 Out-of-bounds Write Vulnerability in ihevcd_parse_buffering_period_sei of Android 8.0, 8.1, and 9 Device Type Confusion Vulnerability in HidProfile.java Allows Remote Code Execution Out of Bounds Write Vulnerability in Android NFC Service Integer Overflow Vulnerability in NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9 Out of Bounds Read Vulnerability in Android Printer Service Integer Overflow Vulnerability in binder_transaction of Android Kernel Android Kernel MMU Code Vulnerability: Local Privilege Escalation without User Interaction Account Protection Bypass and Local Information Disclosure in RegisteredServicesCache Out-of-bounds Write Vulnerability in PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp Out-of-bounds Write Vulnerability in VlcDequantH263IntraBlock_SH of vlc_dequant.cpp Out-of-Bounds Write Vulnerability in GetMBheader of combined_decode.cpp Out-of-bounds Read Vulnerability in nfc_ncif_decode_rf_params of nfc_ncif.cc Race condition vulnerability in Easel driver allows for local privilege escalation Race condition vulnerability in Easel driver allows for local privilege escalation LG LAF Component Information Leak Vulnerability LG LAF Component Information Leak Vulnerability Possible Permissions Bypass in SliceProvider.java Allows Local Privilege Escalation Possible Permissions Bypass in WelcomeActivity.java and Related Files Arbitrary Code Execution Vulnerability in SurfaceFlinger::createLayer of Android-9 Possible Local Escalation of Privilege in SQLite3 Android Tokenize Function Possible SQL Injection Vulnerability in Download Provider Insecure Default Value in CachedBluetoothDevice.java Allows Contact List Disclosure SQL Injection Vulnerability in Download Provider Possible Permissions Bypass in createSessionInternal of PackageInstallerService.java Custom Permission Bypass Vulnerability in PermissionManagerService Out-of-bounds Write Vulnerability in generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S Heap Buffer Overflow in CryptoPlugin::decrypt of CryptoPlugin.cpp Heap Buffer Overflow in CryptoPlugin::decrypt in CryptoPlugin.cpp Out of Bounds Read Vulnerability in FindSharedFunctionInfo of objects.cc Use-after-free vulnerability in ProxyResolverV8::SetPacScript in proxy_resolver_v8.cc allows for remote code execution without additional privileges (Android). Out of Bounds Write Vulnerability in rw_i93_sm_set_read_only of Android NFC Out-of-Bound Write Vulnerability in nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc Out of Bounds Read Vulnerability in PromiseBuiltinsAssembler::NewPromiseCapability Out-of-bounds Read Vulnerability in BTA_DmPinReply of bta_dm_api.cc Heap Buffer Overflow in load_logging_config of qmi_vs_service.cc Possible SQL Injection in createProjectionMapForQuery of TvProvider.java Out-of-bounds Read Vulnerability in Android's Poisson Distribution Race condition vulnerability in binder_free_transaction in binder.c allows for local escalation of privilege without additional execution privileges needed Out of Bounds Write Vulnerability in binder_transaction of Android Kernel Elevation of Privilege Vulnerability in Android Binder Hidden Overlay Notification Vulnerability in Android-10 (A-38390530) Possible Memory Corruption and Local Privilege Escalation in setCpuVulkanInUse of GpuStats.cpp Improper Permission Grant in createSessionInternal of PackageInstallerService.java Permission Bypass Vulnerability Allows Unauthorized Background Audio Recording in Android Possible bypass of user interaction requirements in checkOperation of AppOpsService.java leading to local information disclosure Possible bypass of user interaction requirements in hasActivityInVisibleTask of WindowProcessController.java leading to local privilege escalation Out of Bounds Write Vulnerability in ihevcd_parse_slice_data of ihevcd_parse_slice.c Out of Bounds Write Vulnerability in ihevcd_ref_list.c Bluetooth Pairing Vulnerability: Silent Malicious Device Pairing and Remote Privilege Escalation Out-of-Bounds Read Vulnerability in device_class_to_int of device_class.cc Out of Bounds Read Vulnerability in btif_av.cc Allows Remote Information Disclosure over Bluetooth Out-of-bounds Read Vulnerability in array_find of array.c Missing Permission Check in updateWidget of BaseWidgetProvider.java Allows Local Information Disclosure Use-after-free vulnerability in nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp in Android-10 allows remote information disclosure. Possible Unencrypted Master Key Vulnerability in Blob::Blob of blob.cpp Possible Denial of Service Vulnerability in TextLine.java Possible Local Escalation of Privilege Vulnerability in UserSwitcherController.java Buffer Overflow Vulnerability in Emulated RPMB Sector Size Assumptions Null Pointer Dereference Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking in various Qualcomm chipsets Vulnerability: Silent Failure and Unhandled Keypad GPIO Deactivation Error Data Type Check Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130 Missing Sanity Checks in Layout: Vulnerability in Multiple Snapdragon Platforms Unpredictable Behavior Vulnerability in Multiple Snapdragon Platforms Improper Error Status Handling in Snapdragon Processors Buffer Overflow/Underflow Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables in APQ8009, APQ8016, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SM6150, SM7150, SXR1130 Buffer overflow vulnerability in multiple Snapdragon platforms Possible Integer Underflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Wearable, and other Qualcomm Snapdragon Platforms Possible Integer Underflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016 Arbitrary Memory Write Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, MDM9205, MDM9640, MSM8996AU, QCA6574, QCS605, Qualcomm 215, SD 425, SD 427, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130 Double Free Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in Multiple Snapdragon Processors Arbitrary Memory Read Vulnerability in Snapdragon Processors Arbitrary Memory Write Vulnerability in Snapdragon Processors Stack Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics, Consumer IoT, Industrial IoT, Mobile, Voice & Music Buffer Overflow Vulnerability in Snapdragon Processors with High Decode Picture Buffer Size Buffer Over-read Vulnerability in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20 Vulnerability: Position Determination Accuracy Degradation in Snapdragon Platforms Bitstream Vulnerability in Multiple Snapdragon Platforms Bitstream Code Execution Vulnerability in Multiple Snapdragon Platforms Improper Configuration File Permissions Vulnerability in Snapdragon Platforms Out-of-Bounds Write Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Video Dimension Resource Allocation Vulnerability in Multiple Snapdragon Platforms Race Condition Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Unauthorized GPU Subsystem Access Vulnerability in Multiple Snapdragon Platforms Use After Free Vulnerability in Multiple Snapdragon Platforms Null Pointer Dereference Vulnerability in Glink Channel Opening in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MDM9640, MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SDM439, SDM630, SDM660, SDX24 Double Free Vulnerability in Kernel Power Sequence Handling for Camera Sensor Sub-modules in Snapdragon Devices Improper Access Control in Secure Boot Loader Image Allows Modification of Locked Regions Out-of-Bounds Read Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music Processors Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and other Snapdragon Platforms Buffer Overflow Vulnerability in Display Function of Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SDM660, SDX20 IOMMU Page Fault Denial of Service Vulnerability in Multiple Snapdragon Platforms Improper Access Control for RPU Write Access Vulnerability in Qualcomm Snapdragon Processors Buffer Overflow Vulnerability in Key Operations (CVE-2018-13907) in Multiple Snapdragon Platforms Out-of-Bound Read Vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in Multiple Qualcomm Chipsets Out of Bound Read Vulnerability in WLAN in Snapdragon Processors Bypassing Boot Image Signature Verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile Shared Memory Vulnerability in Multiple Snapdragon Platforms Unauthenticated Bitmap Image Execution Vulnerability Out-of-Bound Access Vulnerability in Snapdragon Processors Race condition vulnerability in camera ioctl calls leading to use-after-free in Snapdragon devices Out of Bound Write Vulnerability in Snapdragon Platforms Out of Bound Write Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables Out of Bound Write Vulnerability in TZ Memory Dump Copying Authentication Bypass Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Camera Driver Vulnerability: Accessing Destroyed Session Data Pointer in Snapdragon Platforms Buffer Overflow Vulnerability in Qualcomm Snapdragon Processors Pointer Dereference Vulnerability in Qualcomm Snapdragon Devices Hard-coded Magic Number Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 Address range check vulnerability in multiple Snapdragon platforms Buffer Overflow Vulnerability in Multiple Snapdragon Processors Use-after-free vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24 via unprotected access to md sessions info Out-of-Bound Write Vulnerability in Snapdragon Processors Possible Buffer Overflow Vulnerability in WLAN Handler in Multiple Snapdragon Platforms Out-of-Bound Read Vulnerability in Multiple Snapdragon Platforms Heap Overflow Vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Multiple Qualcomm Chipsets Array Out-of-Bounds Access Vulnerability in SNDCP Module Integer Overflow Leading to Buffer Overflow in Multiple Snapdragon Platforms Out of Bound Access Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music Out of Bound Read Vulnerability in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Multiple Qualcomm Chipsets Potential Integer Underflow Vulnerability in 802.11 Rx Management Configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Multiple Qualcomm Chipsets Remote Procedure Call (RPC) Vulnerability in Snapdragon Processors Integer Overflow Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music in Multiple Qualcomm Chipsets Out of Bound Read Vulnerability in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Multiple Qualcomm Chipsets Possible Buffer Overflow Vulnerability in WLAN Handler in Multiple Snapdragon Processors Buffer Overflow Vulnerability in Snapdragon Auto, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music in Multiple Qualcomm Chipsets Race Condition Vulnerability in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24 Insecure Parameter Population Vulnerability Out-of-Scope Variable Usage Vulnerability in Snapdragon Processors Predictable Initial Sequence Number (ISN) Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 Vulnerability: Non Secure Kernel Trustzone Memory Read DOS in Snapdragon Platforms Vulnerability: Memory Corruption in HLOS for Snapdragon Platforms Improper Validation of Array Index in Snapdragon Processors: Potential Out of Bounds Write Vulnerability Vulnerability: Incorrect Length Validation in QSEE Log Buffer Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Uninitialized Crypto Engine Data Vulnerability in Qualcomm Snapdragon Processors Out of Boundary Access Vulnerability in Snapdragon Processors Out-of-Boundary Access Vulnerability in Snapdragon Platforms Out-of-Bound Access Vulnerability in Qualcomm Snapdragon Processors Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Snapdragon Processors Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Critical Use After Free Vulnerability in Snapdragon Processors Improper Input Validation in Allocation Request for Secure Allocations Vulnerability Integer Overflow Vulnerability in Multiple Snapdragon Platforms Memory Corruption Vulnerability in Multiple Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 Null Pointer Dereferencing Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016 Infinite Loop Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables Use After Free Vulnerability in Multiple Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Vulnerability: Crafted Image Signature Bypass in Multiple Snapdragon Platforms Vulnerability: Out of Bound Access in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Processors Firmware Vulnerability: Out of Bound Read and Information Disclosure in Snapdragon Platforms Race condition vulnerability in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM660, SDX20, SDX24 JPEG Driver Memory Overwrite Vulnerability in Snapdragon Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking Improper Invalidation of Authorization Sessions in MongoDB Server Exposure of Access Logs in MongoDB Ops Manager Arbitrary PID Injection Vulnerability in MongoDB Server's SysV Init Scripts OpenSSL Configuration File Vulnerability in MongoDB Server Improper JSON Parsing in MongoDB Inc. js-bson Library (Versions 1.1.3 and Prior) Leads to Data Disclosure Denial of Service Vulnerability in MongoDB Server Versions Prior to 4.4.1 MongoDB Server Denial of Service Vulnerability Oracle WebLogic Server Component Vulnerability: Unauthorized Data Access and Partial Denial of Service Oracle CRM Technical Foundation Component Vulnerability Vulnerability in Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications (CVE-2021-12345) Oracle WebLogic Server Component Vulnerability: Unauthorized Data Manipulation via HTTP Access Vulnerability in Oracle Communications Diameter Signaling Router (DSR) Allows Unauthorized Data Access and Partial Denial of Service Oracle iStore User Registration Vulnerability Vulnerability in Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications (CVE-2021-12345) Oracle Hospitality Simphony Component Vulnerability Oracle Hospitality Simphony Component Vulnerability Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Critical Vulnerability in Oracle PeopleSoft Products: Compromise of PeopleSoft Enterprise PeopleTools Oracle Database Server Core RDBMS Component Takeover Vulnerability Oracle Hospitality Reporting and Analytics Component Unauthorized Access Vulnerability Unauthenticated Unauthorized Read Access Vulnerability in Oracle PeopleSoft Products Vulnerability in Oracle Hospitality Cruise Shipboard Property Management System: Unauthorized Access and Denial of Service Vulnerability in Oracle Hospitality Cruise Shipboard Property Management System: Unauthorized Data Access and Manipulation Oracle Hospitality Cruise Shipboard Property Management System Vulnerability High Privilege Takeover Vulnerability in Sun ZFS Storage Appliance Kit (AK) Oracle Reports Developer Vulnerability: Unauthorized Data Access and Manipulation Oracle HTTP Server Vulnerability: Unauthorized Takeover of Server Vulnerability in Oracle Hyperion BI+ Component: Unauthorized Data Access and Partial Denial of Service Critical Vulnerability in Oracle PeopleSoft Products: Compromise of PeopleSoft Enterprise PeopleTools Vulnerability in PeopleSoft Enterprise PeopleTools Performance Monitor Component Oracle WebLogic Server T3 Network Access Vulnerability Vulnerability in PeopleSoft Enterprise CC Common Application Objects: Unauthorized Data Access and Manipulation MySQL Server Optimizer Vulnerability Vulnerability in PeopleSoft Enterprise HCM eProfile Manager Desktop Allows Unauthorized Data Access and Manipulation Java SE Libraries Unauthorized Read Access Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access Oracle Retail Convenience Store Back Office Component Vulnerability Oracle Hospitality Reporting and Analytics Unauthenticated Access Vulnerability Java SE Networking Vulnerability: Unauthorized Read Access Unauthenticated Remote Code Execution Vulnerability in Oracle WebCenter Portal Vulnerability in Oracle Outside In Technology: Unauthorized Access and Denial of Service Oracle Argus Safety Console Unauthorized Access Vulnerability Vulnerability in Oracle Argus Safety Console: Unauthorized Data Access Oracle Argus Safety Login Vulnerability XML Publisher Component Vulnerability in PeopleSoft Enterprise PeopleTools MySQL Server Denial of Service Vulnerability Vulnerability in MySQL Connectors: Unauthorized Access and Data Manipulation Vulnerability in MySQL Server Replication Component: Unauthorized Data Access and Server Crash Oracle Solaris Kernel Denial of Service Vulnerability Oracle Web Cache ESI/Partial Page Caching Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools Portal Component Oracle E-Business Suite Oracle Marketing User Interface Unauthenticated Remote Code Execution Vulnerability Unauthenticated Unauthorized Read Access Vulnerability in Oracle WebLogic Server Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation XML Publisher Component Vulnerability in PeopleSoft Enterprise PeopleTools Vulnerability in Oracle Database Server: Core RDBMS Takeover Vulnerability in Oracle Content Manager component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Oracle Partner Management Component Vulnerability in Oracle E-Business Suite Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Java SE Deployment Component Vulnerability Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Oracle WebLogic Server Remote Code Execution Vulnerability Oracle E-Business Suite Performance Management Plan Unauthorized Data Access Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access Oracle Outside In Technology Denial of Service Vulnerability Oracle Outside In Technology Denial of Service Vulnerability Vulnerability in Oracle Outside In Technology: Unauthorized Access and Denial of Service Oracle Partner Management Component Vulnerability in Oracle E-Business Suite Vulnerability in PeopleSoft Enterprise PeopleTools Portal Component Vulnerability in Oracle Outside In Technology Allows Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows for Denial of Service Attacks Oracle Outside In Technology Denial of Service Vulnerability Oracle Outside In Technology Denial of Service Vulnerability Vulnerability in Oracle Outside In Technology Allows for Denial of Service Attacks Vulnerability in Oracle Outside In Technology Allows for Denial of Service Attacks Vulnerability in Oracle Outside In Technology Allows Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows for Denial of Service Attacks Vulnerability in Oracle Outside In Technology: Unauthorized Partial Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Database Server's Application Express Component Oracle Mobile Field Service Component Vulnerability in Oracle E-Business Suite MySQL Server Privilege Escalation Vulnerability Oracle Transportation Management UI Infrastructure Unauthorized Data Access Vulnerability Oracle CRM Technical Foundation Session Management Vulnerability Oracle One-to-One Fulfillment Component OCM Query Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools Panel Processor Component Vulnerability in Oracle Email Center component of Oracle E-Business Suite: Unauthorized Data Access Vulnerability in Oracle Email Center component of Oracle E-Business Suite: Unauthorized Data Access Vulnerability in PeopleSoft Enterprise CS Campus Community component allows unauthorized data manipulation MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle CRM Technical Foundation Component Vulnerability Vulnerability in Oracle CRM Technical Foundation component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Partner Management Component Vulnerability in E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in Oracle VM VirtualBox: Takeover Exploit Stack Consumption Vulnerability in serde_cbor Crate Degenerate Security Properties in sodiumoxide crate's generichash::Digest::eq Timing Side-Channel Vulnerability in libsecp256k1 Crate Flatbuffers Crate for Rust: Arbitrary Byte Reinterpretation as Bool Vulnerability ChaCha20 Counter Overflow Vulnerability Streebog Hash Function Vulnerability: Incorrect Output Generation Panic-inducing Vulnerability in Streebog Hash Function Soundness Defeating Vulnerability in http Crate's HeaderMap::Drain API Vulnerability in Oracle VM VirtualBox: Unauthorized Read Access Type Confusion Vulnerability in Failure Crate Cross-Site Scripting (XSS) Vulnerability in NetBox 2.6.2 Unauthenticated Access to Webform Submissions in Drupal Webform Report Project Buffer Over-read Vulnerability in GNU C Library's iconv Feature NULL Pointer Dereference Vulnerability in Istio Pilot Stored XSS Vulnerability in LuCI OpenWrt 18.06.0 through 18.06.4 via Crafted SSID Inherited PATH Variable Vulnerability in OpenDoas Arbitrary File Overwrite Vulnerability in rcp Vulnerability: Bypassing Access Restrictions in MIT krb5-appl RCP Client SQL Injection Vulnerability in LimeSurvey Participant Model MySQL Server InnoDB Component Denial of Service Vulnerability Unauthenticated Access to Administrative Configuration in Scytl sVote 2.1 Vulnerability: Unauthenticated Access to OrientDB in Scytl sVote 2.1 Code Injection Vulnerability in Scytl sVote 2.1 IP Address Manipulation Vulnerability in Scytl sVote 2.1 Unauthenticated Command Injection in OpenRepeater (ORP) before 2.2 Timing Discrepancy Vulnerability in activerecord-session_store Markup Data Mishandling in Redmine before 3.4.13 and 4.x before 4.0.6 Cross-Site Scripting (XSS) vulnerability in com.vaadin:flow-server versions 1.0.0 through 1.0.10 and 1.1.0 through 1.4.2 Unsanitized Variable Input in Vaadin Grid Component Allows for JavaScript Injection Command Injection Vulnerability in Versa Director Vulnerability in MySQL Server: Unauthorized Access and Denial of Service Vulnerability: Weak Password Hashing in Versa Director, Versa Analytics, and VOS Configuration Injection Vulnerability in create_unbound_ad_servers.sh Integer Overflow Vulnerability in Unbound Regional Allocator Integer Overflow in Unbound's Regional Allocator via ALIGN_UP Macro Integer Overflow in sldns_str2wire_dname_buf_origin Leading to Out-of-Bounds Write Out-of-Bounds Write Vulnerability in Unbound before 1.9.5 Assertion Failure and Denial of Service in Unbound's synth_cname Function Assertion Failure and Denial of Service in Unbound's dname_pkt_copy Integer Overflow in Size Calculation in Unbound's dnscrypt/dnscrypt.c Integer Overflow in Size Calculation in Unbound's respip/respip.c Vulnerability in Oracle VM VirtualBox: Unauthorized Read Access Infinite Loop Vulnerability in Unbound before 1.9.5 Assertion Failure in Unbound's dname_pkt_copy Function Out-of-Bounds Write Vulnerability in Unbound before 1.9.5 ModSecurity 3.x Key-Value Pair Parsing Vulnerability Use-after-free vulnerability in the block subsystem in the Linux kernel before 5.2 allows for arbitrary code execution and privilege escalation (CID-c3e2219216c9) Use-after-free vulnerability in Linux kernel XFRM subsystem (CVE-2020-12345) Cross-Site Scripting (XSS) Vulnerability in Cerberus FTP Server Enterprise Cross-Site Scripting (XSS) Vulnerability in Greenbone Security Assistant (GSA) and Greenbone OS (GOS) Heap-Based Buffer Over-Read Vulnerability in LibreSSL 2.9.1 through 3.2.1 Out-of-Bounds Read Vulnerability in LibreSSL 2.9.1 through 3.2.1 Vulnerability in Oracle VM VirtualBox: Unauthorized Read Access Stack-based Buffer Overflow in netCDF in GDAL 2.4.2 through 3.0.4 Heap-based Buffer Overflow in GNU Aspell 0.60.8: acommon::ObjStack::dup_top Vulnerability Crash and Sensitive Information Leakage Vulnerability in Linaro OP-TEE Path Traversal Vulnerability in Sage FRP 1000 (Pre-November 2019) Allows Unauthorized File Access Segmentation Fault Due to Erroneous IcmpTransportChannelIterator Optimization Panic Propagation Vulnerability in libpulse-binding Crate Vulnerability: Version Identification and User-Agent Defeat in Bromite through 78.0.3904.130 CustomSerializer Vulnerability in Corda USBGuard Vulnerability: Unprivileged User Bypasses Device Connection Restrictions Incomplete Fix for CVE-2019-3839 in Artifex Ghostscript through 9.26: Mishandling of .completefont Vulnerability in Oracle VM VirtualBox: Unauthorized Read Access User Role Information Disclosure in WPGraphQL WordPress Plugin Cyclic Password Prediction Vulnerability in RandomPasswordGenerator Gem Critical Memory Corruption Vulnerability in Sricam IP CCTV Camera Critical Memory Corruption Vulnerability in Sricam IP CCTV Camera Cross-Site Request Forgery Vulnerability in CoreHR Core Portal up to 27.0.7 Critical Privilege Escalation Vulnerability in OpenNetAdmin 18.1.1 Critical Privilege Escalation Vulnerability in Ajenti 2.1.31 Critical Privilege Escalation Vulnerability in Podman and Varlink 1.5.1 Critical Privilege Escalation Vulnerability in Axios Italia Axios RE 1.7.0/7.0.0 Remote Information Disclosure Vulnerability in Axios Italia Axios RE 1.7.0/7.0.0 MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Unsupported WolfCMS Versions Critical Siri Vulnerability in Apple iPhone up to 12.4.1 Allows Remote Command Execution Gzip Compression Denial of Service Vulnerability Path Traversal Vulnerability in goa (github.com/goadesign/goa) before v3.0.9, v2.0.10, or v1.4.3 Arbitrary File Read Vulnerability in Gravitee API Management Email Service Tuple Space Explosion (TSE) Attack in Open vSwitch Buffer Overflow Vulnerability in pacparser up to 1.3.x (CVE-2021-215443) Vulnerability in Oracle VM VirtualBox: Unauthorized Denial of Service (DoS) Cross Site Scripting (XSS) Vulnerability in Hide Files on GitHub up to 2.x Critical Use After Free Vulnerability in GNOME gvdb (CVE-2021-216789) Cross-Site Scripting (XSS) Vulnerability in IET-OU Open Media Player up to 1.5.0 (CVE-2021-216862) Critical Path Traversal Vulnerability in RamseyK httpserver (VDB-216863) Cross-Site Scripting (XSS) Vulnerability in ytti Oxidized Web Insufficient Randomness in Morgawr Muon 0.1.1 (VDB-216877) Vulnerability in Oracle VM VirtualBox: Unauthorized Denial of Service (DoS) Cross-Site Scripting (XSS) Vulnerability in FreePBX arimanager up to 13.0.5.3 CSRF Cookie Handler in nsupdate.info Allows Remote Attackers to Bypass 'httponly' Flag in Cookies (VDB-216909) Cross-Site Scripting (XSS) Vulnerability in Nakiami Mellivora Admin Panel Cross Site Scripting (XSS) Vulnerability in dragonexpert Recent Threads on Index Cross-Site Scripting (XSS) Vulnerability in innologi appointments Extension up to 2.0.5 on TYPO3 Cross-Site Scripting (XSS) Vulnerability in kakwa LdapCherry up to 0.x Cross Site Scripting (XSS) Vulnerability in soerennb eXtplorer up to 2.1.12 Critical Path Traversal Vulnerability in soerennb eXtplorer up to 2.1.12 (VDB-217436) Critical Path Traversal Vulnerability in soerennb eXtplorer up to 2.1.12 (VDB-217437) Arthmoor QSF-Portal Path Traversal Vulnerability (VDB-217558) MySQL Server Denial of Service Vulnerability Critical SQL Injection Vulnerability in happyman twmap (CVE-2021-217645) Critical HTTP Response Splitting Vulnerability in OnShift TurboGears 1.0.11.10 Inefficient Regular Expression Complexity Vulnerability in simple-markdown 0.6.0 Regular Expression Complexity Vulnerability in simple-markdown 0.5.1 Denial of Service Vulnerability in rtcwcoop 1.0.2 Cross Site Scripting (XSS) Vulnerability in dro.pm Oracle VM VirtualBox SOAP Denial of Service Vulnerability Vulnerability in Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite: Unauthorized Data Access and Manipulation Vulnerability in Oracle MySQL Server (Shell Subcomponent) Allows Unauthorized Data Access Child Process Injection Vulnerability in Firefox < 70: Arbitrary Code Execution and Sandbox Escape Remote Code Execution Vulnerability in Umbraco CMS 4.11.8 through 7.15.10 and 7.12.4 Arbitrary File Upload Vulnerability in User Submitted Posts Plugin for WordPress Unauthenticated Settings Reset Vulnerability in Coming Soon Page & Maintenance Mode Plugin for WordPress Stored Cross-Site Scripting Vulnerability in WordPress Coming Soon Page & Maintenance Mode Plugin Authorization Bypass and Arbitrary User Account Injection in Easy WP SMTP Plugin for WordPress Vulnerability: Authenticated Options Change in Mesmerize & Materialis WordPress Themes Authorization Bypass Vulnerability in GDPR Cookie Compliance Plugin for WordPress HTML Injection Vulnerability in WP HTML Mail Plugin for WordPress (Versions up to 2.2.10) HTML Injection Vulnerability in PirateForms WordPress Plugin Stored Cross-Site Scripting Vulnerability in DELUCKS SEO Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Pretty Links WordPress Plugin (Versions up to 2.1.9) HTML Injection Vulnerability in WP HTML Mail Plugin for WordPress (Versions up to 2.9.0.3) Arbitrary Plugin Deactivation Vulnerability in Gallery Images Ape WordPress Plugin (up to version 2.0.6) HTML Injection Vulnerability in Email Templates Plugin for WordPress (up to version 1.3) Authorization Bypass Vulnerability in Funnel Builder WordPress Plugin Stored Cross-Site Scripting Vulnerability in Abandoned Cart Lite and Pro for WooCommerce Plugins Reverse Tabnabbing Vulnerability in DOMPurify 1.0.11 and Earlier Cross-Site Scripting (XSS) Vulnerability in dstar2018 Agency up to 61 Critical Vulnerability in Ethex Contracts: Remote Manipulation and Improper Access Controls (VDB-248271) Critical OS Command Injection Vulnerability in pedroetb tts-api up to 2.1.4 (VDB-248278) SQL Injection Vulnerability in mpedraza2020 Intranet del Monterroso up to 4.50.0 Vulnerability in Portable Clusterware component of Oracle Database Server CVE-2019-25160 CVE-2019-25162 Oracle Database Server Core RDBMS Component Vulnerability Java VM Component Vulnerability in Oracle Database Server Vulnerability in PeopleSoft Enterprise SCM eProcurement Component: Unauthorized Data Access and Manipulation Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Infrastructure Vulnerability in Oracle VM VirtualBox: Privilege Escalation and Takeover CVE-2019-25210 Oracle VM VirtualBox Vulnerability: Unauthorized Takeover of Virtualization Infrastructure Vulnerability in Oracle VM VirtualBox: Privilege Escalation and Takeover Vulnerability in Oracle VM VirtualBox: Takeover Exploit Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox: Privilege Escalation and Takeover Vulnerability in Oracle VM VirtualBox: Unauthorized Hang or Crash MySQL Server Partition Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in MySQL Server: Unauthorized Server Hang or Crash MySQL Server Replication Vulnerability MySQL Server Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in MySQL Server Replication Component: Unauthorized Access and Data Compromise MySQL Server Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Denial of Service (DoS) MySQL Server Denial of Service Vulnerability Oracle Managed File Transfer Component Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle Java SE's Java Advanced Management Console: Unauthorized Data Access and Manipulation Oracle Solaris DHCP Client Vulnerability Oracle Solaris Kernel Unauthorized Read Access Vulnerability Oracle Solaris Kernel Unauthorized Read Access Vulnerability Oracle Solaris LDoms IO Vulnerability: Unauthorized Access and Partial Denial of Service Oracle E-Business Suite Oracle Applications Manager SQL Extensions Unauthenticated Remote Code Execution Vulnerability Oracle Database Server Java VM Component Denial of Service Vulnerability Vulnerability in Oracle VM VirtualBox: Takeover Exploit Vulnerability in Oracle FLEXCUBE Direct Banking Logoff Page Allows Unauthorized Data Access Vulnerability in Oracle FLEXCUBE Direct Banking Logoff Page Allows Unauthorized Data Manipulation Vulnerability in Oracle One-to-One Fulfillment Print Server Component Vulnerability in Oracle VM VirtualBox: Takeover Exploit Vulnerability in Oracle VM VirtualBox: Unauthorized Read Access Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Vulnerability in Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite: Unauthorized Data Access and Partial Denial of Service Oracle Retail Point-of-Service Vulnerability: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Retail Xstore Office component allows unauthorized access and data compromise Unauthorized Read Access Vulnerability in JD Edwards EnterpriseOne Tools JD Edwards World Technical Foundation Unauthenticated Remote Access Vulnerability MySQL Server Audit Plug-in Denial of Service Vulnerability Oracle Configurator Component Vulnerability in Supply Chain Products Suite Oracle WebLogic Server Component Vulnerability Oracle Database Server Core RDBMS Local Logon Privilege Vulnerability Vulnerability in Oracle Siebel CRM: Unauthorized Access and Partial Denial of Service in Siebel Core - Server BizLogic Script Oracle Database Server RDBMS DataPump Component Takeover Vulnerability Oracle SOA Suite Fabric Layer Unauthorized Read Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in PeopleSoft Enterprise PeopleTools Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Unauthenticated Unauthorized Read Access Vulnerability in Oracle AutoVue 3D Professional Advanced Oracle Service Bus Web Container Unauthenticated Remote Denial of Service Vulnerability Oracle Solaris File Locking Services Vulnerability Oracle WebCenter Sites Unauthenticated Remote Code Execution Vulnerability Unauthorized Read Access Vulnerability in Oracle WebCenter Sites (12.2.1.3.0) MySQL Server InnoDB Component Denial of Service Vulnerability MySQL Server Vulnerability: Denial of Service (DoS) via Optimizer Component Oracle Database Server Core RDBMS Unauthorized Read Access Vulnerability Vulnerability in Oracle iSupplier Portal: Unauthorized Access and Data Compromise Vulnerability in MySQL Server: Unauthorized Hang or Crash MySQL Server InnoDB Component Denial of Service Vulnerability Unauthorized Read Access Vulnerability in Oracle PeopleSoft Products MySQL Server Vulnerability: Unauthorized Hang and Crash BI Publisher (formerly XML Publisher) High Privilege Unauthorized Access Vulnerability Vulnerability in MySQL Server: Unauthorized Hang or Crash Vulnerability in PeopleSoft Enterprise HCM Talent Acquisition Manager: Unauthorized Access and Data Compromise Vulnerability in PeopleSoft Enterprise HRMS Component of Oracle PeopleSoft Products: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability MySQL Server InnoDB Component Denial of Service Vulnerability Vulnerability in PeopleSoft Enterprise PT PeopleTools component allows unauthorized access and data manipulation Vulnerability in Oracle BI Publisher component allows unauthorized access and data compromise Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Access and Data Manipulation Critical Data Access Vulnerability in Oracle PeopleSoft Products (Pagelet Wizard) Vulnerability in Oracle Email Center component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in BI Publisher component of Oracle Fusion Middleware: Unauthorized Access and Data Compromise Vulnerability in Oracle Java SE Allows for Denial of Service Attacks Vulnerability in Oracle One-to-One Fulfillment Print Server Component Oracle Marketing Component Vulnerability in Oracle E-Business Suite Oracle Business Intelligence Enterprise Edition Web Catalog Unauthorized Read Access Vulnerability Vulnerability in MySQL Server: Unauthorized Hang or Crash Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Partial Denial of Service MySQL Server Replication Vulnerability Oracle WebLogic Server Component Vulnerability Vulnerability in Oracle BI Publisher (formerly XML Publisher) Allows Unauthorized Data Access and Manipulation Vulnerability in MySQL Server Replication Component: Unauthorized Server Crash Oracle WebLogic Server Remote Code Execution Vulnerability Vulnerability in Portable Clusterware component of Oracle Database Server Vulnerability in MySQL Server: Unauthorized Hang or Crash Oracle E-Business Suite Vulnerability: Unauthorized Data Manipulation in Application Object Library Oracle Service Contracts Renewals Component Vulnerability Vulnerability in MySQL Server: Unauthorized Server Hang or Crash MySQL Server InnoDB Component Denial of Service Vulnerability Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Vulnerability in MySQL Server: Unauthorized Hang or Crash MySQL Server Privilege Escalation Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Health Sciences Data Management Workbench allows unauthorized data access and manipulation Vulnerability in MySQL Server Replication Component: Unauthorized Server Crash MySQL Server Information Schema Denial of Service Vulnerability Vulnerability in MySQL Server: Pluggable Auth Component Oracle Work in Process Component Vulnerability: Unauthorized Access and Data Manipulation Vulnerability in MySQL Server Replication Component: Unauthorized Server Hang or Crash Vulnerability in MySQL Server Replication Component: Unauthorized Server Crash MySQL Server Group Replication Plugin Denial of Service Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Oracle General Ledger Component Vulnerability in Consolidation Hierarchy Viewer Vulnerability in Oracle CRM Technical Foundation component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Trade Management User Interface Vulnerability Oracle Trade Management User Interface Vulnerability Oracle Trade Management User Interface Vulnerability Oracle Trade Management User Interface Vulnerability Vulnerability in MySQL Server: Unauthorized Hang or Crash Oracle WebLogic Server T3 Network Access Vulnerability Oracle WebLogic Server EJB Container Takeover Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Email Center component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle iStore Component Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle One-to-One Fulfillment Print Server Component Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Interaction Center Intelligence component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox allows for takeover Oracle WebLogic Server Remote Code Execution Vulnerability Vulnerability in Oracle Commerce Platform: Unauthorized Data Access and Manipulation Vulnerability in Oracle Knowledge Management component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle Email Center component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle E-Business Suite Territory Management Component Vulnerability Oracle Advanced Outbound Telephony User Interface Unauthenticated Remote Code Execution Vulnerability Oracle Marketing Component Vulnerability in Oracle E-Business Suite Oracle E-Business Suite CRM User Management Framework Unauthenticated Remote Code Execution Vulnerability Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Oracle E-Business Suite CRM Technical Foundation Preferences Unauthenticated Remote Code Execution Vulnerability Oracle Marketing Component Vulnerability in Oracle E-Business Suite Vulnerability in Oracle CRM Technical Foundation component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle One-to-One Fulfillment Print Server Unauthenticated Remote Code Execution Vulnerability Oracle Marketing Component Vulnerability in Oracle E-Business Suite Vulnerability in Oracle One-to-One Fulfillment Print Server Component Vulnerability in Oracle CRM Technical Foundation component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle E-Business Suite CRM Technical Foundation Preferences Unauthenticated Remote Code Execution Vulnerability Oracle Marketing Component Vulnerability in Oracle E-Business Suite Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access and Denial of Service Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Oracle E-Business Suite Vulnerability: Unauthorized Access and Data Compromise in Attachments/File Upload Component MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Java SE RMI Component: Unauthorized Data Access Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Vulnerability in MySQL Server: Optimizer Component (CVE-2019-2628) Vulnerability in Oracle VM VirtualBox Allows Takeover MySQL Server Vulnerability: Unauthorized Hang and Crash Vulnerability in MySQL Connectors: High Privileged Takeover Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Vulnerability in Oracle VM VirtualBox Allows Takeover Java SE 2D Component Takeover Vulnerability Java SE 2D Component Takeover Vulnerability Java SE Component DLL Vulnerability Vulnerability in PeopleSoft Enterprise ELM Allows Unauthorized Data Manipulation Unauthorized Read Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management Oracle Hospitality Cruise Dining Room Management Web Service Vulnerability Vulnerability in Oracle VM VirtualBox Allows Takeover Oracle Solaris IPS Package Manager Unauthorized Read Access Vulnerability Vulnerability in Oracle Outside In Technology: Unauthorized Access and Denial of Service Oracle Business Process Management Suite Vulnerability Vulnerability in PeopleSoft Enterprise ELM Enterprise Learning Management: Unauthorized Data Access and Manipulation Vulnerability in Oracle Berkeley DB Data Store Component: Unauthorized Partial Denial of Service Oracle Transportation Management Component Vulnerability Vulnerability in Oracle Commerce Platform: Unauthorized Data Access and Manipulation Vulnerability in Oracle Commerce Merchandising component allows unauthorized data access and manipulation Oracle Knowledge Component Vulnerability in Oracle Siebel CRM Oracle Data Integrator Unauthorized Read Access Vulnerability Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Takeover Oracle WebLogic Server Remote Code Execution Vulnerability Enterprise Manager Ops Center Services Integration Vulnerability Oracle Application Testing Suite Component Vulnerability Vulnerability in Enterprise Manager Ops Center Networking Component Allows Unauthorized Data Manipulation Oracle WebLogic Server Remote Code Execution Vulnerability Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in MySQL Server Replication Component: Unauthorized Data Access and Partial Denial of Service Unauthenticated Read Access Vulnerability in Oracle Demantra Demand Management Oracle Demantra Demand Management Component Vulnerability: Unauthorized Data Manipulation Vulnerability in Core RDBMS Component of Oracle Database Server (CVE-2021-1234) Oracle Hyperion Workspace Unauthorized Data Access Vulnerability Vulnerability in Oracle FLEXCUBE Investor Servicing component allows unauthorized data access and manipulation MySQL Server Pluggable Auth Vulnerability MySQL Server Vulnerability: Unauthorized Read Access to Data Privilege Escalation Vulnerability in Oracle MySQL Server MySQL Server XML Component Denial of Service Vulnerability MySQL Server Audit Log Denial of Service Vulnerability Oracle BI Publisher Web Service API Unauthenticated Remote Code Execution Vulnerability Vulnerability in MySQL Server component allows for Denial of Service (DoS) attacks Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Manipulation Java SE Security Vulnerability: Unauthorized Access to Critical Data Vulnerability in MySQL Server: Unauthorized Server Hang or Crash MySQL Server GIS Component Denial of Service Vulnerability Vulnerability in PeopleSoft Enterprise PT PeopleTools component allows unauthorized access and data manipulation Vulnerability in Java VM Component of Oracle Database Server: Unauthorized Data Access and DOS Vulnerability in MICROS Retail-J component of Oracle Retail Applications: Unauthorized Access and Data Compromise Oracle HTTP Server Vulnerability: Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability Oracle Text Component Vulnerability: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Modification MySQL Server Replication Vulnerability Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service MySQL Server Denial of Service Vulnerability Vulnerability in MySQL Server component allows unauthorized data access and server compromise Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Berkeley DB Data Store Component (CVE-XXXX-XXXX) Unauthenticated Read Access Vulnerability in Oracle Application Object Library Vulnerability in Oracle Java SE Allows Partial Denial of Service Oracle Hospitality Gift and Loyalty Component Unauthorized Access Vulnerability Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Solaris Filesystem Allows Unauthorized Access and Partial Denial of Service Java SE Networking Vulnerability Vulnerability in Oracle BI Publisher (formerly XML Publisher) Allows Unauthorized Data Access and Manipulation Unauthenticated Access Vulnerability in Oracle BI Publisher Vulnerability in Oracle Java SE Allows Partial Denial of Service Oracle Hyperion Planning Component Vulnerability: Unauthorized Access to Critical Data Vulnerability in BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware: Unauthorized Data Access and Partial Denial of Service Vulnerability in PeopleSoft Enterprise PeopleTools Activity Guide Component Oracle Payments File Transmission Vulnerability MySQL Server Denial of Service Vulnerability Oracle Payments File Transmission Vulnerability Oracle Database Server Core RDBMS Component Unauthorized Access Vulnerability Vulnerability in Oracle Siebel CRM: Unauthorized Data Access and Manipulation Vulnerability in MySQL Server: Unauthorized Data Access and Partial Denial of Service Siebel Core - Common Components Email Vulnerability MySQL Server Denial of Service Vulnerability Oracle Hospitality Suite8 XML Interface Unauthorized Access Vulnerability Oracle Payments Component File Transmission Vulnerability Oracle Payments File Transmission Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server InnoDB Component Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE Oracle Solaris Automount Unauthenticated Network Access Vulnerability Solaris Open Fabrics Tools Unauthorized Access and Denial of Service Vulnerability Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Data Access and Manipulation Vulnerability in MySQL Server Audit Plug-in Allows Unauthorized Data Access Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle FLEXCUBE Universal Banking Allows Partial Denial of Service Oracle FLEXCUBE Universal Banking Unauthorized Data Access Vulnerability Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Vulnerability in MySQL Server: Unauthorized Hang and Crash MySQL Server Denial of Service Vulnerability MySQL Server InnoDB Component Denial of Service Vulnerability Privilege Escalation Vulnerability in Oracle ODBC Driver for Windows Vulnerability in MySQL Server Replication Component: Unauthorized Access and Denial of Service MySQL Server FTS Component Denial of Service Vulnerability Vulnerability in MySQL Server: Optimizer Component (CVE-2020-2819) Vulnerability in MySQL Server: Unauthorized Hang and Crash Vulnerability in Oracle Solaris Filesystem Allows Takeover MySQL Server Denial of Service Vulnerability Oracle Solaris Zone Vulnerability: Unauthorized Data Access and Partial Denial of Service Vulnerability in MySQL Server: Unauthorized Hang and Crash Oracle iRecruitment Password Reset Vulnerability Vulnerability in MySQL Server: Optimizer Component (CVE-2020-2819) MySQL Server Privilege Escalation Vulnerability Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Oracle GraalVM Enterprise Edition Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Data Manipulation via Multiple Protocols Vulnerability in MySQL Server: Unauthorized Hang and Crash Java SE, Java SE Embedded Networking Vulnerability Vulnerability in Oracle Agile PLM Component of Oracle Supply Chain Products Suite: Unauthorized Access and Partial Denial of Service Java SE Security Vulnerability: Unauthorized Read Access Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Oracle Solaris Gnuplot Vulnerability: Unauthorized Takeover of Oracle Solaris Java SE JSSE Vulnerability: Unauthorized Access to Critical Data Vulnerability in MySQL Server Allows Takeover (CVE-2020-2819) Vulnerability in Oracle Financial Services Analytical Applications Infrastructure component allows unauthorized data access and manipulation Oracle WebLogic Server Remote Code Execution Vulnerability Vulnerability in Oracle Applications Manager: Unauthorized Access and Data Manipulation MySQL Server Vulnerability: Unauthorized Hang or Crash Oracle WebLogic Server Remote Code Execution Vulnerability Oracle Field Service Component Vulnerability: Unauthorized Takeover Vulnerability in Oracle iSupport component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in MySQL Server: Unauthorized Hang and Crash Vulnerability in PeopleSoft Enterprise FIN Project Costing component of Oracle PeopleSoft Products (9.2) Oracle Solaris Common Desktop Environment Vulnerability Oracle Hospitality Simphony Component Vulnerability Vulnerability in MySQL Server: Unauthorized Server Hang or Crash Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service Oracle Hospitality Simphony Component Vulnerability Vulnerability in Oracle CRM Technical Foundation component of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Solaris NFS Unauthorized Access Vulnerability Critical Data Access Vulnerability in Oracle FLEXCUBE Universal Banking Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Access to Critical Data Vulnerability in Oracle FLEXCUBE Investor Servicing component allows unauthorized access and data manipulation Java SE JCE Component Denial of Service Vulnerability Vulnerability in Oracle FLEXCUBE Investor Servicing component allows unauthorized data access and manipulation Oracle Solaris LDAP Client Tools Vulnerability: Unauthorized Takeover of Oracle Solaris Oracle FLEXCUBE Investor Servicing Component Denial of Service Vulnerability Oracle FLEXCUBE Investor Servicing Unauthorized Read Access Vulnerability Vulnerability in Oracle FLEXCUBE Investor Servicing component allows unauthorized access to critical data Vulnerability in Oracle VM VirtualBox Allows Unauthorized Denial of Service Attacks Vulnerability in Oracle VM VirtualBox Allows Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Access and Partial Denial of Service Oracle WebLogic Server Remote Code Execution Vulnerability Vulnerability in Siebel UI Framework component of Oracle Siebel CRM: Unauthorized Data Access and Manipulation Oracle Identity Manager Advanced Console Unauthorized Data Access Vulnerability Vulnerability in Oracle VM VirtualBox Allows Takeover Oracle Clusterware Vulnerability in Trace File Analyzer (TFA) Collector (CVE-2021-1234) Oracle Hyperion Planning Security Vulnerability: Unauthorized Data Access and Modification Vulnerability in Oracle GraalVM Enterprise Edition: Unauthorized Data Access and Denial of Service Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2019-2537) Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2019-2537) Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2019-2537) Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2019-2537) Vulnerability in Oracle Berkeley DB Data Store Component (CVE-XXXX-XXXX) Vulnerability in Oracle Berkeley DB Data Store Component (CVE-XXXX-XXXX) Vulnerability in Oracle Berkeley DB Data Store Component (CVE-XXXX-XXXX) Vulnerability in Oracle Berkeley DB Data Store Component (CVE-XXXX-XXXX) Vulnerability in Oracle Retail Xstore Point of Service: Unauthorized Data Access Vulnerability in Oracle VM VirtualBox Allows Partial Denial of Service Vulnerability in Oracle VM VirtualBox Allows Partial Denial of Service Vulnerability in Oracle VM VirtualBox Allows Partial Denial of Service Vulnerability in Oracle VM VirtualBox Allows Partial Denial of Service Vulnerability in Oracle VM VirtualBox Allows for Denial of Service Attacks Vulnerability in Sun ZFS Storage Appliance Kit (AK) Allows Unauthorized Data Access MySQL Server InnoDB Component Denial of Service Vulnerability Oracle Retail Store Inventory Management Product Takeover Vulnerability Vulnerability in Oracle Retail Customer Management and Segmentation Foundation (Version 17.0) Allows Unauthorized Data Access and Manipulation Oracle Retail Customer Management and Segmentation Foundation Unauthenticated Access Vulnerability Vulnerability in Oracle Forms of Oracle Fusion Middleware: Unauthorized Data Access and Manipulation Oracle WebLogic Server Unauthorized Read Access Vulnerability Oracle WebLogic Server EJB Container Unauthorized Read Access Vulnerability Vulnerability in Oracle WebLogic Server 12.2.1.3.0 Allows Unauthorized Data Access Oracle WebLogic Server T3 Network Access Vulnerability Oracle WebLogic Server Console Unauthenticated Takeover Vulnerability Unauthenticated Access Vulnerability in Oracle Java SE and Java SE Embedded Enterprise Manager for Exadata Remote Code Execution Vulnerability Unauthenticated Remote Access Vulnerability in MICROS Relate CRM Software Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Manipulation Unauthorized Read Access Vulnerability in Oracle BI Publisher Oracle JDeveloper and ADF Unauthorized Read Access Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Business Intelligence Enterprise Edition Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Oracle JDeveloper and ADF Product Vulnerability: Unauthorized Takeover Oracle Business Intelligence Enterprise Edition Installation Vulnerability Vulnerability in Oracle BI Publisher (formerly XML Publisher) Allows Unauthorized Access and Data Manipulation Oracle Web Services Unauthenticated Remote Code Execution Vulnerability Java VM Component Vulnerability in Oracle Database Server (Versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c) Allows Unauthorized Data Manipulation Unauthenticated Unauthorized Read Access Vulnerability in Oracle MySQL Server Vulnerability in Oracle MySQL Server: Unauthorized Read Access to Data Vulnerability in Oracle Database Server: Unauthorized Read Access to Core RDBMS Data MySQL Server Vulnerability: Unauthorized Denial of Service (DoS) Attacks Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in MySQL Connectors Allows Partial Denial of Service Unauthenticated Unauthorized Read Access Vulnerability in Oracle MySQL Server Unauthenticated Unauthorized Read Access Vulnerability in Oracle MySQL Server Unauthenticated Unauthorized Read Access Vulnerability in Oracle MySQL Server Oracle Workflow Worklist Unauthenticated Access Vulnerability Oracle VM VirtualBox Prior to 5.2.34 and 6.0.14 Vulnerability: Unauthorized Partial Denial of Service Highly Privileged Takeover Vulnerability in Oracle Hyperion Data Relationship Management Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Oracle Field Service Product Vulnerability: Unauthorized Data Manipulation Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Access to Critical Data Unauthenticated Unauthorized Read Access Vulnerability in Oracle Java SE Vulnerability in Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications (CVE-2021-12345) Unauthenticated Unauthorized Read Access Vulnerability in Oracle Siebel CRM Vulnerability in Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications (CVE-2021-12345) Vulnerability in Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications (CVE-2021-12345) MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Database Server: Unauthorized Read Access to Core RDBMS Data Oracle Database Server Core RDBMS Component Unauthorized Data Manipulation Vulnerability Vulnerability in Oracle Hyperion Profitability and Cost Management (Modeling Component) Allows Unauthorized Data Access Vulnerability in Oracle Advanced Outbound Telephony Allows Unauthorized Access and Data Manipulation Oracle Data Integrator Studio Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Access and Denial of Service Java SE Networking Vulnerability Allows Unauthorized Partial Denial of Service MySQL Server Denial of Service Vulnerability Oracle Hospitality Reporting and Analytics Component Unauthorized Access Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Java SE: Unauthorized Access via Kerberos MySQL Server Vulnerability: Unauthorized Hang and Crash Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources (9.2) Vulnerability in Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications (CVE-2021-12345) Oracle Hospitality Cruise Dining Room Management Web Service Unauthorized Access Vulnerability Vulnerability in Oracle Database Server: Unauthorized Data Manipulation and Partial Denial of Service Vulnerability in Oracle Database Server: Unauthorized Data Access and Partial Denial of Service Vulnerability in Core RDBMS (jackson-databind) component of Oracle Database Server: Unauthorized Denial of Service (DoS) MySQL Server Encryption Vulnerability Vulnerability in Oracle Java SE Libraries Allows Unauthorized Data Manipulation High Privilege Vulnerability in Oracle Hyperion Financial Reporting (Version 11.1.2.4) MySQL Server Replication Vulnerability: Unauthorized Hang or Crash Vulnerability in Oracle Solaris SMF Services & Legacy Daemons: Unauthorized Data Access and Partial Denial of Service Java SE, Java SE Embedded 2D Component Denial of Service Vulnerability MySQL Server InnoDB Component Denial of Service Vulnerability Vulnerability in Java SE and Java SE Embedded: Concurrency Component Allows Partial Denial of Service Vulnerability in Oracle Siebel CRM: Unauthorized Access to Critical Data MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) MySQL Server InnoDB Component Denial of Service Vulnerability Vulnerability in Oracle MySQL Server Allows Unauthorized Access to Critical Data Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Vulnerability in JAXP component of Oracle Java SE: Unauthorized Partial Denial of Service MySQL Server Vulnerability: Unauthorized Denial of Service (DoS) Attacks Vulnerability in Oracle Java SE Allows Unauthorized Data Access and Partial Denial of Service Title: Critical Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Allows Unauthorized Access to Critical Data Vulnerability in Oracle Java SE: Unauthorized Data Access and Partial Denial of Service Java SE and Java SE Embedded Networking Vulnerability: Unauthorized Partial Denial of Service Vulnerability in Oracle FLEXCUBE Direct Banking Allows Unauthorized Data Manipulation Vulnerability in Oracle FLEXCUBE Direct Banking: Unauthorized Access to Critical Data Vulnerability in JAXP component of Oracle Java SE: Unauthorized Partial Denial of Service MySQL Server Vulnerability: Unauthorized Hang and Crash Java SE and Java SE Embedded Serialization Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Hang and Crash Attacks Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Oracle GraalVM Enterprise Edition Multiple Protocol Vulnerability Java SE 2D Component Denial of Service Vulnerability Java SE, Java SE Embedded 2D Component Denial of Service Vulnerability Java SE, Java SE Embedded Networking Vulnerability Oracle iStore Order Tracker Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Java SE, Java SE Embedded 2D Component Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Java SE and Java SE Embedded Allows Unauthorized Data Access MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle Java SE Javadoc Component: Unauthorized Data Access Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Unauthenticated Access Vulnerability in Oracle PeopleSoft Enterprise SCM eProcurement (CVE-XXXX) Oracle VM VirtualBox Vulnerability: Unauthorized Hang and Crash Attacks MySQL Server InnoDB Component Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Vulnerability: Unauthorized Hang and Crash LDAP Library Vulnerability in Oracle Solaris 11: Unauthorized Partial Denial of Service MySQL Server Vulnerability: Unauthorized Hang and Crash Oracle Solaris XScreenSaver Privilege Escalation Vulnerability MySQL Server Denial of Service Vulnerability Oracle Business Intelligence Enterprise Edition Unauthenticated Read Access Vulnerability Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Unauthorized Read Access Vulnerability in Oracle PeopleSoft Integration Broker Memory Leakage Vulnerability in Linux KVM Guests with PV TLB Enabled Oracle VM VirtualBox Vulnerability: High Privileged Takeover (CVE-2020-12345) MySQL Server InnoDB Component Denial of Service Vulnerability Vulnerability in Oracle Banking Digital Experience: Unauthorized Data Access and Manipulation Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Access and Data Manipulation Vulnerability in Oracle VM VirtualBox: Unauthorized Hang or Crash Oracle Content Manager Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Manipulation via Stylesheet Vulnerability in Oracle Installed Base of Oracle E-Business Suite: Unauthorized Data Manipulation Oracle Hospitality RES 3700 Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Unauthenticated Remote Denial of Service Vulnerability in Oracle Application Object Library Vulnerability in Oracle VM VirtualBox: Unauthorized Takeover Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Local File Disclosure Vulnerability in Confluence Server and Confluence Data Center via Page Exporting Server-Side Request Forgery in Atlassian Confluence Server and Data Center Path Traversal and Remote Code Execution via Server-Side Template Injection in Atlassian Confluence Server Remote Code Execution via Path Traversal in Atlassian Bitbucket Data Center Migration Tool Path Traversal Vulnerability in Confluence Server and Data Center Unauthenticated Access to Archived Projects in Jira Cross-Site Scripting (XSS) Vulnerability in Jira Labels Gadget User Enumeration Vulnerability in Jira ManageFilters.jspa Resource Cross-Site Scripting (XSS) Vulnerability in ConfigurePortalPages.jspa Resource in Jira User Enumeration Vulnerability in Jira REST API Unauthenticated Abuse of Background App CGI Functions in 360 Router P0 and F5C 360F5 Firmware Vulnerability: Remote Deauthentication Attack Exploitation Command Injection Vulnerability in ZTE WF820+ LTE Outdoor CPE Cross-Site Request Forgery Vulnerability in ZTE WF820+ LTE Outdoor CPE ZTE MF920 Product Information Leak Vulnerability Command Execution Vulnerability in ZTE MF920 Product XSS Vulnerability in ZTE NetNumen DAP Product Allows User Hijacking XSS Vulnerability in ZTE OTCP Product Versions up to V1.19.20.02 ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 Path Traversal Vulnerability Input Validation Vulnerability in ZTE ZXV10 B860A Products Allows Unauthorized Control Command Injection Vulnerability in ZTE ZXHN F670 Routers Cross-Site Scripting (XSS) Vulnerability in ZTE ZXHN F670 Product (Versions up to V1.1.10P3T18) Denial of Service Vulnerability in ZTE ZXMP M721V3.10P01B10_M2NCP Management Port Information Leak Vulnerability in ZTE ZXHN H108N (Versions up to V2.5.0_EG1T5_TED) Command Injection Vulnerability in ZTE ZX297520V3 ZTE MF910S Product Information Disclosure Vulnerability Directory Traversal Vulnerability in C520V21 Smart Camera Devices Authentication Bypass Vulnerability in C520V21 Smart Camera Devices ZTE ZXUPN-9000E Password Reset Vulnerability Input Validation Vulnerability in ZTE ZXUPN-9000E (9000EV5.0R1B12 and earlier versions) Allows Unauthorized Operations Code Injection Vulnerability in ZTE ZXCDN IAMWEB Product (Version V6.01.03.01) Allows for Information Leakage ZTE ZXCDN IAMWEB Product Configuration Error Vulnerability ZTE ZXCLOUD GoldenData VAP File Reading Vulnerability ZTE ZXCLOUD GoldenData VAP Information Disclosure Vulnerability Encryption Vulnerability in ZTE ZXCLOUD GoldenData VAP Product Allows Sniffing of Unencrypted Account and Password Heap Address Information Leak in Linux Kernel: L2CAP_GET_CONF_OPT Vulnerability Heap Data Infoleak in Linux Kernel: Multiple Locations Including L2CAP_PARSE_CONF_RSP (CVE-2019-3459) Race Condition Vulnerability in Debian tmpreaper Version 1.6.13+nmu1 Remote Code Execution Vulnerability in apt Versions 1.4.8 and Earlier Bypassing rssh Restrictions via Insufficient Argument Sanitization in rsync Bypassing rssh Restrictions via Insufficient Sanitization of Environment Variables in rsync XML Signature Wrapping Vulnerability in Rob Richards XmlSecLibs Local Privilege Escalation in pg_ctlcluster Script Kerberos Admin Server Vulnerability in Debian-edu-config and debian-lan-config Arbitrary File Download Vulnerability in Micro Focus Filr 3.x Local Privilege Escalation Vulnerability in Micro Focus Filr 3.0's famtd Component Critical Remote Code Execution Vulnerability in Micro Focus Data Protector 10.03 Open Redirect Vulnerability in Micro Focus Solution Business Manager (prior to 11.4.2) Critical Remote Code Execution Vulnerability in ArcSight Logger Versions Prior to 6.7 Stored/Reflected XSS Vulnerability in ArcSight Logger versions prior to 6.7 Vulnerability: XML External Entity Parsing in ArcSight Logger versions prior to 6.7 Directory Traversal Vulnerability Patch for ArcSight Logger Versions Prior to 6.7 Information Leakage Vulnerability in ArcSight Logger Versions Prior to 6.7 Critical Remote Code Execution Vulnerability in ArcSight Logger Versions Prior to 6.7 Stored Cross Site Scripting Vulnerability in ArcSight Logger versions prior to 6.7.1 Stored Cross Site Scripting Vulnerability in ArcSight Security Management Center versions prior to 2.9.1 Unauthenticated File Upload Vulnerability in Micro Focus Content Manager DOM Based XSS Vulnerability in Netstorage Component of Open Enterprise Server (OES) Remote Code Execution Vulnerability in Micro Focus Network Automation Software and Network Operations Management SQL Injection Vulnerability in Simply-Blog's admin/deleteCategories.php Arbitrary File Upload and Authentication Bypass Vulnerability in Wifi-soft UniBox Controller Remote Command Execution and Authentication Bypass Vulnerability in Wifi-soft UniBox Controller 3.x Remote Command Execution and Authentication Bypass in Wifi-soft UniBox Controller Content Spoofing Vulnerability in Django 1.11.x, 2.0.x, and 2.1.x Sensitive Information Disclosure in aria2c 1.33.1 via Stored HTTP Basic Authentication Credentials Cross-Site Scripting (XSS) Vulnerability in OUGC Awards Plugin for MyBB Denial of Service Vulnerability in Facebook Thrift Servers (C++ cpp2) Denial of Service Vulnerability in Facebook Thrift Servers Denial of Service Vulnerability in Wangle's AcceptRoutingHandler Arbitrary File Overwrite Vulnerability in HHVM's dump-pcre-cache Handler Out-of-Bounds Read Vulnerability in HHVM Stream Implementations Denial of Service Vulnerability in Python Facebook Thrift Servers Denial of Service Vulnerability in Java Facebook Thrift Servers Infinite Loop Denial-of-Service Vulnerability in PlaintextRecordLayer of fizz Out-of-Bounds Memory Access Vulnerability in HHVM's strrpos and strripos Functions Arbitrary HTML Injection Vulnerability in Oculus Browser (Versions 5.2.7 - 5.7.11) Buffer Underflow Vulnerability in Wangle's LineBasedFrameDecoder Denial of Service Vulnerability in Facebook Thrift Servers Denial of Service Vulnerability in Legacy C++ Facebook Thrift Servers WhatsApp Android Vulnerability: Message Recovery Exploit Privilege Escalation Vulnerability in osquery Prior to v3.4.0 WhatsApp Buffer Overflow Vulnerability Allows Remote Code Execution via RTCP Packets Default Binding to All Interfaces in HHVM FastCGI: Information Disclosure Vulnerability Heap Corruption Vulnerability in HHVM's scrypt_enc() Function WhatsApp Desktop Input Validation Vulnerability Heap-based Buffer Over-read in libming 0.4.8's writePNG Function Infinite Loop Vulnerability in libsixel v1.8.2 Heap-Based Buffer Over-Read Vulnerability in libsixel v1.8.2's load_jpeg() Function Arbitrary Code Execution Vulnerability in Sqla_yaml_fixtures 0.9.1 SQL Injection Vulnerability in deleteFavorite Endpoint of inxedu through 2018-12-24 Blind SQL Injection Vulnerability in Waimai Super Cms 20150505 XSS Vulnerability in MyBB 1.8.19 Reset Password Function Information Disclosure Vulnerability in MyBB 1.8.19 Arbitrary File Write Vulnerability in OpenRefine 3.1 through Directory Traversal Denial of Service Vulnerability in McAfee Web Gateway 7.8.2.0 and Later Privilege Escalation Vulnerability in McAfee Endpoint Security (ENS) 10.6.1 and Earlier on Microsoft Windows Client Authentication Bypass Vulnerability in McAfee MVision Endpoint Prior to 1811 Update 1 Privilege Escalation Vulnerability in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 Firewall Bypass Vulnerability in McAfee Endpoint Security (ENS) 10.x DLL Search Order Hijacking Vulnerability in McAfee Total Protection (MTP) Prior to 16.0.18 Privilege Escalation Vulnerability in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 Cross-site Scripting (XSS) Vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 Privilege Escalation Vulnerability in McAfee Agent: Disabling McAfee Processes via Directory Manipulation Privilege Escalation and Unauthorized Uninstallation Vulnerability in McAfee Total Protection Command Injection Vulnerability in McAfee Data Loss Prevention (DLP) 11.x McAfee Network Security Manager (NSM) Authentication Bypass Vulnerability Buffer Overflow Vulnerability in McAfee Agent (MA) 5.x Allows Remote DoS Attacks Remote Logging Information Disclosure Vulnerability in McAfee Agent 5.x XSS Vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 CSRF Vulnerability in McAfee ePO (legacy) Cloud Allows Unauthorized Actions via Authenticated User's Session Data Leakage Vulnerability in McAfee Network Security Management (NSM) Web Portal Data Leakage Vulnerability in McAfee True Key (TK) 3.1.9211.0 and Earlier on Microsoft Windows Client Information Disclosure Vulnerability in McAfee DXL Platform and TIE Server: Unauthorized Access to Sensitive Information DLL Search Order Hijacking Vulnerability in McAfee Agent (MA) Prior to 5.6.4: Local Code Execution via Compromised Folder Data Leakage via Auto-Completing Password Fields in McAfee Database Security Privilege Escalation Vulnerability in McAfee Total Protection for Mac OS: Root Privilege Gain via Inadequate Temporary File Protection Agent Handler Information Disclosure Vulnerability in McAfee ePolicy Orchestrator Authentication Protection Bypass Vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x Arbitrary Location Redirection Vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 Privilege Escalation via Incorrect Access Control in McAfee ESM 11.x Impersonation Vulnerability in McAfee Enterprise Security Manager (ESM) Arbitrary Code Execution Vulnerability in McAfee Enterprise Security Manager (ESM) Arbitrary Code Execution Vulnerability in McAfee Enterprise Security Manager (ESM) McAfee Enterprise Security Manager (ESM) Directory Traversal Vulnerability Buffer Overflow Vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 Buffer Overflow Vulnerability in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 Data Exfiltration Vulnerability in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 File Masquerade Vulnerability in McAfee Total Protection (MTP) Allows Undetected Malware Replacement Privilege Escalation in McAfee FRP 5.x prior to 5.1.0.209 via McAfee Tray Reflected Cross Site Scripting Vulnerability in McAfee Web Gateway (MWG) Administrators Web Console Clickjack Vulnerability in McAfee Web Gateway (MWG) 7.8.2.x: Remote Clickjacking Attack via Missing X-Frame-Options Header Unprotected Transport of Credentials in ePO Extension: LDAP Login Details Leakage Unauthorized Modification of Reputation Data in McAfee Threat Intelligence Exchange Server (TIE Server) 3.0.0 Denial of Service Vulnerability in McAfee Web Gateway (MWG) Prior to 7.8.2.13 Denial of Service Vulnerability in McAfee Web Gateway (MWG) Prior to 7.8.2.13 DLL Search Order Hijacking Vulnerability in McAfee Total Protection (MTP) Free Antivirus Trial 16.0.R18 and Earlier Privilege Escalation Vulnerability in McAfee Total Protection 16.0.R22 and Earlier Information Disclosure Vulnerability in McAfee Advanced Threat Defense (ATD) Prior to 4.8 Information Disclosure Vulnerability in McAfee Advanced Threat Defense (ATD) Prior to 4.8 McAfee Advanced Threat Defense (ATD) Information Disclosure Vulnerability Code Injection Vulnerability in McAfee Endpoint Security (ENS) Installer Unauthorized Access to Security Configuration in McAfee Endpoint Security (ENS) Configuration Tool Authentication Bypass Vulnerability in McAfee Client Proxy (MCP) Allows Local User to Access Blocked Sites Remote Command Execution Vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 SQL Injection Vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 McAfee Advanced Threat Defense (ATD) Path Traversal Vulnerability Critical Vulnerability: Unprotected Storage of Credentials in McAfee Advanced Threat Defense (ATD) prior to 4.8 Remote Code Injection Vulnerability in McAfee Web Advisor Remote Unauthenticated API Abuse/Misuse Vulnerability in McAfee Web Advisor DLL Search Order Hijacking Vulnerability in McAfee Tech Check 3.0.0.17 and Earlier Cross-Site Scripting (XSS) Vulnerability in McAfee Web Advisor (WA) 8.0.34745 and Earlier Arbitrary File Overwrite Vulnerability in osc of SUSE Linux Enterprise and openSUSE Insecure API Access in Docker-Kubic Package in SUSE CaaS Platform 3.0 User-project-map.json vulnerability in SUSE Openstack Cloud 8 World-readable swap file vulnerability in SUSE Manager and Uyuni Insecure TLS Certificate Validation in Open Build Service (OBS) osc Client Binary XSS Vulnerability in openQA (Commit c172e8883d8f32fced5e02f9b6faaacc913df27b) Vulnerability: Unrestricted Network Traffic Sniffing in SUSE Linux Enterprise Server Permissions Privilege Escalation via Insecure Permissions in /usr/sbin/pinger Binary Privilege Escalation via NFS Directory Ownership Vulnerability Symlink Vulnerability in chkstat Tool Allows Privilege Escalation Privilege Escalation via Symbolic Link (Symlink) Following in munge Packaging Local Privilege Escalation Vulnerability in inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 Privilege Escalation and File Manipulation Vulnerability in Mailman Packaging Local Privilege Escalation Vulnerability in munin Packaging for openSUSE Factory and Leap 15.1 Improper Control of Code Generation in pcp Packaging Vulnerability Improper Limitation of Pathname Vulnerability in pcp Packaging Local Privilege Escalation in gnump3d Package on openSUSE Leap 15.1 UNIX Symbolic Link (Symlink) Following Vulnerability in Nagios Cronjob on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11, and openSUSE Factory Privilege Escalation via Symlink Following in Privoxy on openSUSE Leap 15.1 and Factory Insecure Default Password Encryption in yast2-security CAN Frame Modification Rule Vulnerability Remote Code Execution in Lifesize Icon LS_RM3_3.7.0 (2421) DNS Query Web UI Vulnerability: OS Command Injection in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 Stack-based buffer overflow vulnerability in Dell EMC iDRAC versions prior to 2.92, 2.61.60.60, and 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 Dell EMC iDRAC9 Authentication Bypass Vulnerability Dell EMC iDRAC9 Authentication Bypass Vulnerability Cross-Site Scripting Vulnerability in IsilonSD Management Server 1.1.0 during OVA File Upload Cross-Site Scripting Vulnerability in IsilonSD Management Server 1.1.0 during vCenter Server Registration Undocumented X.509v3 Key/Certificate Vulnerability in Dell EMC Networking OS10 Insecure Credential Management Vulnerability in RSA Authentication Manager Buffer Overflow Vulnerability in Dell WES Wyse Device Agent and Dell Wyse ThinLinux HAgent RSA Archer Information Exposure Vulnerability RSA Archer Information Exposure Vulnerability DSA-2019-043: Dell Client Improper Access Control Vulnerability Improper Origin Validation Vulnerability in Dell SupportAssist Client Remote Code Execution Vulnerability in Dell SupportAssist Client Directory Traversal Vulnerability in Dell EMC Open Manage System Administrator (OMSA) Versions Prior to 9.3.0 Improper Range Header Processing Vulnerability in Dell EMC Open Manage System Administrator (OMSA) Versions Prior to 9.3.0 XML External Entity (XXE) Injection Vulnerability in Dell EMC OpenManage Server Administrator (OMSA) Web Parameter Tampering Vulnerability in Dell EMC OpenManage Server Administrator (OMSA) Authorization Bypass Vulnerability in RSA Netwitness Platform versions prior to 11.2.1.1 Command Injection Vulnerability in RSA Netwitness Platform and RSA Security Analytics Uncontrolled Search Path Vulnerability in Dell Update Package (DUP) Framework OS Command Injection Vulnerability in Dell EMC RecoverPoint and RecoverPoint for VMs Buffer Over-read vulnerability in RSA BSAFE Crypto-C Micro Edition and RSA BSAFE Micro Edition Suite Heap-based Buffer Overflow Vulnerability in RSA BSAFE Micro Edition Suite RSA BSAFE Micro Edition Suite Information Exposure Through Error Message Vulnerability Information Exposure Through Timing Discrepancy in RSA BSAFE Crypto-C Micro Edition and RSA Micro Edition Suite Information Exposure Through Timing Discrepancy in RSA BSAFE Crypto-C Micro Edition and RSA Micro Edition Suite RSA BSAFE Crypto-C Micro Edition Heap Inspection Vulnerability Improper Authorization Vulnerability in Dell EMC Unity and UnityVSA Improper Privilege Management Vulnerability in Dell SupportAssist for Business and Home PCs Password Storage Vulnerability in Dell EMC Integrated Data Protection Appliance Dell EMC Avamar ADMe Web Interface LFI Vulnerability RSA BSAFE Crypto-J Vulnerability: Missing Required Cryptographic Step Vulnerability: Information Exposure Through Timing Discrepancy in RSA BSAFE Crypto-J versions prior to 6.2.5 during ECDSA Key Generation Information Exposure Through Timing Discrepancy Vulnerability in RSA BSAFE Crypto-J Versions Prior to 6.2.5 during DSA Key Generation Plain-text Password Storage Vulnerability in Dell EMC Unity and UnityVSA Privilege Escalation Vulnerability in Dell/Alienware Digital Delivery Privilege Escalation Vulnerability in Dell/Alienware Digital Delivery Arbitrary Code Execution Vulnerability in Dell Encryption Enterprise and Dell Endpoint Security Suite Enterprise Installers Unlimited Authentication Attempts Vulnerability in Dell EMC Integrated Data Protection Appliance Stored Cross-Site Scripting Vulnerability in Dell EMC Integrated Data Protection Appliance Arbitrary File Deletion Vulnerability in Dell Command Update Arbitrary File Deletion Vulnerability in Dell Command Update Certificate Validation Vulnerability in Dell EMC Enterprise Copy Data Management (eCDM) XML External Entity (XXE) Injection Vulnerability in Dell EMC Avamar Server and Integrated Data Protection Appliance Plain-text Password Storage Vulnerability in Dell EMC PowerConnect Switches Reflected Cross-Site Scripting Vulnerability in Dell EMC Unity, UnityVSA, and VNXe3200 Information Disclosure Vulnerability in RSA Archer Improper Authentication Vulnerability in RSA Archer Code Injection Vulnerability in RSA Identity Governance and Lifecycle Software and RSA Via Lifecycle and Governance Products SQL Injection Vulnerability in RSA Identity Governance and Lifecycle Software Stored Cross-Site Scripting Vulnerability in RSA Identity Governance and Lifecycle Software Improper Certificate Chain of Trust Vulnerability in Data Protection Central Information Exposure Vulnerability in RSA Identity Governance and Lifecycle Software and RSA Via Lifecycle and Governance Products Improper Authorization Vulnerability in Dell EMC iDRAC: Unauthorized Access to Sensitive Information Incorrect Permission Assignment for Critical Resource in Dell EMC Avamar Server and Integrated Data Protection Appliance Improper Restriction of Excessive Authentication Attempts in Dell EMC ECS Versions Prior to 3.4.0.0 Information Disclosure Vulnerability in Dell ImageAssist Prior to 8.7.15 XML Entity Injection Vulnerability in RSA Authentication Manager versions prior to 8.4 P7 Stored Cross-Site Scripting Vulnerability in Dell Wyse Management Suite Stored Cross-Site Scripting Vulnerability in Dell Wyse Management Suite XML External Entity Injection (XXE) Vulnerability in Spring Integration XML External Entity Injection (XXE) Vulnerability in Spring Web Services XML External Entity Injection (XXE) Vulnerability in Spring Batch User Impersonation Vulnerability in Cloud Foundry UAA Reflected Cross-Site Scripting Vulnerability in Pivotal Operations Manager Unauthenticated Remote Hijacking of Cloud Controller DNS Record in Pivotal Application Service Open Redirector Vulnerability in Spring Security OAuth Privilege Escalation via Shared CA in Cloud Foundry Container Runtime Privilege Escalation via IAAS Credential Exposure in Cloud Foundry Container Runtime Exposure of Passwords in Cloud Foundry CLI (CVE-2021-21214) Insecure Storage of Authentication Credentials in Cloud Foundry CredHub CLI Default Session Store Secret Vulnerability in Cloud Foundry Stratos Insecure Session Spoofing Vulnerability in Cloud Foundry Stratos Improper Authorization in Cloud Foundry Cloud Controller Allows Privilege Escalation BOSH Backup and Restore CLI Metadata Script Injection Vulnerability Vulnerability in Cloud Foundry UAA Allows Account Takeover via Email Fallback Insecure Redirect URI Vulnerability in Cloud Foundry UAA Release Hijacking Traffic in Cloud Foundry Routing Release Vulnerability: Unauthorized Access to Expired Browser Sessions in Pivotal Ops Manager SQL Injection Vulnerability in Pivotal Concourse version 5.0.0 Vulnerability: Unauthorized Access to Authorization Credentials in Pivotal Apps Manager Invitation Service Clickjacking Vulnerability in Cloud Foundry UAA Insecure Randomness Vulnerability in Spring Security Vulnerability in Spring Data JPA allows for unexpected query results Privilege Escalation via Improper Authentication in Cloud Foundry Cloud Controller API Arbitrary Configuration File Access via Directory Traversal in Spring Cloud Config Server CF CLI Config File Vulnerability: Unauthorized Access to Client Credentials Insecure Protocol Vulnerability in Cloud Foundry cf-deployment ExampleMatcher StringMatcher Vulnerability User Access Token Exposure in Pivotal Concourse Login Flow Cockpit Denial of Service Vulnerability through Incorrect Usage of glib's Base64 Decode Functionality Local Privilege Escalation Vulnerability in WildFly Versions up to 16.0.0.Final PowerDNS Recursor TCP Query Lua Hook Bypass Vulnerability Bypassing DNSSEC Validation in PowerDNS Recursor Unassigned XSS Risk in Moodle's 'Manage Groups' Capability Blind SSRF Vulnerability in Moodle's mybackpack Functionality Unescaped Full Name Exposure in Moodle User Profile Hover Vulnerability in sssd: Incorrect Home Directory Path Handling Out-of-Bounds Read Vulnerability in QEMU's i2c_ddc() Function Out-of-Bounds Read Vulnerability in Spice Versions 0.5.2 - 0.14.1 Dovecot Client Certificate Impersonation Vulnerability Memory Leak in systemd-journald-server.c in Red Hat Enterprise Linux Arbitrary File Disclosure Vulnerability in Openwsman 2.6.9 and Earlier Use-After-Free Vulnerability in libcomps Allows for Application Crash or Code Execution Insecure TLS Configuration in kube-rbac-proxy Container Linux Kernel Local Privilege Escalation Vulnerability Gnome-Shell Lock Screen Vulnerability Allows Unauthorized Actions Remote Denial of Service Vulnerability in civetweb Frontend for Ceph RGW Server with SSL Enabled Stack-based Buffer Overflow in libcurl Heap Out-of-Bounds Read in libcurl SMTP End-of-Response Handling LDAP Search Expression Denial of Service Vulnerability in Samba AD DC Bypassing Lock Screen in gdm with Timed Login Vulnerability Stored DOM-based XSS Vulnerability in Prometheus Server Privilege Escalation via Incorrect Permission Check in gvfs Path Traversal Vulnerability in Ansible Fetch Module Memory Corruption Vulnerability in GnuTLS Certificate Verification API Information Exposure in ceilometer-agent Arbitrary Command Execution Vulnerability in vdsm Incomplete Fix for CVE-2018-19758 in libsndfile Allows Local Application Crash Denial of Service Vulnerability in Openwsman 2.6.9 and Earlier Reverted Fix for CVE-2014-0114 in JBoss Operations Network 3 (JON) Allows ClassLoader Manipulation (CVE-2019-3834) Vulnerability: Unauthorized File System Access via superexec Operator in Ghostscript Uninitialized Pointer Access Vulnerability in GnuTLS Versions 3.6.3 and Later Thread-Unsafe Net_DMA Code in RHEL6 Kernel: Memory Leak, DoS, and Memory Corruption Vulnerability Forceput Operator Extraction Vulnerability in Ghostscript Privileged Operator Access Vulnerability in Ghostscript Versions Before 9.27 NULL Pointer Dereference Vulnerability in libvirt TLS Certificate Validation Bypass in Kubevirt/virt-cdi-importer Vulnerability: Privilege Escalation via Improper Sanitization of XDG_SEAT Environment Variable in systemd Systemd DynamicUser Property Vulnerability: Persistent SUID/SGID Binary Exploit Privilege Escalation via DynamicUser Property in systemd Service Access Control Bypass in Satellite's QPID Broker and katello-agent Memory Corruption and Privilege Escalation Vulnerability in mwifiex Kernel Module Unescaped JavaScript Vulnerability in Moodle Unauthorised Calendar Event Viewing Vulnerability in Moodle Self-Assignment of Escalated Roles in Moodle LTI Integration Vulnerability: Open Window Link Exploit in Moodle Link to Site Home Vulnerability in Moodle Boost Theme Context Freezing Vulnerability in Moodle Integer Overflow Vulnerability in libssh2 Allows Remote Code Execution Integer Overflow Vulnerability in libssh2: Remote Code Execution Integer Overflow Vulnerability in libssh2 Allows Remote Code Execution Out of Bounds Read Vulnerability in libssh2 Allows Remote Code Execution and Data Leakage Out of Bounds Read Vulnerability in libssh2 Vulnerability: Out of Bounds Read Flaw in libssh2 Vulnerability: Out of Bounds Read Flaw in libssh2 Vulnerability: Out of Bounds Read Flaw in libssh2 before 1.8.1 Out of Bounds Memory Write Vulnerability in libssh2 CSRF Token Reuse Vulnerability in Quay Web GUI Stored XSS Vulnerability in Quay-2 Super User Function OpenStack-Mistral Undercloud Log Files Information Exposure Vulnerability Unlimited Session Expiration Vulnerability in Quay Web Application Session Hijacking Vulnerability in Keycloak Exposure of Application Credentials in Tower Playbook Job Runs Samba AD DC Vulnerability: Insecure File Permissions and World-Writable Files Insufficient Validation in PowerDNS Authoritative Server: Denial of Service and Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x Picketlink in JBoss EAP 7.2 Vulnerability: XML External Entity (XXE) Injection SCTP Socket Buffer Denial of Service Vulnerability Unvalidated Signature Vulnerability in Keycloak's X.509 Authenticator XSS Vulnerability in OpenShift OAuth Server's /oauth/token/request Endpoint Open Redirect Vulnerability in mod_auth_mellon before v0.14.2 Bypassing Authentication in mod_auth_mellon via Special HTTP Headers Insecure Permission Validation in ovirt's REST API Allows Unauthorized Disk Deletion Samba RPC Endpoint Vulnerability: Unauthorized Registry Hive File Creation Insecure Storage Location Vulnerability in Bundler Linux Kernel vfio Interface Memory Limit Violation Vulnerability Denial of Service Vulnerability in 389-ds-base up to version 1.4.1.2 Garbage Collection Spoofing Vulnerability in Atomic-OpenShift Use-After-Free Vulnerability in Pacemaker 2.0.1 Allows Sensitive Information Leakage via System Logs Improper Permissions Check in libvirt 4.8.0 and Above: Potential Information Disclosure and Denial of Service Vulnerability Nested Virtualization Vulnerability: Exploiting x2APIC MSR Access in KVM Hypervisor Undertow Web Server Information Exposure Vulnerability Reflected XSS Vulnerability in OpenShift Container Platform Authorization Flow Unvalidated SSL Certificates in Evolution-EWS: A Gateway for Confidential Information Theft Candlepin Log File Exposes Database Credentials, Allowing Unauthorized Access and Package Update Manipulation Foreman API Vulnerability: Plaintext Password Disclosure in Delete Compute Resource Operation ElytronManagedThread Vulnerability: Incorrect Security Identity Assignment Arbitrary Image Execution Vulnerability in Octavia Service Double-Free Vulnerability in idr_remove_all() in Linux Kernel 2.6 Branch Unrestricted File Download Vulnerability in Red Hat Certification 6 and 7 Default Configuration of Heketi in Openshift Container Platform 3.11 Allows Unauthorized Access to Management Interface Infinite Loop DoS Vulnerability in vhost_net Kernel Module Race Condition Vulnerability in perf_event_open() Allows Leakage of Sensitive Data from Setuid Programs Vulnerability: Symlink and Subrepository Exploit in Mercurial SSRF Vulnerability in Zoho ManageEngine ADSelfService Plus 5.x before build 5703 Hardcoded Credentials in Premisys Identicard Version 3.1.190 WCF Service on Port 9003 Vulnerability Weak Encryption Method Used in Premisys Identicard Version 3.1.190 Puts User Credentials at Risk Hard-coded and Unchangeable Password Vulnerability in Premisys Identicard Version 3.1.190 Default Credentials Vulnerability in Premisys Identicard Version 3.1.190 Authentication Bypass in Crestron AM-100 Web Interface's return.cgi Script LabKey Server Community Edition before 18.3.0-61806.763 Reflected XSS Vulnerability in /__r2/query Endpoints Open Redirect Vulnerability in LabKey Server Community Edition Drive Unmounting Vulnerability in LabKey Server Community Edition Verizon Fios Quantum Gateway (G1100) Firmware 02.01.00.05 Remote Command Injection Vulnerability Verizon Fios Quantum Gateway (G1100) Firmware 02.01.00.05 Authentication Bypass Vulnerability Verizon Fios Quantum Gateway (G1100) Firmware Version 02.01.00.05 - Password Salt Information Disclosure Vulnerability Remote Code Execution Vulnerability in Alcatel Lucent I-240W-Q GPON ONT Firmware Critical Security Vulnerability: Hard Coded Credentials in Alcatel Lucent I-240W-Q GPON ONT Firmware Command Injection Vulnerability in Alcatel Lucent I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 Authenticated Command Injection Vulnerability in Alcatel Lucent I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 Stack Buffer Overflow Vulnerability in Alcatel Lucent I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 Stack Buffer Overflow Vulnerability in Alcatel Lucent I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 Stored XSS Vulnerability in Nessus Versions 8.2.1 and Earlier Intermediary Vulnerability in MikroTik RouterOS Allows Firewall Bypass and Network Scanning Command Injection Vulnerability in Crestron AM-100 and AM-101 via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3 Command Injection Vulnerability in Crestron AM-100 and AM-101 via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1 Vulnerability: Unauthorized Password Change in Crestron AM-100 and AM-101 Crestron AM-100 and AM-101 Firmware Vulnerability: Unauthorized Access to Presentation Passcode Command Injection Vulnerability in Multiple Wireless Presentation Systems Stack Buffer Overflow in Multiple Wireless Presentation Systems Argument Injection Vulnerability in Crestron AM-100 and AM-101 Allows Remote Code Execution Authentication Bypass Vulnerability in Crestron AM-100 and AM-101 Firmware Bypassing Presentation Code in Crestron AM-100 and AM-101 Bypassing Presentation Code and Unauthorized Slide Image Download in Crestron AM-100 and AM-101 Unauthenticated Remote Control Vulnerability in Crestron AM-100 and AM-101 Denial of Service Vulnerability in Crestron AM-100 and AM-101 Slideshow Transition ClearText Storage of Sensitive Data in Crestron AM-100 and AM-101 Insecure Encryption of Configuration Files in Crestron AM-100 and AM-101 Default Credentials Vulnerability in Crestron AM-100 and AM-101 File Upload Vulnerability in Advantech WebAccess 8.3.4 Allows Remote Code Execution Arbitrary File Deletion Vulnerability in Advantech WebAccess 8.3.4 Unauthenticated Remote File Read Vulnerability in Advantech WebAccess 8.3.4 Authenticated Remote Directory Traversal Vulnerability in MikroTik RouterOS Parrot ANAFI Vulnerability: Remote Wi-Fi Deauthentication Attack Disconnects Drone Mid-Flight Parrot ANAFI Web Server Crash Vulnerability Denial of Service Vulnerability in Fuji Electric V-Server before 6.0.33.0 via Crafted UDP Message Plaintext Storage of Database Credentials in Fuji Electric V-Server Unauthenticated Access to /videotalk Endpoint Allows Audio Eavesdropping Arlo Basestation Firmware Misconfiguration Vulnerability Arlo Basestation Firmware Vulnerability: Hardcoded Root Access via Serial Interface Stack-based Buffer Overflow in Advantech WebAccess before 8.4.3 Allows Remote Code Execution or Denial of Service Remote Code Execution Vulnerability in Advantech WebAccess/SCADA 8.4.0 via Crafted IOCTL 10012 RPC Call Remote Code Execution Vulnerability in Advantech WebAccess/SCADA 8.4.0 via Crafted IOCTL 81024 RPC Call Unauthenticated Remote Heap Overflow in Dameware Remote Mini Control 12.1.0.34 and Prior Unauthenticated Remote Buffer Over-read in Dameware Remote Mini Control Version 12.1.0.34 and Prior Unauthenticated Remote Buffer Over-read in Dameware Remote Mini Control Version 12.1.0.34 and Prior Persistent Cross-Site Scripting (XSS) Vulnerability in WallacePOS 1.4.3 Cross-Site Request Forgery (CSRF) Vulnerability in WallacePOS 1.4.3 Arbitrary Code Execution via Unrestricted File Upload in WallacePOS 1.4.3 Reflected XSS Vulnerability in Nessus Versions 8.4.0 and Earlier Content Injection Vulnerability in Tenable Nessus: Unauthorized Message Injection Reflected XSS Vulnerability in OpenEMR 5.0.1 and Earlier: Execution of Arbitrary Code via patient_id Parameter Reflected XSS Vulnerability in OpenEMR 5.0.1 and Earlier: Execution of Arbitrary Code via doc_id Parameter Reflected XSS Vulnerability in OpenEMR 5.0.1 and Earlier: Execution of Arbitrary Code via document_id Parameter Reflected XSS Vulnerability in OpenEMR 5.0.1 and Earlier: Execution of Arbitrary Code via foreign_id Parameter Arbitrary File Download Vulnerability in OpenEMR 5.0.1 and Earlier Arbitrary Command Execution Vulnerability in OpenEMR Scanned Forms Interface Local Privilege Escalation in Comodo Antivirus: Exploiting CmdAgent's COM Client Handling Arbitrary File Write Vulnerability in Comodo Antivirus Versions up to 12.0.0.6810 Local Denial of Service Vulnerability in Comodo Antivirus (Versions up to 12.0.0.6810) Denial of Service Vulnerability in Comodo Antivirus Versions 12.0.0.6810 and Below Denial of Service Vulnerability in Comodo Antivirus Versions 11.0.0.6582 and Below via CmdGuard.sys Filter Port cmdServicePort Arbitrary System File Overwrite Vulnerability in Nessus 8.5.2 and Earlier on Windows Platforms Remote Code Execution Vulnerability in Advantech WebAccess/SCADA 8.4.1 via Crafted IOCTL 70603 RPC Message Arbitrary Directory Creation Vulnerability in RouterOS 6.45.6 and Below Insecure Autoupgrade Feature Allows Remote Attackers to Downgrade RouterOS and Reset Credentials Remote DNS Query Cache Poisoning Vulnerability in RouterOS Versions 6.45.6 Stable, 6.44.5 Long-term, and Below Vulnerability: DNS Cache Poisoning in RouterOS Versions 6.45.6 Stable, 6.44.5 Long-term, and Below Smart Card Authentication Bypass and Arbitrary Code Execution in Solarwinds Dameware Mini Remote Client Agent v12.1.0.89 Vulnerability: Man-in-the-Middle Attack on MikroTik Winbox 3.20 and Below Denial of Service Vulnerability in Nessus Versions 8.6.0 and Earlier Remote Code Execution Vulnerability in Blink XT2 Sync Module Firmware Arbitrary Command Execution in Blink XT2 Sync Module Firmware (CVE-2021-XXXX) Arbitrary Command Execution in Blink XT2 Sync Module Firmware (prior to 2.13.11) via Improper Input Sanitization Arbitrary Command Execution in Blink XT2 Sync Module Firmware (prior to 2.13.11) via Improper Input Sanitization Arbitrary Command Execution in Blink XT2 Sync Module Firmware (prior to 2.13.11) via Improper Input Sanitization Arbitrary Command Execution in Blink XT2 Sync Module Firmware (prior to 2.13.11) via Improper Input Sanitization Arbitrary Command Execution in Blink XT2 Sync Module Firmware (prior to 2.13.11) User Enumeration Vulnerability in Harbor Information Disclosure Vulnerability in ELOG 3.1.4-57bea22 and Below Information Disclosure Vulnerability in ELOG 3.1.4-57bea22 and Below ELOG 3.1.4-57bea22 and below Denial of Service Vulnerability ELOG 3.1.4-57bea22 and below Denial of Service Vulnerability Unauthenticated Remote Attackers Exploit ELOG 3.1.4-57bea22 and Below as HTTP GET Request Proxy Authentication Bypass Vulnerability in SimpliSafe SS3 Firmware 1.0-1.3: Unauthorized Pairing of Rogue Keypad SimpliSafe SS3 Firmware 1.4: Local Authentication Bypass for Wi-Fi Network Modification Arbitrary OS Command Execution Vulnerability in Druva inSync Windows Client 6.5.0 Arbitrary Code Execution with Root Privileges in Druva inSync Mac OS Client 6.5.0 Arbitrary Code Execution Vulnerability in Druva inSync Client 6.5.0 Access Token Leak in API Connect V2018.1 through 2018.4.1.1 Cross-Site Scripting Vulnerability in IBM BigFix Platform 9.2 and 9.5 SQL Injection Vulnerability in IBM BigFix WebUI Profile Management 6 and Software Distribution 23 Privilege Escalation Vulnerability in IBM BigFix Platform 9.5 Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Privilege Escalation Vulnerability in IBM Workload Scheduler Distributed 9.2-9.5 SQL Injection Vulnerability in IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 Cross-Site Scripting Vulnerability in IBM Content Navigator 2.0.3 and 3.0CD Arbitrary Code Execution Vulnerability in IBM Content Navigator 3.0CD IBM Content Navigator 3.0CD Vulnerability: Web Traffic Redirection to Malicious Site Denial of Service Vulnerability in IBM Security Access Manager Appliance Reverse Proxy Component Uncontrolled Control Flow Vulnerability in IBM Security Identity Manager Denial of Service Vulnerability in IBM WebSphere MQ Cross-Site Scripting Vulnerability in IBM I 7.2 and 7.3 XML External Entity Injection (XXE) Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0 and 6.0.0.0 Spoofing of Last Modified By Value in IBM Business Automation Workflow and IBM Business Process Manager Denial of Service Vulnerability in IBM WebSphere Application Server IBM Jazz Reporting Service (JRS) 6.0.6 - Unauthorized Access to Execution Log Files Information Leakage Vulnerability in IBM Maximo Asset Management 7.6 Denial of Service Vulnerability in IBM MQ 9.1.x Information Disclosure Vulnerability in IBM API Connect 2018.1 and 2018.4.1.3 Unauthenticated User Enumeration in IBM API Connect 2018.1 and 2018.4.1.2 Local User Information Disclosure Vulnerability in IBM QRadar SIEM 7.2 and 7.3 IBM MQ TLS Key Renegotiation Denial of Service Vulnerability Unvalidated File Upload Vulnerability in IBM Maximo Asset Management 7.6 Work Centers Arbitrary Code Execution Vulnerability in IBM DB2 Privilege Escalation Vulnerability in IBM BigFix Platform 9.2 and 9.5 Insecure Document Database Password Protection in IBM Rational ClearCase 1.0.0.0 GIT Connector Unauthenticated Remote Query Vulnerability in IBM BigFix Platform 9.2 and 9.5 XML External Entity Injection (XXE) Vulnerability in IBM i2 Intelligent Analysis Platform 9.0.0 through 9.1.1 Plain Text Transmission of Highly Sensitive Information in IBM Sterling B2B Integrator Arbitrary User Creation Vulnerability in IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 Weak Password Policy in IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 User Enumeration Vulnerability in IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 File Type Validation Bypass in IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 Cross-Site Scripting (XSS) Vulnerability in IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 Arbitrary Command Execution Vulnerability in IBM Tivoli Storage Productivity Center Session Hijacking Vulnerability in IBM Tivoli Storage Productivity Center Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 Privilege Escalation Vulnerability in IBM WebSphere MQ Improper Parameter Parsing Denial of Service Vulnerability in IBM WebSphere Application Server Admin Console Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) Information Disclosure Vulnerability in IBM Jazz Foundation Products Remote Click Hijacking Vulnerability in IBM Cloud Application Performance Management 8.1.4 Stack-based Buffer Overflow in IBM Spectrum Protect Servers and Storage Agents Privilege Escalation Vulnerability in IBM Spectrum Protect Servers and Storage Agents Cross-Site Scripting Vulnerability in HCL Campaign's Description Field Cross-Site Scripting Vulnerability in HCL Marketing Platform Allows Injection of Malicious Code Open Redirect Vulnerability in IBM Content Navigator 2.0.3 and 3.0CD Unauthorized File Restoration Vulnerability in IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) Privilege Escalation Vulnerability in IBM DB2 for Linux, UNIX, and Windows Cross-Site Request Forgery Vulnerability in IBM Cloud Pak System 2.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak System 2.3 and 2.3.0.1 Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Weak Cryptographic Algorithms in IBM DB2 for Linux, UNIX and Windows Remote Code Execution Vulnerability in IBM Tivoli Netcool/Impact 7.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere eXtreme Scale 8.6 Admin Console Remote Click Hijacking Vulnerability in IBM WebSphere eXtreme Scale 8.6 Admin Console Local File Disclosure Vulnerability in IBM WebSphere eXtreme Scale 8.6 Admin Console Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere eXtreme Scale 8.6 Admin API Information Disclosure in IBM Cloud Private Installer Logs Cross-Site Request Forgery Vulnerability in IBM Cloud Private 3.1.1 and 3.1.2 Local Privilege Escalation Vulnerability in IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 IBM Cloud Private Kubernetes API Server HTTP Proxy Vulnerability Cross-Site Scripting Vulnerability in IBM Cloud Private 3.1.1 and 3.1.2 Information Disclosure Vulnerability in IBM Spectrum Protect Operations Center Arbitrary File Upload Vulnerability in IBM Cloud Pak System 2.3 and 2.3.0.1 Remote DNS Lookup Vulnerability in IBM Application Performance Management (IBM Monitoring 8.1.4) Improper Redirection Vulnerability in IBM Cloud Automation Manager 3.1.2 Client-side script execution vulnerability in IBM Cloud Automation Manager 3.1.2 Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics 2.0 User Impersonation Vulnerability in IBM Security Access Manager 9.0.1 through 9.0.6 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Controller 10.2.0 - 10.4.0 Cross-Site Scripting (XSS) Vulnerability in IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 Improper HTTP Strict Transport Security Configuration in IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 Local User Database Replacement Vulnerability in IBM Tivoli Storage Manager Server Memory Leak Denial of Service Vulnerability in IBM MQ Clustering Code (IBM X-Force ID: 158337) Cross-Site Request Forgery (CSRF) Vulnerability in IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 Local User Information Disclosure in IBM Cloud Private Key Management Service Local User Information Disclosure Vulnerability in IBM Security Access Manager 9.0.1 through 9.0.6 Sensitive Document Information Disclosure in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 SQL Injection Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager Certificate Validation Vulnerability in IBM Security Access Manager 9.0.1 through 9.0.6 Weak Cryptographic Algorithms in IBM Security Access Manager 9.0.1-9.0.6: A Potential Decryption Vulnerability Session Token Expiration Vulnerability in IBM Security Access Manager 9.0.1 through 9.0.6 Open Redirect Vulnerability in IBM Security Access Manager 9.0.1 through 9.0.6 Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Privilege Escalation Vulnerability in IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 with OpenID Connect Integration Weak Cryptographic Algorithms in IBM Security Access Manager 9.0.1-9.0.6: A Potential Decryption Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Security Access Manager 9.0.1 through 9.0.6 Identity Verification Bypass in IBM Security Access Manager 9.0.1-9.0.6 Weak Cryptographic Algorithms in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 Unauthorized Information Disclosure Vulnerability Missing HTTP Strict Transport Security Header in IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 Information Disclosure Vulnerability in IBM StoreIQ 7.6.0.0 - 7.6.0.18 Denial of Service Vulnerability in IBM StoreIQ 7.6.0.0 - 7.6.0.18 Open Redirect Vulnerability in IBM StoredIQ 7.6 Allows for Phishing Attacks Cross-Site Request Forgery Vulnerability in IBM StoredIQ 7.6.0 Default OpenBMC Password Bypass Vulnerability in IBM Open Power Firmware OP910 and OP920 Insecure Session Cookie Handling in IBM Cognos Controller 10.3.0-10.4.1 Optionsbleed Vulnerability in IBM Cognos Controller 10.2.0 - 10.4.0 Local File Disclosure Vulnerability in IBM Cognos Controller Weak Cryptographic Algorithms in IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 Insecure HTTP Methods Bypass in IBM Cognos Controller 10.x.x Local File Disclosure Vulnerability in IBM Cognos Controller Directory Traversal Vulnerability in IBM Cognos Analytics 11 Denial of Service Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service 6.0 through 6.0.6.1 Privilege Escalation in IBM InfoSphere Information Server 11.7.1 Containers HTTP Header Injection Vulnerability in IBM Jazz for Service Management 1.1.3 Sensitive Information Disclosure in IBM Jazz for Service Management 1.1.3 and 1.1.3.2 Missing Function Level Access Control in IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 Open Redirect Vulnerability in IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 Command Injection Vulnerability in IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal Arbitrary File Download and SSRF Vulnerability in IBM API Connect Developer Portal Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 Local Information Disclosure Vulnerability in IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 XML External Entity Injection (XXE) Vulnerability in IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 Open Redirect Vulnerability in HCL Connections v5.5, v6.0, and v6.5: A Potential Gateway for Phishing Attacks Authentication Bypass Vulnerability in IBM QRadar SIEM 7.3.2 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.2 and 7.3 Cross-Site Request Forgery Vulnerability in IBM QRadar SIEM 7.2 and 7.3 Insecure Session Cookie Handling in IBM SmartCloud Analytics Clickjacking Vulnerability in IBM SmartCloud Analytics 1.3.1 through 1.3.5 Vulnerability: Host Header Injection in IBM SmartCloud Analytics Remote Click Hijacking Vulnerability in IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 Local File Disclosure Vulnerability in IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 Sensitive Information Disclosure in IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 Hard Coded Encryption Key Vulnerability in IBM InfoSphere Information Server 11.7.1.0 Unauthorized Access to Business Process Definitions in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 SQL Injection Vulnerability in IBM PureApplication System 2.2.3.0 through 2.2.5.3 Local Information Disclosure Vulnerability in IBM PureApplication System Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak System 2.3 and 2.3.0.1 IBM MQ AMQP Listeners Session Fixation Vulnerability Cross-Site Request Forgery Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Pattern Editor Locking Bypass Vulnerability in IBM PureApplication System Weak Password Policy in IBM PureApplication System 2.2.3.0 through 2.2.5.3 Silent Skipping of ACL Entries in IBM Spectrum Protect 7.l Client Backup or Archive Operation Cross-Frame Scripting Vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 Credential Exposure in IBM MQ Advanced Cloud Pak Authentication Bypass Vulnerability in IBM PureApplication System Unauthorized Disclosure and Disruptive Administrator Tasks Vulnerability in IBM SmartCloud Analytics Unauthenticated Remote Control and Information Disclosure in IBM SmartCloud Analytics Exposure of Internal Parameters in IBM Daeja ViewONE Virtual 5.0 through 5.0.6 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) Directory Traversal Vulnerability in IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 Privilege Escalation Vulnerability in IBM Informix Dynamic Server Enterprise Edition 12.1 Weak Cryptographic Algorithms in IBM API Connect 5.0.0.0 through 5.0.8.6: High-Risk Information Decryption Vulnerability Information Disclosure Vulnerability in IBM InfoSphere Information Server 11.5 and 11.7 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition Sensitive Data Exposure Vulnerability in IBM Spectrum Scale with CES Stack Enabled Information Disclosure Vulnerability in IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 Denial of Service Vulnerability in IBM WebSphere MQ and IBM MQ IBM QRadar SIEM 7.2 and 7.3 Vulnerability: Server Side Request Forgery (SSRF) Local File Inclusion Vulnerability in IBM Content Navigator 3.0CD Certificate Validation Vulnerability in IBM QRadar SIEM 7.2.8 WinCollect Lack of Device Root Detection in IBM Maximo Anywhere 7.6.x Lack of Device Jailbreak Detection in IBM Maximo Anywhere 7.6.x Buffer Overflow Vulnerability in IBM Spectrum Protect Backup-Archive Client (Versions 7.1 and 8.1) Directory Traversal Vulnerability in IBM WebSphere Application Server Information Disclosure Vulnerability in IBM WebSphere Application Server Admin Console Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server Admin Console Client-side HTTP Parameter Pollution Vulnerability in IBM WebSphere Application Server Admin Console Unauthorized Local User Denial of Service Vulnerability in IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Sensitive Information Disclosure in IBM Sterling File Gateway Sensitive OIDC Token Leakage in IBM Cloud Private Remote Clickjacking Vulnerability in IBM WebSphere Application Server - Liberty Admin Center Information Disclosure Vulnerability in IBM Maximo Anywhere Information Disclosure Vulnerability in IBM Maximo Anywhere Lack of Binary Protection in IBM Maximo Anywhere 7.6.4.0 Allows Reverse Engineering Arbitrary File Upload Vulnerability in IBM Security Guardium 10.5 IBM Storwize V7000 Unified (2073) 1.6 Server Version Disclosure Vulnerability Command Injection Vulnerability in IBM DataPower Gateway and IBM MQ Appliance Credential Vault Information Disclosure Vulnerability in IBM Robotic Process Automation with Automation Anywhere 11 Information Disclosure in IBM Robotic Process Automation with Automation Anywhere 11: Local User Access to E-mail Contents IBM Robotic Process Automation with Automation Anywhere 11 LDAP Injection Vulnerability Privilege Escalation Vulnerability in IBM Robotic Process Automation with Automation Anywhere 11 Local User Information Disclosure in IBM Robotic Process Automation with Automation Anywhere 11 Arbitrary Code Execution Vulnerability in BigFix Self-Service Application (SSA) Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 Improper Session Validation Vulnerability in IBM WebSphere Application Server - Liberty (X-Force ID: 160950) Improper Cookie Setting Vulnerability in IBM WebSphere Application Server Liberty Unintended Access and Modification of Security-Critical Resource in IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Vulnerability: User Credentials Stored in Plain Text in IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Information Disclosure Vulnerability in IBM Emptoris Sourcing, Contract Management, and Spend Analysis Hard Coded Credentials Vulnerability in IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Inadequate Account Lockout Setting in IBM Security Guardium Big Data Intelligence 4.0 (SonarG) Allows Remote Brute Force Attack IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Unauthorized Information Disclosure Vulnerability Cleartext Storage of Sensitive Information in IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Weak Password Requirement in IBM Intelligent Operations Center and IBM Water Operations for Waternamics Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Clickjacking Vulnerability in HCL AppScan Enterprise Advisory API Documentation Critical Cross-Site Scripting Vulnerability in HCL AppScan Enterprise during Test Policy Import Insecure Cryptographic Algorithm Used in HCL AppScan Enterprise for Storing REST API User Details Missing HTTP Strict-Transport-Security Header in HCL AppScan Enterprise Web Application Console Hard-coded Credentials in HCL AppScan Enterprise Allow Unauthorized Access to Encrypted Files Incomplete Blacklisting in IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Allows Bypass of Application Controls Insecure Cookie Handling in IBM Security Guardium Big Data Intelligence (SonarG) 4.0 Information Disclosure Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Insecure Storage of Key Files in IBM Watson Studio Local 1.2.3 Inadequate Account Lockout Setting in IBM Robotic Process Automation with Automation Anywhere 11 Allows Remote Brute Force Attack Missing Authentication in Ignite Nodes in IBM Robotic Process Automation with Automation Anywhere 11 Resource Consumption Vulnerability in IBM Security Guardium Big Data Intelligence 4.0 (SonarG) Weak Cryptographic Algorithms in IBM Security Guardium Big Data Intelligence (SonarG) 4.0: A Potential Decryption Vulnerability XML External Entity Injection (XXE) Vulnerability in IBM Security Guardium Big Data Intelligence 4.0 (SonarG) Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Overly Permissive Cross-Origin Resource Sharing in IBM Cognos Analytics 11.0 and 11.1 Deprecated Operating System Version Vulnerability in IBM Maximo Anywhere Applications Sensitive Information Disclosure in IBM Maximo Anywhere 7.6.4.0 Applications Obfuscation Vulnerability in IBM Maximo Anywhere 7.6.4.0 Applications Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Plus CSV Injection Vulnerability in IBM Maximo Asset Management 7.6 Information Disclosure Vulnerability in IBM Cognos Analytics 11.0 and 11.1: Unauthorized Access to Cached Browser Data Sensitive Information Disclosure in IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 IBM MQ Command Server Denial of Service Vulnerability IBM i 7.27.3 Clustering Local Information Disclosure Vulnerability Information Disclosure Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.6 Privilege Escalation Vulnerability in IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 Directory Traversal Vulnerability in IBM Campaign 9.1.2 and 10.1 Information Disclosure: Password Exposure in IBM Spectrum Protect Plus 10.1.2 Joblog IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1: Authenticated User Crash Vulnerability SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 Cross-Site Scripting (XSS) Vulnerability in HCL AppScan Source 9.0.3.13 and Earlier HCL AppScan Standard XML External Entity Injection (XXE) Vulnerability Hard-coded Credentials Vulnerability in HCL AppScan Standard Edition 9.0.3.13 and Earlier Excessive Authorization Attempts Vulnerability in HCL AppScan Standard Local User Email Spoofing Vulnerability in IBM Cloud Orchestrator Information Disclosure Vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator Multiple Versions HTTP Response Splitting Vulnerability Sensitive Information Disclosure in IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Sensitive Information Disclosure in IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Weak Cryptographic Algorithms in IBM Cloud Orchestrator 2.4 and 2.5 Directory Traversal Vulnerability in IBM Cloud Orchestrator 2.4 and 2.5 Unprotected API in IBM API Connect Developer Portal Allows Denial of Service Cross-Site Scripting (XSS) Vulnerability in IBM Connections 6.0 Timing Issue in IBM Spectrum Protect Backup-Archive Client TCP/IP Communications Vulnerability Cross-Site Scripting (XSS) Vulnerability in HCL Traveler Versions 9.x and Earlier Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 Easy to Guess Session Identifier Names in IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 Sensitive Information Disclosure in IBM Cognos Controller via URL Parameters Improper Security Context Constraints in IBM Cloud Private 3.1.1 and 3.1.2 XML External Entity Injection (XXE) Vulnerability in IBM Intelligent Operations Center V5.1.0 through V5.2.0 Information Disclosure Vulnerability in IBM Intelligent Operations Center V5.1.0 through V5.2.0 Privilege Escalation Vulnerability in IBM Security Guardium Directory Traversal Vulnerability in IBM Sterling File Gateway XML External Entity Injection (XXE) Vulnerability in IBM Business Automation Workflow 18.0.0.0-19.0.0.2 Information Disclosure Vulnerability in IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 Cross-Site Scripting Vulnerability in IBM Case Builder Component Weak SHA1 Certificate Used in IBM Cloud CLI Windows Installers Cross-Site Scripting (XSS) Vulnerability in IBM Watson Assistant for IBM Cloud Pak for Data Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Directory Traversal Vulnerability in IBM Maximo Asset Management 7.6 Cross-Site Scripting (XSS) Vulnerability in IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 XML External Entity Injection (XXE) Vulnerability in IBM InfoSphere Global Name Management and IBM InfoSphere Identity Insight Information Leakage via API Swagger in IBM API Connect 2018.1 through 2018.4.1.6 Session Invalidation Vulnerability in IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 Information Disclosure Vulnerability in IBM WebSphere Application Server Directory Traversal Vulnerability in IBM WebSphere Application Server Password Autocomplete Enabled on IBM API Connect Developer Portal User Registration Page (CVE-2020-12345) Unauthorized Actions by Modifying Request Parameters in IBM Maximo Asset Management 7.6 Privilege Escalation via PATH Manipulation in IBM DB2 High Performance Unload Load for LUW 6.1 Privilege Escalation in IBM DB2 High Performance Unload Load for LUW 6.1 Cross-Site Scripting (XSS) Vulnerability in IBM i 7.2, 7.3, and 7.4 for i Cross-Site Scripting (XSS) Vulnerability in IBM Security Identity Manager 6.0.0 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar 7.3.0 to 7.3.2 Patch 4 XML External Entity Injection (XXE) Vulnerability in IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 Information Disclosure Vulnerability in IBM Jazz Foundation 6.0 - 6.0.6.1 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Orchestrator Directory Traversal Vulnerability in IBM API Connect Developer Portal HTTP Response Splitting Vulnerability in IBM Cloud Orchestrator 2.4 and 2.5 Local File Inclusion Vulnerability in IBM Cloud Pak System 2.3 and 2.3.0.1 Cross-Site Scripting Vulnerability in IBM Cloud Pak System 2.3 and 2.3.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak System 2.3 and 2.3.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar 7.3.0 to 7.3.2 Patch 4 Failure to Set Secure Flag for Sensitive Cookie in IBM Cognos Analytics 11.0 and 11.1 Insecure Absolute RPATHs in IBM SDK, Java Technology Edition on AIX Platform Improper Handling of Command Line Options in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Information Disclosure Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 SQL Injection Vulnerability in IBM Contract Management and IBM Emptoris Spend Analysis Cross-Site Scripting Vulnerability in IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 SQL Injection Vulnerability in IBM Contract Management and IBM Emptoris Spend Analysis Sensitive Information Disclosure Vulnerability in IBM Emptoris Sourcing, Contract Management, and Spend Analysis Sensitive Information Disclosure Vulnerability in IBM Emptoris Sourcing, Contract Management, and Spend Analysis (X-Force ID: 164069) Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) 6.0-6.0.6.1 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) 6.0-6.0.6.1 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service (JRS) 6.0-6.0.6.1 Sensitive Information Disclosure Vulnerability in IBM WebSphere Application Server Weak Credential Storage Vulnerability in IBM QRadar SIEM 7.3.0 through 7.3.3 Incorrect Authorization Vulnerability in IBM QRadar 7.3.0 to 7.3.2 Patch 4 Sensitive Information Disclosure in IBM Maximo Asset Management 7.6.1.1 XML External Entity Injection (XXE) Vulnerability in IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 Sensitive Information Disclosure in IBM Security Key Lifecycle Manager Cross-Site Request Forgery Vulnerability in IBM Security Key Lifecycle Manager 3.0 and 3.0.1 Inadequate Account Lockout Setting in IBM Security Directory Server 6.4.0 CVS Injection Vulnerability in IBM Cloud Pak System 2.3 Buffer Overflow Vulnerability in IBM DB2 High Performance Unload Load for LUW 6.1 and 6.5 Unauthorized Record Deletion Vulnerability in IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 Denial of Service Vulnerability in IBM Resilient SOAR V38.0 Privilege Escalation Vulnerability in IBM i 7.4 with Db2 Mirror for i Information Disclosure Vulnerability in IBM WebSphere Service Registry and Repository 8.5 Open Redirect Vulnerability in IBM Security Directory Server 6.4.0 XML Injection Vulnerability in IBM Security Directory Server 6.4.0 Weak Cryptographic Algorithms in IBM Security Directory Server 6.4.0 Incomplete Blacklisting in IBM Security Directory Server 6.4.0 Allows Bypass of Application Controls Cross-Site Scripting (XSS) Vulnerability in IBM Security Directory Server 6.4.0 Spoofing Vulnerability in IBM QRadar SIEM 7.3 and 7.4 with Active Directory Authentication Privilege Escalation Vulnerability in IBM Maximo Health- Safety and Environment Manager 7.6.1 Sensitive Information Disclosure in IBM Security Directory Server 6.4.0 Clickjacking Vulnerability in IBM Security Directory Server 6.4.0 IBM Security Directory Server 6.4.0 Information Disclosure Vulnerability Debugging Code Vulnerability in IBM Security Directory Server 6.4.0 Authentication Bypass Vulnerability in IBM Security Directory Server 6.4.0 HTTP Response Splitting Vulnerability in IBM Security Access Manager and IBM Security Verify Access Weak Cryptographic Algorithms in IBM API Connect V5.0.0.0 through 5.0.8.7iFix3: High-Risk Information Decryption Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 and 11.0 Incomplete Blacklisting in IBM QRadar Advisor 1.0.0 through 2.4.0 Allows Bypassing of Application Controls Weak Cryptographic Algorithms in IBM Qradar Advisor 1.1-2.5 with Watson: High-Risk Information Decryption Vulnerability Privilege Escalation Vulnerability in IBM Spectrum Scale IBM QRadar SIEM 7.3.0 through 7.3.3 Information Disclosure Vulnerability Denial of Service Vulnerability in IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 Arbitrary Code Execution Vulnerability in IBM Security Identity Manager 6.0.0 Sensitive Information Disclosure in IBM Security Directory Server 6.4.0 Insecure Cookie Handling in IBM Security Directory Server 6.4.0 Cross-Site Scripting (XSS) Vulnerability in IBM Security Key Lifecycle Manager Weak Password Requirement in IBM Security Key Lifecycle Manager 3.0 and 3.0.1 Vulnerability: Plain Text Storage of User Credentials in IBM Security Key Lifecycle Manager 3.0 and 3.0.1 Denial of Service Vulnerability in IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS Cross-Site Scripting Vulnerability in IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 Sensitive Information Disclosure in IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 3.0CD Web Service User Credentials Logging Vulnerability in IBM FileNet Content Manager 5.5.2 and 5.5.3 SQL Injection Vulnerability in IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 Weak Password Requirement in IBM QRadar Network Packet Capture Incomplete Blacklisting in IBM Resilient SOAR 38 Allows Bypass of Application Controls and Compromises System and Data Integrity Cross-Site Scripting (XSS) Vulnerability in IBM QRadar 7.3.0 to 7.3.2 Patch 4 Directory Traversal Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Information Disclosure Vulnerability in IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 Local Privilege Escalation and DLL Hijacking Vulnerability in IBM Db2 for Linux, UNIX and Windows Privilege Escalation in IBM Cognos Analytics 11.0 and 11.1: Unauthorized Access to My Schedules and Subscriptions Page Session Invalidation Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Unauthorized Access and Modification Vulnerability in IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 Sensitive Information Disclosure in IBM QRadar 7.3.0 to 7.3.3 Patch 2 Improper HTTP Strict Transport Security Configuration in IBM QRadar 7.3.0 to 7.3.3 Patch 2 Open Redirect Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 Sensitive Information Disclosure in IBM API Connect (CVE-2020-4428) Information Disclosure Vulnerability in IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 Cross-Site Scripting (XSS) Vulnerability in IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 User Impersonation Vulnerability in IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 Untrusted Search Path Vulnerability in IBM DB2 High Performance Unload Load for LUW 6.1 and 6.5 Cross-Site Scripting Vulnerability in IBM Tivoli Workload Scheduler 9.3 Weak Cryptographic Algorithms in IBM API Connect 2018.4.1.7: A Potential Threat to Sensitive Data Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics 2.0 Vulnerability: Malicious File Upload in IBM Planning Analytics 2.0 My Account Portal Cross-Site Request Forgery Vulnerability in IBM Planning Analytics 2.0 SIGSEGV Denial of Service Vulnerability in IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS Client Insecure Cookie Handling in IBM Cloud Automation Manager 3.2.1.0 Session Fixation/Hijacking Vulnerability in IBM Cloud Automation Manager 3.2.1.0 Sensitive Information Disclosure in IBM MQ and IBM MQ Appliance Improper Validation of Environment Variables in IBM MQ Appliance 8.0 and 9.0 LTS Default Administrator Account Enabled via IPMI LAN Channel in IBM DataPower Gateway Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Open Redirect Vulnerability in IBM Security Secret Server 10.7 Allows for Phishing Attacks Cross-Site Scripting (XSS) Vulnerability in IBM Security Secret Server 10.7 CORS Policy Vulnerability in IBM Security Secret Server 10.7 Command Injection Vulnerability in IBM Security Secret Server 10.7 Information Disclosure Vulnerability in IBM Security Secret Server 10.7 Incomplete Blacklisting in IBM Security Secret Server 10.7 Allows Bypass of Application Controls and Compromises System and Data Integrity Insecure Session Management in IBM Security Secret Server 10.7 Weak Cryptographic Algorithms in IBM Security Secret Server 10.7: A Critical Vulnerability Insufficient Verification of Code Origin and Integrity in IBM Security Secret Server 10.7 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 SQL Injection Vulnerability in IBM Maximo Asset Management 7.6.1.1 SQL Injection Vulnerability in IBM Jazz Reporting Service (JRS) 6.0.6.1 Insecure File Permissions in IBM Spectrum Protect Plus 10.1.0 through 10.1.4 on Windows Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Certificate Validation Vulnerability in IBM QRadar 7.3.0 to 7.3.3 Patch 2 IBM MQ 9.1.x Denial of Service Vulnerability Denial of Service Vulnerability in IBM MQ and IBM MQ Appliance Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server - Liberty (IBM X-Force ID: 171245) Cross-Site Scripting (XSS) Vulnerability in IBM Spectrum Scale 4.2 and 5.0 Unmasking of Secure Values in IBM UrbanCode Deploy and IBM UrbanCode Build IBM UrbanCode Deploy (UCD) 7.0.5.2 HTTP Strict Transport Security Bypass Vulnerability Clear Text Storage of User Credentials in IBM UrbanCode Deploy (UCD) 7.0.4.0 SQL Injection Vulnerability in IBM Business Process Manager and IBM Business Automation Workflow Improper Data Representation Vulnerability in IBM WebSphere Application Server SQL Injection Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 IBM QRadar Advisor 1.1 through 2.5 Information Disclosure Vulnerability Directory Traversal Vulnerability in IBM Security Identity Manager 7.0.1 Hard-coded Credentials Vulnerability in IBM Security Identity Manager 7.0.1 Clear Text Storage of User Credentials in IBM Security Identity Manager Virtual Appliance 7.0.2 Information Disclosure Vulnerability in IBM Content Navigator 3.0CD SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 Cross-Site Scripting Vulnerability in IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 Insecure Cookie Handling in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Sensitive Information Disclosure via URL Parameters in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Insecure Cookie Handling in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Improper HTTP Strict Transport Security Configuration in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Unauthorized Information Disclosure Vulnerability Clear Text Storage of User Credentials in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Hard-coded Credentials in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Local File Disclosure Vulnerability in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Clear text storage of user credentials in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Weak Password Requirement in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Sensitive Information Disclosure in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Debugging Code Vulnerability in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Unintended Access and Modification of Security-Critical Resource in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Information Disclosure Vulnerability in IBM Spectrum Protect Plus Insecure Cookie Handling in IBM Security Identity Manager Virtual Appliance 7.0.2 Sensitive Information Disclosure Vulnerability in IBM Security Identity Manager Virtual Appliance 7.0.2 Sensitive Information Exposure in IBM Security Identity Manager Virtual Appliance 7.0.2 XML External Entity Injection (XXE) Vulnerability in IBM Security Access Manager Appliance 9.0.7.0 Arbitrary Command Execution Vulnerability in IBM Security Guardium Data Encryption (GDE) 3.0.0.2 Arbitrary Command Execution Vulnerability in IBM Spectrum Scale 4.2 and 5.0 IBM Planning Analytics 2.0.0 through 2.0.8 Configuration Overwrite Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Jazz for Service Management 3.13 Sensitive Information Disclosure in IBM MQ and IBM MQ Appliance Denial of Service Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Information Disclosure Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Remote Credential Theft in IBM Cognos Analytics 11.0 and 11.1 via Incorrect Autocomplete Settings Remote Credential Theft in IBM Cognos Analytics 11.0 and 11.1 via Incorrect Autocomplete Settings Cross-Site Scripting (XSS) Vulnerability in IBM Security Access Manager Appliance 9.0 Cross-Site Request Forgery Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 Arbitrary Code Execution Vulnerability in IBM Sterling B2B Integrator Sensitive Information Disclosure in IBM Cognos Analytics 11.0 and 11.1 XML External Entity Injection (XXE) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Sensitive Information Disclosure in IBM MQ Appliance 9.1.4.CD via Trace Inclusion DLL Search Order Hijacking Vulnerability in IBM SDK, Java Technology Edition Versions 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 Vulnerability in IBM MaaS360 for iOS Allows Unauthorized Access to Sensitive Information Cross-Site Request Forgery Vulnerability in IBM Financial Transaction Manager 3.0 Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.2 - 6.0.61 Information Disclosure Vulnerability in IBM Sterling B2B Integrator Standard Edition Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.2 - 6.0.61 IBM Content Navigator 3.0CD Vulnerability: Server Side Request Forgery (SSRF) Remote Click Hijacking Vulnerability in IBM Financial Transaction Manager 3.0 Insecure Cookie Handling in IBM Financial Transaction Manager 3.0 Cross-Site Scripting (XSS) Vulnerability in IBM Financial Transaction Manager 3.0 Information Disclosure Vulnerability in IBM Maximo Asset Management 7.6.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.2 - 6.0.61 Cross-Site Scripting (XSS) Vulnerability in IBM Team Concert (RTC) Cross-Site Scripting Vulnerability in IBM Jazz Team Server Based Applications Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6 Cross-Site Request Forgery Vulnerability in IBM Cloud App Management 2019.3.0 and 2019.4.0 Information Disclosure Vulnerability in IBM Cloud App Management 2019.3.0 and 2019.4.0 SQL Injection Vulnerability in IBM Emptoris Spend Analysis and Strategic Supply Management Platform Denial of Service Vulnerability in IBM MQ 9.0 and 9.1 Channel Processing Function Memory Corruption Vulnerability in Foxit Reader and PhantomPDF NULL Pointer Dereference Vulnerability in Foxit Reader and PhantomPDF Out-of-Bounds Read Information Disclosure and Crash in Foxit Reader and PhantomPDF QEMU 3.1.50 Vulnerability: NULL Pointer Dereference in hw/sparc64/sun4u.c Arbitrary PHP Code Execution via Logo Upload in Vtiger CRM 7.1.0 X509 Certificate Parser Denial-of-Service Vulnerability in Python.org Python 2.7.11 / 3.6.6 Privilege Escalation Vulnerability in CleanMyMac X 4.20 Privilege Escalation Vulnerability in Wacom Driver Update Helper Service Wacom Driver Privilege Escalation Vulnerability Bluetooth Low Energy Access Control Vulnerability in Winco Fireworks FireFly FW-1007 V2.0 Local Privilege Escalation Vulnerability in Pixar Renderman 22.3.0's Install Helper Tool for Mac OS X Arbitrary Memory Read Vulnerability in KCodes NetUSB.ko Kernel Module Information Disclosure Vulnerability in KCodes NetUSB.ko Kernel Module Use After Free Vulnerability in Sqlite3 3.26.0 Window Function Heap-Based Overflow Vulnerability in Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113) Denial of Service Vulnerability in Yara 3.8.1 Object Lookup Functionality NULL Password Vulnerability in Official Alpine Linux Docker Images Memory Leakage Vulnerability in grsecurity PaX Patch for read_kmem Function Kiosk Mode Escape: Unauthorized Administrator Access in Capsule Technologies SmartLinx Neuron 2 Devices Command Injection Vulnerability in Exhibitor Web UI Buffer Overflow Vulnerability in Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220) PowerPoint Document Conversion Function Memory Corruption Vulnerability in Foxit PDF Reader 9.4.1.16828 Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Aspose.Cells 19.1.0 Library Out-of-Bounds Read Vulnerability in Aspose.Cells 19.1.0 Library Weave Legacy Pairing Information Disclosure Vulnerability in Nest Cam IQ Indoor Weave PASE Pairing Vulnerability in Nest Cam IQ Indoor Denial-of-Service Vulnerability in Nest Cam IQ Indoor Weave Error Reporting Weave Certificate Loading Integer Overflow Denial-of-Service Vulnerability in Nest Cam IQ Indoor Camera Weave Tool Print-TLV Command Stack-Based Buffer Overflow Vulnerability Openweave-core 4.0.2 ASN1 Certificate Writing Heap-Based Buffer Overflow Vulnerability Integer Overflow and Information Disclosure in Weave MessageLayer Parsing Stack Based Buffer Overflow in Aspose.Words Library (Version 18.11.0.0) Allows Remote Code Execution Use-After-Free Vulnerability in Aspose.PDF 19.2 for C++ Denial-of-Service Vulnerability in Nest Cam IQ Indoor Weave Daemon (Version 4620002) Heap Corruption and Arbitrary Code Execution Vulnerability in NitroPDF 12.12.1.522 Heap Corruption and Arbitrary Code Execution Vulnerability in NitroPDF 12.12.1.522 Use After Free Vulnerability in NitroPDF's CharProcs Parsing Functionality Heap Corruption Vulnerability in NitroPDF 12.12.1.522 Allows Arbitrary Code Execution Out-of-Bounds Memory Write Vulnerability in AMD ATIDXX64.DLL Driver Heap Corruption Vulnerability in NitroPDF 12.12.1.522 Allows Arbitrary Code Execution Heap-based Buffer Overflow in SDL2_image PCX File Loading Integer Overflow Vulnerability in SDL2_image 2.0.4 Allows for Buffer Overflow and Code Execution Use-After-Free Vulnerability in NitroPDF's Length Parsing Function Denial-of-Service Vulnerability in NETGEAR N300 (WNR2000v5) HTTP Server Denial-of-Service Vulnerability in NETGEAR N300 Wireless Router PCX Image Rendering Heap Overflow Vulnerability in SDL2_image 2.0.4 Heap Overflow Vulnerability in SDL2_image 2.0.4 XCF Image Rendering Integer Overflow and Heap Overflow in SDL2_image 2.0.4 XPM Image Rendering Heap Overflow Vulnerability in SDL2_image 2.0.4 via XPM Image Rendering Denial-of-Service Vulnerability in hostapd 2.6: Pre-Authentication IAPP Location Update Exploit Denial-of-Service Vulnerability in 802.11w Security State Handling Heap Buffer Overflow in OpenCV 4.1.0's Data Structure Persistence Functionality Heap Buffer Overflow in OpenCV's Data Structure Persistence Functionality Unterminated strncpy Information Disclosure Vulnerability in Blynk-Library v0.6.1 Use-After-Free Vulnerability in Aspose.PDF 19.2 for C++ Uninitialized Memory Access Vulnerability in Aspose.PDF 19.2 for C++ X11 Mesa 3D Graphics Library 19.1.2 Shared Memory Permissions Vulnerability Unsafe Deserialization Vulnerability in Epignosis eFront LMS v5.2.12 Unauthenticated SQL Injection Vulnerability in eFront LMS v5.2.12 and Earlier Command Injection Vulnerability in Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router (AC9V1.0 Firmware V15.03.05.16multiTRU) Command Injection Vulnerability in Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router (AC9V1.0 Firmware V15.03.05.16multiTRU) Information Exposure Vulnerability in WAGO PFC200 and PFC100 Firmware Stack Buffer Overflow in WAGO PFC200 and PFC100 Firmware Stack Buffer Overflow in WAGO PFC200 and PFC100 Firmware Versions 03.01.07(13) and 03.00.39(12) Accusoft ImageGear 19.3.0 Library PNG Header-Parser Out-of-Bounds Write Vulnerability Denial-of-Service Vulnerability in WAGO PFC Devices Denial of Service Vulnerability in WAGO PFC200 and PFC100 Firmware Heap Buffer Overflow in WAGO PFC200 and PFC100 Firmware Denial-of-Service and Credential Weakness Vulnerability in WAGO PFC Devices Heap Buffer Overflow in WAGO PFC 200 and PFC100 Firmware Heap Buffer Overflow in WAGO PFC200 and PFC100 Firmware Versions 03.01.07(13), 03.00.39(12) Remote Code Execution Vulnerability in Accusoft ImageGear 19.3.0 Library Heap Out-of-Bounds Write Vulnerability in LEADTOOLS 20 TIF Parsing Functionality DICOM Packet-Parsing Integer Overflow Vulnerability in LEADTOOLS libltdic.so Integer Overflow Vulnerability in xcftools' flattenIncrementally Function Integer Overflow Vulnerability in xcftools 1.0.7's flattenIncrementally Function Out-of-Bounds Memory Write Vulnerability in Investintech Able2Extract Professional 14.0.7 x64 JPEG File Memory Corruption Vulnerability in Investintech Able2Extract Professional 4.0.7 x64 DICOM Packet-Parsing Out-of-Bounds Read Information Disclosure Vulnerability in LEADTOOLS libltdic.so LEADTOOLS libltdic.so Version 20.0.2019.3.15 Denial-of-Service Vulnerability Heap Out of Bounds Write Vulnerability in LEADTOOLS DICOM Image Format Parsing DICOM Network Response Integer Overflow Vulnerability in LEADTOOLS libltdic.so Heap-based Out-of-Bounds Write Vulnerability in E2fsprogs 1.45.3 Information Disclosure Vulnerability in Atlassian Jira Tempo Plugin (Version 4.10.0) Allows Unauthorized Access to Issue Summaries Code Execution Vulnerability in GoAhead Web Server Denial-of-Service Vulnerability in GoAhead Web Server Application Out-of-Bounds Read Vulnerability in AMD ATIDXX64.DLL Driver Integer Underflow Vulnerability in LEADTOOLS 20 CMP Parsing Functionality Integer Overflow Vulnerability in LEADTOOLS 20 BMP Header Parsing OpenWrt ustream-ssl Library Information Leak Vulnerability OpenWrt ustream-ssl Library Information Leak Vulnerability Memory Corruption Vulnerability in CODESYS GatewayService Hard-coded Encryption Key Vulnerability in WAGO e!Cockpit 1.5.1.1 Cleartext Transmission Vulnerability in WAGO e!Cockpit 1.5.1.1: Exposing Sensitive Data to Network Interception Linux Kernel Denial-of-Service Vulnerability via IAPP Location Updates SQL Injection Vulnerability in Forma LMS 2.2.1 Allows Database Exfiltration and OS Access SQL Injection Vulnerability in Forma LMS 2.2.1 Allows Database Exfiltration and OS Access Authenticated SQL Injection Vulnerability in Forma LMS 2.2.1 Authenticated SQL Injection Vulnerability in Forma LMS 2.2.1 SQL Injection Vulnerability in YouPHPTube 7.6 SQL Injection Vulnerability in YouPHPTube 7.6 SQL Injection Vulnerability in YouPHPTube 7.6: Exfiltration of Database and User Credentials SQL Injection Vulnerability in YouPHPTube 7.6 SQL Injection Vulnerability in YouPHPTube 7.6 SQL Injection Vulnerability in YouPHPTube 7.6 Authenticated PluginSwitch Endpoint SQL Injection Vulnerability in YouPHPTube 7.6 Authenticated PluginSwitch.json.php Endpoint SQL Injection Vulnerability in YouPHPTube 7.6 via Parameter dir in /objects/pluginSwitch.json.php Out-of-Bounds Read Vulnerability in AMD ATIDXX64.DLL Driver (Version 26.20.13001.50005) Heap Overflow Vulnerability in LEADTOOLS 20 JPEG2000 Parsing Functionality Use-After-Free Vulnerability in Foxit PDF Reader 9.7.0.29435 Allows Arbitrary Code Execution Command Injection Vulnerability in YouPHPTube Encoder Plugin Command Injection Vulnerability in YouPHPTube Encoder Command Injection Vulnerability in YouPHPTube Encoder Plugin Use-After-Free Vulnerability in Foxit PDF Reader 9.7.0.29435 Allows Arbitrary Code Execution Use-After-Free Vulnerability in Foxit PDF Reader 9.7.0.29435 Allows Arbitrary Code Execution Remote Code Execution Vulnerability in Accusoft ImageGear 19.3.0 Library Remote Code Execution Vulnerability in ImageGear 19.3.0 BMP Parser Regular Expression Bypass Vulnerability in WAGO PFC200 and PFC100 Web-Based Management Authentication Timing Discrepancy Vulnerability in WAGO PFC100/200 Controllers' Web-Based Management Application Privilege Escalation Vulnerability in Moxa AWK-3131A Firmware v1.13 Hard-coded Cryptographic Keys Vulnerability in Moxa AWK-3131A Firmware v1.13 Command Injection Vulnerability in Moxa AWK-3131A Firmware v1.13 Allows Remote Device Control Hard-coded Credentials Vulnerability in Moxa AWK-3131A Firmware v1.13 Command Injection Vulnerability in Moxa AWK-3131A Firmware v1.13 Command Injection Vulnerability in Moxa AWK-3131A Firmware v1.13 Command Injection Vulnerability in Moxa AWK-3131A Firmware v1.13 Format String Vulnerability in Moxa AWK-3131A Firmware v1.13 Allows Remote Code Execution Heap Underflow Vulnerability in Kakadu Software SDK 7.10.2 Allows Remote Code Execution Use-After-Free Vulnerability in Foxit PDF Reader 9.7.0.29435 Allows Arbitrary Code Execution Out-of-Bounds Read Vulnerability in AMD ATIDXX64.DLL Driver Out-of-Bounds Read Vulnerability in AMD ATIDXX64.DLL Driver (CVE-2020-XXXX) Denial-of-Service Vulnerability in Moxa AWK-3131A ServiceAgent Functionality Denial of Service Vulnerability in WAGO PFC100 and PFC2000 Web Application SQL Injection Vulnerability in YouPHPTube 7.7 with VideoTags Plugin SQL Injection Vulnerability in YouPHPTube 7.7 Allows for Remote Code Execution Information Disclosure Vulnerability in Shadowsocks-libev 3.3.2 Allows Outbound Connection and Data Leakage Remote Code Execution Vulnerability in Moxa AWK-3131A Firmware Version 1.13 Heap Overflow Vulnerability in LEADTOOLS 20.0.2019.3.15 JPEG2000 Parsing Functionality Command Injection Vulnerability in WAGO PFC200 Cloud Connectivity Feature Command Injection Vulnerability in WAGO PFC200 Cloud Connectivity Functionality Command Injection Vulnerability in WAGO PFC200 Firmware Firmware Downgrade Vulnerability in WAGO e!COCKPIT Automation Software v1.6.1.5 Arbitrary File Write Vulnerability in WAGO e!COCKPIT Automation Software Improper Host Validation Vulnerability in WAGO PFC200 Firmware Remote Code Execution Vulnerability in WAGO PFC200 Cloud Connectivity Service Improper Access Control Vulnerability in Moxa AWK-3131A Firmware v1.13 UDPRelay Denial-of-Service Vulnerability in Shadowsocks-libev 3.3.2 Code Execution and Privilege Escalation Vulnerability in Shadowsocks-libev 3.3.2 Authentication Bypass Vulnerability in Moxa AWK-3131A Firmware v1.13 Stack Buffer Overflow in WAGO PFC 200 Version 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Version 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Version 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Firmware version 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Firmware version 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Firmware 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Firmware version 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Firmware version 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Version 03.02.02(14) Command Injection Vulnerability in WAGO PFC 200 Firmware version 03.02.02(14) Stack Buffer Overflow in WAGO PFC 200 Firmware version 03.02.02(14) Stack Buffer Overflow in WAGO PFC 200 Firmware version 03.02.02(14) Stack Buffer Overflow in WAGO PFC 200 Firmware version 03.02.02(14) Stack Buffer Overflow Vulnerability in WAGO PFC 200 Firmware 03.02.02(14) Stack Buffer Overflow in WAGO PFC 200 Firmware v03.02.02(14) IO-Check Service Stack Buffer Overflow Vulnerability in WAGO PFC 200 Firmware 03.02.02(14) Stack Buffer Overflow in WAGO PFC 200 Firmware 03.02.02(14) IOCheck Service Type Confusion Vulnerability in AMD ATIDXX64.DLL Driver Double Free Vulnerability in WAGO PFC 200's I/O-Check Service Stack Buffer Overflow Vulnerability in WAGO PFC 200's I/O-Check Service Stack Buffer Overflow Vulnerability in WAGO PFC 200's I/O-Check Service Accusoft ImageGear 19.5.0 TIFreadstripdata Out-of-Bounds Write Remote Code Execution Vulnerability Stack-based code execution vulnerability in E2fsprogs e2fsck 1.45.4 via crafted ext4 directory Improper Validation of Array Index Vulnerability in Huawei Nova 5i Pro and Nova 5 Smartphones Improper File Management Vulnerability in Huawei Share Function of P20 Phones Improper Access Control Vulnerability in Huawei Share Allows Information Disclosure Insufficient Authentication Vulnerability in Honor Play Smartphones Use After Free Vulnerability in Huawei Mate10 Smartphones Huawei P30 and P30 Pro Man-in-the-Middle (MITM) Vulnerability Race Condition Vulnerability on Huawei Honor V10, Honor 10, and Honor Play Smartphones Information Disclosure Vulnerability on Mate 9 Pro Huawei Smartphones Insufficient Authentication Vulnerability in Huawei Band 2 and Honor Band 3 Double Free Vulnerability in Huawei Mate10 Smartphones: Exploiting Resource Sharing for Denial of Service Factory Reset Protection (FRP) Bypass Vulnerability on Multiple Smartphones Path Traversal Vulnerability in Huawei Share Information Disclosure Vulnerability in Huawei Smartphones' Secure Input Improper Authentication Vulnerability in PCManager 9.1.3.1 Out of Bounds Read Vulnerability in P30 Smartphones Buffer Overflow Vulnerability in P30, Mate 20, P30 Pro Smartphones Vulnerability: Version Downgrade in P30, P30 Pro, Mate 20 Smartphones and HiSuite Software Vulnerability: Version Downgrade in P30, P30 Pro, Mate 20 Smartphones and HiSuite Software Race Condition Vulnerability in Certain Detection Module of P30, P30 Pro, Honor V20 Smartphones Insufficient Verification Vulnerability in P30 Smartphones Improper Validation Vulnerability in Huawei P20 Pro, P20, Mate RS Smartphones Improper Authorization Check in P30 Smartphones Insufficiently Random Values Vulnerability in Huawei ViewPoint Products Improper Authentication Vulnerability in Pre-Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) Huawei Smartphones Null Pointer Dereference Vulnerability in Huawei Smart Phones Double Free Vulnerability in Huawei Smart Phones Emily-L29C Code Execution Vulnerability in Huawei PCManager Code Execution Vulnerability in Huawei PCManager Information Leak Vulnerability in Huawei PCManager Privilege Escalation Vulnerability in Huawei PCManager: Exploiting User-Installed Malicious Applications Title: Code Execution Vulnerability in Huawei PCManager Allows Remote Code Execution Clickjacking Vulnerability in Huawei HG255s: Exploiting User Clicks to Compromise Device Integrity Information Leak Vulnerability in Huawei Mate 9 Pro Smartphones DLL Hijacking Vulnerability in HiSuite 9.1.0.300 and Earlier Versions Insufficient Verification Vulnerability in ELLE-AL00B 9.1.0.109(C00E106R1P21) and other versions Buffer Overflow Vulnerability in Huawei Atlas 300 and Atlas 500: Local Authenticated Attackers Can Cause Service Crash CloudEngine 12800 DoS Vulnerability: Memory Leak Exploitation Improper Authorization Vulnerability in Mate 20 Pro Smartphones Path Traversal Vulnerability in Huawei Smartphones: Exploiting Application Pathnames for Information Disclosure Improper Authentication Vulnerability in Huawei Smartphones: Applock Bypass Improper Authentication Vulnerability in E5572-855 (Versions < 8.0.1.3) Allows Reboot and Man-in-the-Middle Attack Out-of-Bounds Read Vulnerability in Certain Huawei Products DoS Vulnerability in Certain Huawei Products: Crafted FTP Messages Exploit Null Pointer Dereference Vulnerability in Certain Huawei Products Resource Management Vulnerability in Huawei Products: Unauthorized Message Injection via Internal Network Buffer Overflow Vulnerability in Certain Huawei Products Information Leakage Vulnerability on Huawei Products: Unauthorized Access to High-Privilege Information Denial of Service Vulnerability in Huawei Y9 2019 and Honor View 20 Smartphones Brute Forcing Encrypted Backup Data Vulnerability in HiSuite and HwBackup Information Disclosure Vulnerability in Huawei Smartphones: Applock Bypass Improper Access Control Vulnerability in Huawei Share Function on P30 9.1.0.193(C00E190R2P1) Smartphone Insufficient Input Validation Vulnerability in Huawei Share Function on P30 9.1.0.193(C00E190R2P1) Smartphone Information Disclosure Vulnerability in Huawei OceanStor SNS3096 V100R002C01 Huawei Home Routers Input Validation Vulnerability: File Access and Upload Exploit Improper Authorization Vulnerability in Huawei Home Routers Allows Privilege Escalation and File Execution Information Leak Vulnerability in Huawei Smart Speaker Myna Allows Unauthorized Configuration Access Missing Integrity Checking Vulnerability in USG9500 (V500R001C30;V500R001C60) Software Denial of Service Vulnerability in USG9500 with V500R001C30;V500R001C60 Denial of Service Vulnerability in USG9500 with V500R001C30;V500R001C60 Denial of Service Vulnerability in USG9500 with V500R001C30;V500R001C60 Buffer Overflow Vulnerability in Huawei Smart Phones Information Leak Vulnerability in Huawei CloudUSM-EUA V600R006C10;V600R019C00 Out-of-Bounds Read Vulnerability in Advanced Packages Feature of Gauss100 OLTP Database in CampusInsight Information Leakage Vulnerability in Huawei Smart Phones Huawei CloudLink Phone 7900 TLS Certificate Verification Vulnerability Information Leak Vulnerability in Huawei Phones: Exploiting Camera Access for Sensitive Data Retrieval Double Free Vulnerability in Bastet Module of Huawei Smartphones Factory Reset Protection (FRP) Bypass Vulnerability in P20 Huawei Smartphones DoS Vulnerability in Huawei Leland-AL00A Smart Phones via Malformed RTSP Media Stream (HWPSIRT-2019-02004) Huawei S Series Switches DoS Vulnerability HedEx Lite V200R006C00SPC007 and Earlier Versions: Remote Reflection XSS Vulnerability Integer Overflow Vulnerability in P30 Smart Phones Integer Overflow Vulnerability in P30 Smart Phones Out-of-Bounds Read Vulnerability in Gauss100 OLTP Database in ManageOne 6.5.0 Huawei S5700 and S6700 DoS Vulnerability: Pointer Processing Abnormality Insufficient Verification of Data Authenticity Vulnerability in Huawei Products Information Leak Vulnerability in Honor and Huawei Mobile Phones Memory Leak Vulnerability in Huawei Products: Exploiting Continuous Message Handling Out of Bound Read Vulnerability in Huawei Products Authorization Bypass Vulnerability in Huawei Honor V10 Smartphones Out-of-Bounds Read Vulnerability in Mate20 Huawei Smartphones Factory Reset Protection (FRP) Bypass Vulnerability in Emily-L29C Huawei Phones Improper Authentication Vulnerability in Huawei AP Products Signature Verification Bypass Vulnerability in Huawei Hima-AL00B Mobile Phones Digital Signature Verification Bypass Vulnerability in Huawei Routers Information Leak Vulnerability in Huawei Honor V20 Smartphones Denial of Service Vulnerability in Huawei Smartphones Denial of Service Vulnerabilities on Huawei Smartphones Buffer Error Vulnerability in Huawei Products: Remote Device Reset Exploit Memory Double Free Vulnerability in Huawei Mate 10 Smartphones Factory Reset Protection (FRP) Bypass Vulnerability in P20 Huawei Smartphones Message Replay Vulnerability in Huawei 4G LTE Devices: Exposing GUTI Tampering and IMSI Retrieval Improper Authorization Vulnerability in Mate 20 RS Smartphones Information Disclosure Vulnerability in Honor Play Smartphones XSS Vulnerability in YUNUCMS 1.1.8: Injection in app/admin/controller/System.php XSS Vulnerability in YUNUCMS V1.1.8 via index.php/index/show/index cw Parameter XXE Vulnerability in getXmlDoc Method of weixin-java-tools v3.3.0 ArubaOS Web Components Vulnerable to HTTP Response Splitting and Reflected XSS via URL Parameters ArubaOS 8.x Web Management Interface Command Injection Vulnerability Aruba Instant Access Point (IAP) Local Authentication Bypass Vulnerability ArubaOS Remote CSRF Vulnerability Aruba Instant Access Point Remote Buffer Overflow Vulnerability Aruba Intelligent Edge Switch Series Web UI Cross Site Scripting Vulnerability Aruba Intelligent Edge Switch Series WebUI Remote Unauthorized Access Vulnerability Aruba Intelligent Edge Switch Remote Information Disclosure Vulnerability Command Injection Vulnerabilities in AirWave Application Aruba Airwave VisualRF File Overwrite and Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Title: Remote Authentication Bypass Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Denial of Service Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Command Injection Vulnerability in HPE Intelligent Management Center (IMC) PLAT Stack Buffer Overflow Vulnerability in HPE Intelligent Management Center (IMC) PLAT Information Disclosure Vulnerability in HPE Intelligent Management Center (IMC) PLAT Critical Remote Code Execution Vulnerability in HPE Intelligent Management Center (IMC) PLAT Local Disclosure of Information Vulnerability in HPE Nonstop Maintenance Entity Family Critical Remote Arbitrary File Upload Vulnerability in HPE 3PAR Service Processor Critical Remote Authentication Bypass Vulnerability in HPE 3PAR Service Processor Remote Bypass of Security Restrictions in HPE 3PAR Service Processor (Versions Prior to 5.0.5.1) Critical Remote Multiple Cross-Site Vulnerability in HPE 3PAR Service Processor Remote Gain Authorized Access Vulnerability in HPE 3PAR Service Processor Remote Session Reuse Vulnerability in HPE 3PAR Service Processor XSS Injection Vulnerability in HP2910al-48G Switch Version W.15.14.0016 Remote Authorization Bypass Vulnerability in HPE 3PAR StoreServ Management and Core Software Media Critical Cross-Site Scripting Vulnerability in HPE 3PAR StoreServ Management and Core Software Media Critical Remote Script Injection Vulnerability in HPE 3PAR StoreServ Management and Core Software Media Remote Authorization Bypass Vulnerability in HPE 3PAR StoreServ Management and Core Software Media Remote Session Reuse Vulnerability in HPE 3PAR StoreServ Management and Core Software Media Remote Information Disclosure Vulnerability in HPE 3PAR StoreServ Management and Core Software Media Vulnerability in Command View Advanced Edition (CVAE) Products Exposing Configuration Information Command Injection Vulnerability in morgan < 1.9.1 via Format Parameter Arbitrary OS Command Injection Vulnerability in kill-port < 1.3.2 Serve 6.5.3 Vulnerability: Unauthorized File and Directory Access Path Traversal Vulnerability in localhost-now npm Package (v1.0.2) Allows Arbitrary File Content Reading Path Traversal Vulnerability in serve npm Package (Version 7.0.1) Allows Arbitrary File Content Reading File Content Disclosure Vulnerability in Action View Action View Denial of Service Vulnerability Development Mode Secret Token Guessing Vulnerability Concurrent Brute Force Attack Vulnerability in Plataformatec Devise Arbitrary File Creation XSS Vulnerability in Buttle npm Package (v0.2.0) Arbitrary File Access Vulnerability in http-live-simulator npm Package (Version 1.0.5) Arbitrary Command Execution Vulnerability in Ubiquiti Networks EdgeSwitch X v1.1.0 and Prior Privilege Escalation via SSH in Ubiquiti Networks EdgeSwitch X v1.1.0 and Prior Unauthenticated Remote Access and Traffic Forwarding Vulnerability in Ubiquiti Networks EdgeSwitch X v1.1.0 and Prior Vulnerability: Recursive Entity Expansion in c3p0 XML Configuration Loading Privilege Escalation via Untrusted Search Path in FileZilla CSRF Vulnerability in UniFi Video 3.10.0 and Prior Incomplete Fix to CVE-2017-0911: Callback Verification Flaw in Twitter Kit for iOS Allows Credential Manipulation MQTT Broker Crash Vulnerability in mqtt-packet Module Clickjacking Vulnerability in Revive Adserver XML-RPC Unserialize Vulnerability in Revive Adserver Buffer Overflow Vulnerability in libcurl 7.62.0 to 7.64.1 due to Integer Overflow in URL API Heap Buffer Overflow in TFTP Receiving Code: DoS and Arbitrary Code Execution in libcurl 7.19.4 - 7.64.1 Directory Listing Information Exposure in npm's Harp Module Symlink Path Traversal Vulnerability in npm Harp Module (<= 0.29.0) Critical Buffer Overflow Vulnerability in VLC Media Player < 3.0.7 Enables Remote Code Execution Cryptographically Weak PRNG in Password Recovery Token Generation of Revive Adserver Billion Laughs Attack in Pippo 1.12.0: XML Entity Expansion Vulnerability Curl Privilege Escalation Vulnerability Path Traversal Vulnerability in serve-here.js npm Module (Versions up to v1.1.3) Allows Unauthorized File Listing Denial of Service (DoS) Vulnerability in EdgeMAX EdgeSwitch Prior to 1.8.2 Command Injection Vulnerability in EdgeMAX EdgeSwitch Prior to 1.8.2 Allows Admin User to Execute Commands as Root Path Traversal Vulnerability in http-file-server npm Module (<= v0.2.6) Allows Arbitrary File Listing Yarn 1.17.3 and Earlier: Missing Encryption of Sensitive Data via HTTP URLs in Lockfile Calendar Event Name Leakage in Nextcloud Server (prior to version 15.0.1) HTML Injection in Directory Names in Nextcloud Android App (Versions < 3.7.0) Vulnerability: Bypassing Lock Protection in Nextcloud Android App (Prior to Version 3.6.1) Thumbnail Leakage Vulnerability in Nextcloud Android App (Prior to Version 3.6.2) Bypassing Lock Protection in Nextcloud Android App Prior to Version 3.3.0 SQL Injection Vulnerability in Nextcloud Android App Prior to Version 3.0.0: Cache Destruction and Account Reset Required Vulnerability: Bypassing Lock Protection in Nextcloud Android App 3.6.0 SMTP Proxy Server Vulnerability in UniFi Controller Version <= 5.10.21 Arbitrary JavaScript Code Execution via Cross-Site Scripting (XSS) in min-http-server Arbitrary JavaScript Code Execution via Cross-Site Scripting (XSS) in http-file-server VLC Media Player Integer Underflow Vulnerability: Out-of-Band Read Exploit Double Free Vulnerability in VLC Versions <= 3.0.6: Crash Exploit GitHub Service Integration Input Validation Vulnerability Privilege Escalation Vulnerability in GitLab CE/EE 9.0 and Later with Unrotated Trigger Tokens GitLab CE/EE CI Badge Images Endpoint Authorization Issue Vulnerability: Flawed DNS Rebinding Protection in GitLab CE/EE 10.2 and Later GitLab CE/EE 8.14 and Later: Information Disclosure via Move Issue Feature IDOR Vulnerability in GitLab CE/EE 11.5 and Later: Disclosure of Label Names via New Merge Requests Endpoint Persistent XSS in GitLab CE/EE Wiki Pages Privilege Escalation Vulnerability in Gitlab with Blocked Account and Mattermost Slash Commands IDOR Vulnerability in GitLab Allows Unauthorized File Replacement GitLab Security Dashboard Information Disclosure Vulnerability Persistent XSS Vulnerability in GitLab Email Notification Feature Authorization Bypass Vulnerability in Gitlab Versions < 12.1.2, < 12.0.4, and < 11.11.6 Allows Unauthorized Deletion of Epic Comments Authentication Bypass Vulnerability in GitLab Allows Email Verification Bypass Authorization Bypass Vulnerability in GitLab EE Remote Code Execution Vulnerability in Nexus Yum Repository Plugin v2 SQL Injection Vulnerability in Nextcloud Lookup-Server < v0.3.0 Command Injection Vulnerability in Nokogiri v1.10.3 and Earlier Vulnerability: Control Field Modification in Encrypt Only Boot Mode of Zynq UltraScale+ Devices Unintended Require Vulnerability in larvitbase-api v0.5.5: Arbitrary Non-Production Code Loading Arbitrary File Listing Vulnerability in statichttpserver npm Module (<= v0.9.7) Double-Free Vulnerability in cURL FTP-Kerberos Code (Versions 7.52.0 to 7.65.3) CVE-2019-5482: Heap Buffer Overflow in cURL TFTP Protocol Handler Seneca < 3.9.0 Vulnerability: Unauthorized Exposure of Environment Variables Arbitrary File Write Vulnerability in Bower before 1.8.8 Command Injection Vulnerability in NPM Package gitlabhook (Version 0.0.17) GitLab CE/EE Salesforce Login Integration Authentication Bypass Vulnerability Improper Access Control Vulnerability in Gitlab EE Group Search with Elasticsearch SQL Injection Vulnerability in ESPCMS-P8's verifyAccount Endpoint Page Cache Side-Channel Attack in Linux Kernel Default Account Vulnerability in NetApp Service Processor Firmware Sensitive Information Disclosure in Clustered Data ONTAP Versions Prior to 9.1P15 and 9.3 Prior to 9.3P7 Sensitive Account Information Disclosure in Element Plug-in for vCenter Server Information Disclosure Vulnerability in Data ONTAP Operating in 7-Mode Versions Prior to 8.2.5P3 Missing HTTP Security Headers in OnCommand Unified Manager 7-Mode Prior to Version 5.2.4 Missing HTTP Security Headers in OnCommand Unified Manager for VMware vSphere, Linux, and Windows prior to 9.5 Missing HTTP Security Headers in Oncommand Insight Versions Prior to 7.3.5 Default Account Vulnerability in NetApp AFF A700s Baseboard Management Controller (BMC) Firmware Sensitive Account Information Disclosure in OnCommand Insight Versions through 7.3.6 Remote Unauthenticated DoS Vulnerability in NetApp Service Processor and Baseboard Management Controller Firmware LDAP Account Information Disclosure in Data ONTAP Operating in 7-Mode Versions Prior to 8.2.5P3 Weak Cryptography Vulnerability in Data ONTAP 7-Mode Versions Prior to 8.2.5P3 Missing HTTP Security Headers in OnCommand Workflow Automation Versions Prior to 5.0 Unauthenticated Remote Administrative Access in ONTAP Select Deploy Administration Utility Plaintext Transmission of Credentials in ONTAP Select Deploy Administration Utility (Versions 2.2 - 2.12.1) Vulnerability: Hostname Verification Bypass in Clustered Data ONTAP Versions 9.0 and Higher SnapManager for Oracle Prior to Version 3.4.2P1 Information Disclosure Vulnerability Denial of Service (DoS) Vulnerability in Clustered Data ONTAP Versions 9.2-9.4 Code Injection Vulnerability in ONTAP Select Deploy Administration Utility Path Hijacking Vulnerability in VMware Workstation VMware Workstation Windows Host COM Class Hijacking Vulnerability VMware Horizon Connection Server Information Disclosure Vulnerability Unauthenticated API Access Vulnerability in VMware Fusion Out-of-Bounds Write Vulnerability in VMware Workstation and Fusion Virtual Network Adapters Out-of-bounds vulnerability in VMware ESXi, Workstation, and Fusion with 3D Graphics Multiple Out-of-Bounds Read Vulnerabilities in VMware ESXi, Workstation, and Fusion Shader Translator Out-of-Bounds Read/Write Vulnerability in VMware Virtual USB Controller TOCTOU Vulnerability in VMware ESXi, Workstation, and Fusion Allows Guest to Execute Code on Host Out-of-bounds read vulnerability in VMware virtualization software with 3D graphics enabled Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion Out of Bounds Read Vulnerability in VMware Tools for Windows Remote Session Hijack Vulnerability in VMware vCloud Director for Service Providers 9.5.x Out-of-Bounds Write Vulnerability in VMware Workstation and Fusion's e1000 Virtual Network Adapter Use-After-Free Vulnerability in VMware Workstation ALSA Backend DLL Hijacking Vulnerability in VMware Workstation (15.x before 15.1.0) Allows Privilege Escalation on Windows Host Use-After-Free Vulnerability in Virtual Sound Device: Important Severity Partial Denial of Service Vulnerability in VMware ESXi 6.5 Hostd Process Tampering Vulnerability in Pre-19.7.0 InstallBuilder Windows Binaries Insufficient Session Expiration in VMware vSphere ESXi and vCenter Server Information Disclosure Vulnerability in VMware vCenter Server Information Disclosure Vulnerability in VMware SD-WAN by VeloCloud Information Disclosure Vulnerability in VMware vCenter Server Moderate Severity Network Denial-of-Service Vulnerability in VMware Workstation and Fusion Denial-of-Service Vulnerability in VMware ESXi, Workstation, and Fusion's Shader Functionality Certificate Validation Bypass Vulnerability in VMware vCenter Server Appliance Certificate Validation Bypass Vulnerability in VMware vCenter Server Appliance DLL Hijacking Vulnerability in VMware Workstation and Horizon View Agent Information Disclosure Vulnerability in VMware Workstation and Fusion Out-of-Bounds Write Vulnerability in VMware Workstation and Fusion Denial-of-Service Vulnerability in VMware Workstation and Fusion Writable Configuration Files Vulnerability in VMware Software Critical Heap Overwrite Vulnerability in OpenSLP Improper Access Control Vulnerability in FortiClientMac: File Modification Affecting Performance Reflected XSS Vulnerability in Fortinet FortiOS SSL VPN Web Portal Root File System Integrity Vulnerability in Fortinet FortiOS VM Application Images Reflected XSS Vulnerability in Fortinet FortiOS SSL VPN Web Portal FortiClient Online Installer (Windows) Unsafe Search Path Arbitrary Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiWeb 6.0.2 and Below Default Configuration Vulnerability in FortiOS Allows Impersonation of LDAP Server FortiOS IPS Engine CBC Padding Oracle Vulnerabilities Insecure CLI Console Permissions Allow Unauthorized Access to Fortinet FortiOS Plaintext Private Keys Reflected XSS Vulnerability in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 Admin WebUI Kernel Data Exposure in FreeBSD System Calls Vulnerability: Privilege Escalation and Jail Escape via UNIX Domain Sockets in FreeBSD IPv6 Fragment Reassembly Logic Vulnerability in FreeBSD Vulnerability: ICMP/ICMP6 Packet Bypass in pf Denial of Service Vulnerability in FreeBSD 12.0-STABLE and 12.0-RELEASE Buffer overflow vulnerability in FreeBSD iconv implementation Uninitialized Directory Entry Padding Vulnerability in FreeBSD 12.0 and 11.2 Arbitrary Kernel Memory Overwrite Vulnerability in FreeBSD CDROM Driver File Descriptor Reference Overflow Vulnerability in FreeBSD Out-of-Bounds Read Vulnerability in FreeBSD's bhyve Hypervisor Memory Disclosure Vulnerability in FreeBSD 11.3-STABLE and Earlier Versions Privilege Escalation via Write-After-Free Vulnerability in FreeBSD Reference Counter Wrap Vulnerability in FreeBSD ICMPv6 Input Path Fragmentation Vulnerability in FreeBSD Buffer Overflow Vulnerability in bhyve e1000 Device Emulation Out-of-Bounds Read Vulnerability in FreeBSD bsnmp Library Remote Denial of Service Vulnerability in FreeBSD 12.0-STABLE and Earlier Versions Kernel Memory Leakage in FreeBSD's /dev/midistat Driver Reinjection Vulnerability in FreeBSD 12.0-RELEASE Incomplete Packet Data Validation Vulnerability in FreeBSD 12.1-STABLE, 12.1-RELEASE, 11.3-STABLE, and 11.3-RELEASE Vulnerability: Unauthorized Access to Encrypted Passwords and Backup Credentials in Rapid7 InsightVM Insecure JavaScript Authentication in CircuitWerkes Sicon-8 Web Controller C4G BLIS Version 3.4 and Earlier: Unauthenticated User Password Change Vulnerability Stack-based Buffer Overflow in A-PDF WAV to MP3 version 1.0.0 Stack-based Buffer Overflow in AASync.com AASync version 2.2.1.0 Missing Authentication for Critical Function in ABB MicroSCADA Pro SYS600 version 9.3 Stack-based Buffer Overflow in ABBS Software Audio Media Player version 3.1 Accellion File Transfer Appliance version FTA_8_0_540 Vulnerability: Use of Hard-coded Credentials Command Injection Vulnerability in Accellion File Transfer Appliance version FTA_8_0_540 Path Traversal Vulnerability in Rapid7 Metasploit Framework Insecure Storage of OAuth Tokens in Halo Home Android App Clear Text Storage of User Credentials in BlueCats Reveal Android App Insecure Storage of Credentials in BlueCats Reveal iOS App Local Privilege Escalation in Rapid7 Insight Agent 2.6.3 and Prior CSRF Vulnerability in Rapid7 Nexpose InsightVM Security Console Versions 6.5.0 - 6.5.68 InsightAppSec Broker DLL Injection Vulnerability Insecure Storage of Sensitive Information in Hickory Smart for Android Insecure Storage of Sensitive Information in Hickory Smart for iOS Insecure Logging of Sensitive Information in Hickory Smart for Android Cleartext Transmission of Sensitive Information Vulnerability in Belwith Products' Hickory Smart Ethernet Bridge Vulnerability: Denial of Service in Beckhoff TwinCAT ADS Discovery Service Denial of Service Vulnerability in Beckhoff TwinCAT Profinet Driver Insufficient Session Expiration Vulnerability in Rapid7 Nexpose Versions 6.5.50 and Prior Information Exposure Vulnerability in Rapid7 Nexpose Session Timeout Information Exposure Vulnerability in Rapid7 InsightVM World-readable permissions on server.key file in Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior C4G BLIS Version 3.5 and Earlier: Improper Access Control Vulnerability C4G BLIS v3.5 and Earlier: Unauthenticated User Account Manipulation and Unauthorized Administrator Privileges Arbitrary Regular Expression Registration Vulnerability in Rapid7 Metasploit HTTP Handler Session Hijacking Vulnerability in Rapid7 AppSpider Chrome Plugin LDAP Server Manipulation Vulnerability in Barracuda Load Balancer ADC Vulnerability in NVIDIA Windows GPU Display Driver Allows Code Execution and Privilege Escalation NVIDIA Windows GPU Display Driver Kernel Mode Vulnerability: Unvalidated Array Index in DxgkDdiCreateContext Command NVIDIA Windows GPU Display Driver Kernel Mode Handler Null Pointer Dereference Vulnerability NULL Pointer Dereference Vulnerability in NVIDIA Windows GPU Display Driver NVIDIA Windows GPU Display Driver DxgkDdiEscape Buffer Overflow Vulnerability NVIDIA Windows GPU Display Driver DxgkDdiEscape Buffer Overflow Vulnerability NVIDIA Windows GPU Display Driver Denial of Service Vulnerability Insecure SSH Keys in NVIDIA Jetson TX1 and TX2 Linux for Tegra (L4T) Operating System Denial of Service Vulnerability in NVIDIA Jetson TX2 Kernel Driver NVIDIA GeForce Experience Hard Link Vulnerability NVIDIA Windows GPU Display Driver Software Kernel Mode Synchronization Vulnerability NVIDIA Windows GPU Display Driver Software DLL Preloading Vulnerability NVIDIA Windows GPU Display Driver Software Denial of Service Vulnerability Vulnerability in NVIDIA GeForce Experience Web Helper Component Vulnerability in NVIDIA Tegra Bootloader: Improper Authentication of Trusted OS Image Vulnerability in NVIDIA Jetson TX1 L4T R32 Tegra Bootloader: Unvalidated Load Address in nvtboot-cpu Image NVIDIA Shield TV Experience v8.0 Vulnerability: User Data Override in Mount System Service Improper Activity Export in NVIDIA Games App Allows Code Execution or Denial of Service NVIDIA Windows GPU Display Driver Hard Link Vulnerability Out of Bounds Access Vulnerability in NVIDIA Windows GPU Display Driver Out of Bounds Access Vulnerability in NVIDIA Windows GPU Display Driver NVIDIA Windows GPU Display Driver Denial of Service Vulnerability Unintended Actor Exposure Vulnerability in NVIDIA Windows GPU Display Driver NVIDIA NVFlash and GPUModeSwitch Tool Privilege Escalation Vulnerability NVIDIA GeForce Experience Downloader Component Vulnerability NVIDIA Windows GPU Display Driver Kernel Mode Buffer Overflow Vulnerability NVIDIA Windows GPU Display Driver Kernel Mode NULL Pointer Dereference Vulnerability NVIDIA Windows GPU Display Driver Kernel Mode Vulnerability NVIDIA Windows GPU Display Driver Kernel Mode Pointer Initialization Vulnerability NVIDIA Windows GPU Display Driver R390 DLL Preloading Vulnerability DLL Preloading Vulnerability in NVIDIA GeForce Experience and Windows GPU Display Driver NVIDIA Virtual GPU Manager Denial of Service Vulnerability NVIDIA Virtual GPU Manager Memory Access Vulnerability Denial of Service Vulnerability in NVIDIA Virtual GPU Manager NVIDIA Shield TV Experience v8.0.1 Vulnerability: Tegra Bootloader Buffer Overflow Vulnerability in NVIDIA Shield TV Bootloader: Code Execution, DoS, Privilege Escalation, and Information Disclosure NVIDIA GeForce Experience GameStream DLL Preloading Vulnerability Local Privilege Escalation Vulnerability in NVIDIA GeForce Experience Reflected SQL Injection Vulnerability in SilverStripe Forms and DataObjects 6LoWPAN Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.5 P_MUL Dissector Crash Vulnerability Vulnerability: Crash in Wireshark RTSE and ASN.1 Dissectors ISAKMP Dissector Crash Vulnerability in Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11 SQL Injection Vulnerability in FrontAccounting 2.4.6: Exploiting the reference field in includes/db/class.reflines_db.inc ENIP Dissector Use-After-Free Vulnerability in Wireshark 2.4.0 to 2.4.11 SQL Injection Vulnerabilities in Portier Vision 4.4.4.2 and 4.4.4.6 Reversible Encryption and Outdated Vigenere Algorithm in Portier Vision Arbitrary File Read Vulnerability in Qibosoft V7 via SSRF Persistent XSS Vulnerability in Splunk Web Untrusted TLS Server Certificate Verification Vulnerability in Splunk-SDK-Python Vulnerability: Host Root Access via runc Binary Overwrite Slow HTTP Denial of Service (DoS) Vulnerability in Node.js Potential Denial of Service (DoS) Attack Vector in Node.js 6.16.0 and Earlier Out of Bounds Read Vulnerability in BusyBox DHCP Components Potential XXE Vulnerability in Traccar Server 4.2's SpotProtocolDecoder.java Proxy Server Vulnerability in Google Chrome's QUIC Networking Arbitrary Read/Write Vulnerability in V8 in Google Chrome PDFium Memory Management Vulnerability in Google Chrome SVG Object Type Assumption Vulnerability in Google Chrome (CVE-2019-5786) Heap Corruption Vulnerability in Blink in Google Chrome Sandbox Escape Vulnerability in Google Chrome on Android and Mac Heap Corruption Vulnerability in WebRTC in Google Chrome (CVE-2019-5786) Heap Corruption Vulnerability in SwiftShader in Google Chrome PDFium Memory Management Vulnerability in Google Chrome Heap Corruption Vulnerability in V8 Engine in Google Chrome (prior to 72.0.3626.81) WebRTC Heap Corruption Vulnerability in Google Chrome Exposed Debugging Endpoint in Google Chrome on Android Prior to 72.0.3626.81 Allows Information Disclosure via Crafted Intent Cross-Origin Data Leakage in Canvas in Google Chrome Insufficient Protection of Permission UI in WebAPKs in Google Chrome on Android: Privacy/Security Sensitive Web API Access Vulnerability DevTools API Vulnerability Allows Unauthorized File Access via Malicious Chrome Extension Heap Corruption Vulnerability in Blink Rendering Engine Out of Bounds Memory Read Vulnerability in WebGL in Google Chrome Arbitrary Code Execution Vulnerability in SwiftShader in Google Chrome Heap Corruption Vulnerability in PDFium JavaScript Runtime in Google Chrome Bypassing Same Origin Policy in IndexedDB in Google Chrome (CVE-2019-5786) Arbitrary Code Execution via Omitted .desktop Filetype in SafeBrowsing Checklist Omnibox Spoofing Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome Bypassing Extension Permission Checks for Privileged Pages in Google Chrome (CVE-2019-5786) Bypassing Navigation Restrictions in Google Chrome ServiceWorker Apple Event JavaScript Execution Vulnerability in Google Chrome on macOS Omnibox Spoofing Vulnerability in Google Chrome Arbitrary Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2019-5786) Dangling Markup Injection Vulnerability in Google Chrome DevTools Heap Corruption Vulnerability in V8 Engine in Google Chrome (CVE-2019-5786) Out of Bounds Memory Write Vulnerability in Skia in Google Chrome Out of Bounds Memory Access Vulnerability in Google Chrome Heap Corruption Vulnerability in Google Chrome prior to 73.0.3683.75 Use-after-free vulnerability in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 WebMIDI Integer Overflow Use-After-Free Vulnerability in Google Chrome Integer Overflow Vulnerability in Google Chrome (prior to 73.0.3683.75) Allows Remote Code Execution Out of Bounds Memory Read Vulnerability in V8 Engine of Google Chrome (CVE-2019-5786) PDFium Integer Overflow Vulnerability Remote Code Execution via Insufficient Policy Enforcement in Google Chrome Extensions Domain Spoofing Vulnerability in Google Chrome Navigation PDFium Integer Overflow Vulnerability Data Race Vulnerability in Google Chrome Extensions Guest View Double Free Vulnerability in DOMStorage in Google Chrome Out of Bounds Memory Read Vulnerability in Skia in Google Chrome (CVE-2019-5786) Content Security Policy Bypass via Incorrect Inheritance in Google Chrome (CVE-2019-5786) Bypassing Content Security Policy in Blink in Google Chrome prior to 73.0.3683.75 Domain Spoofing Vulnerability in Google Chrome on iOS Domain Spoofing Vulnerability in Google Chrome Bypassing Content Security Policy in Google Chrome prior to 73.0.3683.75 via crafted HTML page Domain Spoofing Vulnerability in Google Chrome PDFium Use-After-Free Vulnerability in Google Chrome (CVE-2019-5786) Integer Overflow Vulnerability in ANGLE in Google Chrome on Windows Heap Corruption Vulnerability in V8 Engine in Google Chrome (CVE-2019-5786) Remote Code Execution Vulnerability in Google Chrome Prior to 74.0.3729.108 Remote Code Execution via Use After Free in Google Chrome File Chooser Autofill Information Leak Vulnerability in Google Chrome CORS Bypass Vulnerability in Google Chrome ServiceWorker (CVE-2019-5805) Domain Spoofing Vulnerability in iOS UI in Google Chrome (prior to 74.0.3729.108) Remote Code Execution Vulnerability in V8 Engine in Google Chrome (CVE-2019-5786) Cross-Origin Data Leakage in Google Chrome Prior to 74.0.3729.108 Type Confusion Vulnerability in xsltNumberFormatGetMultipleLevel Process Lifetime Issue in Chrome: Remote Code Execution via Crafted HTML Page Heap Buffer Overflow in ANGLE in Google Chrome on Windows Uninitialized Data Vulnerability in Google Chrome: Information Disclosure via Crafted Video File Arbitrary Code Execution via Crafted String in Google Chrome Developer Tools on OS X PDFium Integer Overflow Vulnerability in Google Chrome PDFium Integer Overflow Vulnerability in Google Chrome Same Origin Policy Bypass in Google Chrome Blink (CVE-2019-5805) Bypassing Navigation Restrictions in Google Chrome Service Workers Heap Corruption Vulnerability in Google Chrome Prior to 74.0.3729.131 Heap Corruption Vulnerability in Google Chrome (prior to 73.0.3683.86) via Crafted HTML Page Use After Free Vulnerability in IndexedDB in Google Chrome (Versions prior to 73.0.3683.86) Heap Corruption Vulnerability in SQLite via WebSQL in Google Chrome Out of Bounds Memory Access Vulnerability in Google Chrome ServiceWorker Integer Overflow in Google Chrome Download Manager Allows Remote Code Execution CORS Policy Enforcement Vulnerability in Google Chrome (prior to 75.0.3770.80) Allows Cross-Origin Data Leakage Heap Corruption Vulnerability in V8 Engine in Google Chrome (CVE-2019-5825) Cross-Origin Data Leakage Vulnerability in Google Chrome Misleading Security UI Display Vulnerability in Google Chrome on Android (prior to version 75.0.3770.80) Domain Spoofing Vulnerability in Google Chrome (CVE-2019-5825) Out of Bounds Memory Access Vulnerability in SwiftShader in Google Chrome Heap Buffer Overflow in ANGLE in Google Chrome Resource Size Information Leakage in Blink Bypassing File URI Restrictions in Google Chrome Extensions Bypassing Website URL Validation in Google Chrome (CVE-2019-5825) Bypassing Navigation Restrictions in Google Chrome on iOS (CVE-2019-5825) Heap Corruption Vulnerability in Google Chrome (prior to 75.0.3770.80) via Crafted HTML Page Use After Free Vulnerability in Google Chrome Prior to 75.0.3770.90 Heap Corruption Vulnerability in Google Chrome (prior to 74.0.3729.108) via Crafted HTML Page Heap Corruption Vulnerability in SwiftShader in Google Chrome Heap Corruption Vulnerability in SwiftShader in Google Chrome Heap Corruption Vulnerability in SwiftShader in Google Chrome Heap Corruption Vulnerability in Google Chrome (prior to 75.0.3770.142) via Crafted HTML Page Font Handling Vulnerability in Google Chrome Autofill Skia Out of Bounds Read Vulnerability in Google Chrome Sandbox Escape Vulnerability in Google Chrome Prior to 76.0.3809.87 WebAudio Use After Free Vulnerability in Google Chrome Memory Disclosure Vulnerability in Google Chrome (prior to 76.0.3809.87) via Crafted HTML Page Heap Corruption Vulnerability in Google Chrome (prior to 76.0.3809.87) via Crafted HTML Page PDFium Integer Overflow Vulnerability PDFium Integer Overflow Vulnerability Bypassing Site Isolation in Google Chrome: Insufficient Policy Enforcement in Storage Object Corruption Vulnerability in Google Chrome (prior to 76.0.3809.87) via Crafted HTML Page Arbitrary Code Execution Vulnerability in Google Chrome on MacOS Services Integration Bypassing Navigation Restrictions in Google Chrome on Windows PDFium Use After Free Vulnerability in Google Chrome Bypassing Anti-Clickjacking Policy in Google Chrome (CVE-2019-5842) AppCache Bypass Vulnerability in Google Chrome (CVE-2019-5869) CORS Vulnerability in Google Chrome Prior to 76.0.3809.87 Allows Bypassing Content Security Policy via Malicious Extension Bypassing Site Isolation in Google Chrome Prior to 76.0.3809.87 Heap Corruption Vulnerability in Google Chrome (prior to 75.0.3770.142) via Crafted HTML Page Heap Corruption Vulnerability in Google Chrome (prior to 76.0.3809.100) via Crafted HTML Page PDFium Use After Free Vulnerability in Google Chrome Remote Code Execution Vulnerability in Google Chrome Prior to 76.0.3809.132 Remote Code Execution via Use After Free Vulnerability in Google Chrome Heap Buffer Overflow in Skia: Remote Code Execution in Google Chrome Remote Code Execution via Use After Free Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on iOS Bypassing Navigation Restrictions in Google Chrome on Windows Omnibox Spoofing Vulnerability in Google Chrome (prior to 77.0.3865.75) Remote Code Execution Vulnerability in Google Chrome for Android (CVE-2019-13699) Heap Corruption Vulnerability in Google Chrome (prior to 77.0.3865.75) via Crafted HTML Page Heap Corruption Vulnerability in V8 in Google Chrome (prior to 77.0.3865.75) via Crafted HTML Page Insufficient Policy Enforcement in Google Chrome Extensions Allows Local File Reading Cross-Origin Data Leakage in Google Chrome Prior to 77.0.3865.75 Remote Information Disclosure Vulnerability in SwiftShader in Google Chrome Use After Free Vulnerability in Irssi 1.1.x Improper Access Control in GitLab Issue Comments Information Leakage in elFinder PHP Class Predictable Secret Key Generation in Matrix Synapse before 0.34.0.1 Unvalidated Database Reinstallation Vulnerability in ShopXO 1.2.0 Arbitrary File Deletion Vulnerability in ShopXO 1.2.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in OverIT Geocall 6.3 Directory Traversal Vulnerability in OverIT Geocall 6.3 Weak Authentication and Session Management in OverIT Geocall 6.3: Unauthorized Access to Administrative Control Panel Unauthenticated Servlet Allows Cookie Theft and Unauthorized Login in OverIT Geocall 6.3 Denial of Service Vulnerability in FRRouting's BGP Virtual Network Control SQL Injection Vulnerability in Nelson Open Source ERP v6.3.1 via db/utils/query/data.xml Parameter Remote Code Execution via License Manager Service in YOKOGAWA Products Arbitrary File Read Vulnerability in HOUSE GATE App for iOS 1.7.8 and Earlier Untrusted Search Path Vulnerability in UNLHA32.DLL Installer Untrusted Search Path Vulnerability in UNARJ32.DLL Installer Untrusted Search Path Vulnerability in LHMelting Installer V20 PRO L-01J Software Version L01J20c and L01J20d Vulnerability: NULL Pointer Exception Crash OpenAM Open Redirect Vulnerability Remote Code Execution via Input Validation Issue in POWER EGG Denial of Service Vulnerability in azure-umqtt-c Nablarch 5 XML External Entity (XXE) Vulnerability Incomplete Cryptography in Nablarch 5 Allows Remote Data Manipulation CSRF Vulnerability in FormCraft 1.2.1 and Earlier Windows 7 Untrusted Search Path Privilege Escalation Vulnerability Untrusted Search Path Vulnerability in Microsoft Teams Installer Arbitrary File Read Vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and Earlier CSRF Vulnerability in Smart Forms 2.6.15 and Earlier Allows Remote Authentication Hijacking Cross-Site Scripting Vulnerability in Dradis Community and Professional Editions Arbitrary Code Injection Vulnerability in KinagaCMS Versions Prior to 6.5 Arbitrary File Read Vulnerability in 'an' App for iOS Version 3.2.0 and Earlier Arbitrary Script Injection Vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 Cross-Site Scripting Vulnerability in Cybozu Garoon's 'Memo' Application Access Restriction Bypass in Cybozu Garoon 4.0.0 to 4.6.3 Privilege Escalation via Unspecified Vectors in Cybozu Garoon 4.0.0 to 4.6.3 Cross-Site Scripting Vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 via 'Portal' Application Bypassing Access Restriction in Cybozu Garoon Bulletin Board SQL Injection Vulnerability in Cybozu Garoon 4.0.0 to 4.10.0: Arbitrary SQL Command Execution via Log Search Access Restriction Bypass Vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 Directory Traversal Vulnerability in Cybozu Garoon 4.0.0 to 4.10.1: Unauthorized File Access via 'Work Flow' Application Cross-Site Scripting Vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 Cross-Site Scripting Vulnerability in Cybozu Garoon's Mail Application Arbitrary Web Script Injection Vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 Cross-Site Scripting Vulnerability in Cybozu Garoon Scheduler Bypassing Access Restriction in Cybozu Garoon 4.0.0 to 4.10.1 via 'Multi Report' Application Bypassing Access Restrictions in Cybozu Garoon's Cabinet Multiple Files Download Function Access Restriction Bypass in Cybozu Garoon 4.0.0 to 4.10.1 via Bulletin and Cabinet Applications Bypassing Access Restriction and Unauthorized Modification in Cybozu Garoon Application 'Address' Information Disclosure Vulnerability in Cybozu Garoon Authentication Open Redirect Vulnerability in Cybozu Garoon Login Screen Cross-Site Scripting Vulnerability in Cybozu Garoon's 'Cabinet' Application Buffer Overflow Vulnerability in GNU Wget 1.20.1 and Earlier Access Restriction Bypass Vulnerability in JR East Japan Train Operation Information App Arbitrary Website Access and Phishing Vulnerability in CREATE SD Official App for Android (Versions 1.0.2 and Earlier) Arbitrary File Deletion Vulnerability in WonderCMS 2.6.0 and Earlier Untrusted Search Path Vulnerability in Electronic Reception and Examination of Radio License Application Installer Untrusted Search Path Vulnerability in Electronic Reception and Examination of Application for Radio Licenses Offline 1.0.9.0 and Earlier CSRF Vulnerability in WP Open Graph Plugin Unverified SSL Certificates in Tootdon for Mastodon App Allow Man-in-the-Middle Attacks Arbitrary Code Injection Vulnerability in Zoho SalesIQ 1.0.8 and Earlier Zoho SalesIQ CSRF Vulnerability: Remote Authentication Hijacking Authentication Bypass Vulnerability in iDoors Reader 2.10.17 and Earlier Open Redirect Vulnerability in Joruri Mail 2.1.4 and Earlier: Remote Phishing Attack Vector Session Management Vulnerability in Joruri Mail 2.1.4 and Earlier Arbitrary Web Script Injection Vulnerability in Joruri CMS 2017 Release2 and Earlier CSRF Vulnerability in GROWI v3.4.6 and Earlier: Administrator Authentication Hijacking via 'Basic Info' Update Open Redirect Vulnerability in GROWI v3.4.6 and Earlier: Phishing Attack via Login Process Cross-Site Scripting Vulnerability in Attendance Manager 0.5.6 and Earlier CSRF Vulnerability in Attendance Manager 0.5.6 and Earlier Allows Remote Authentication Hijacking Arbitrary Code Injection Vulnerability in Online Lesson Booking 0.8.6 and Earlier CSRF Vulnerability in Online Lesson Booking 0.8.6 and Earlier Allows Remote Authentication Hijacking CSRF Vulnerability in Contest Gallery Prior to 10.4.5 Allows Remote Authentication Hijacking DOM-based Cross-Site Scripting Vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 Unspecified Vector Denial of Service Vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 Cybozu Garoon Mail Header Injection Vulnerability Open Redirect Vulnerability in Cybozu Garoon Scheduler CSRF Vulnerability in Personalized WooCommerce Cart Page 2.4 and Earlier CSRF Vulnerability in Related YouTube Videos Plugin Arbitrary Execution Vulnerability in VAIO Update 7.3.0.03150 and Earlier Man-in-the-Middle Attack Exploiting VAIO Update's Improper Download File Verification CSRF Vulnerability in HTML5 Maps 1.6.5.6 and Earlier Allows Remote Authentication Hijacking CSRF Vulnerability in Custom CSS Pro 1.0.3 and Earlier Arbitrary web script injection vulnerability in Hikari Denwa router/Home GateWay Hikari Denwa Router/Home GateWay CSRF Vulnerability Arbitrary OS Command Execution in An-Analyzer CGI Management Page Stored Cross-Site Scripting Vulnerability in Access Analysis CGI An-Analyzer DOM-based Cross-Site Scripting Vulnerability in Access Analysis CGI An-Analyzer Vulnerability: Password Disclosure in Access Analysis CGI An-Analyzer Cybozu Garoon 4.0.0 to 4.10.3 SQL Injection Vulnerability CSRF Vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and Earlier CSRF Vulnerability in Category Specific RSS Feed Subscription v2.0 and Earlier Buffer Overflow Vulnerability in PTP (Picture Transfer Protocol) of EOS Series Digital Cameras and PowerShot Cameras Unauthenticated Firmware Update Vulnerability in EOS Series Digital Cameras and PowerShot Cameras Arbitrary SQL Command Execution Vulnerability in Video Insight VMS 7.3.2.5 and Earlier Code Injection Vulnerability in Video Insight VMS Versions Prior to 7.6.1 Buffer Overflow Vulnerability in PTP (Picture Transfer Protocol) of EOS Series Digital Cameras and PowerShot Cameras Buffer Overflow Vulnerability in PTP (Picture Transfer Protocol) of EOS Series Digital Cameras and PowerShot Cameras Buffer Overflow Vulnerability in PTP (Picture Transfer Protocol) of EOS Series Digital Cameras and PowerShot Cameras Buffer Overflow Vulnerability in PTP (Picture Transfer Protocol) of EOS Series Digital Cameras and PowerShot Cameras Arbitrary Web Script Injection Vulnerability in Central Dogma 0.17.0 to 0.40.1 Cross-Site Scripting Vulnerability in EC-CUBE Amazon Pay Plugin 2.12, 2.13 (<=2.4.2) Open Redirect Vulnerability in ApeosWare Management Suite Versions 1.4.0.18 and Earlier, and ApeosWare Management Suite 2 Versions 2.1.2.4 and Earlier Remote Access Bypass Vulnerability in Smart TV Box Firmware Integer Overflow Vulnerability in apng-drawable 1.0.0 to 1.6.0: Denial of Service and Arbitrary Code Execution Unquoted Search Path Privilege Escalation Vulnerability in Yokogawa Products for Windows Open Redirect Vulnerability in SHIRASAGI v1.7.0 and Earlier: Remote Phishing Attack Vector Integer Overflow Vulnerability in LINE(Android) Allows Remote Code Execution via Crafted Image Arbitrary Code Injection Vulnerability in wpDataTables Lite Version 2.0.11 and Earlier Arbitrary SQL Command Execution in wpDataTables Lite Version 2.0.11 and Earlier Arbitrary OS Command Execution Vulnerability in DBA-1510P Firmware 1.70b009 and Earlier Arbitrary OS Command Execution Vulnerability in DBA-1510P Firmware 1.70b009 and Earlier FON2601E Series Firmware Vulnerability: DNS Amplification Attacks Arbitrary Web Script Injection Vulnerability in REMISE Payment Module (2.11, 2.12, and 2.13) version 3.0.12 and earlier Unspecified Remote Information Disclosure Vulnerability in REMISE Payment Module (2.11-2.13) version 3.0.12 and earlier Arbitrary Web Script Injection Vulnerability in NetCommons 3.2.2 and Earlier Untrusted Search Path Vulnerability in STAMP Workbench Installer Allows Privilege Escalation via Trojan Horse DLL Open Redirect Vulnerability in PowerCMS Versions 3.x, 4.x, and 5.x Open Redirect Vulnerability in Library Information Management System LIMEDIO: Remote Phishing Attack Vector Cybozu Office Directory Traversal Vulnerability in Customapp Function Access Restriction Bypass in Cybozu Office 10.0.0 to 10.8.3 via 'Address' Application Authentication Bypass Vulnerability in Rakuma App for Android and iOS Open Redirect Vulnerability in Movable Type Series Privilege Escalation Vulnerability in Multiple MOTEX Products CSRF Vulnerability in WP Spell Check 7.1.9 and Earlier Arbitrary Web Script Injection in Custom Body Class Plugin CSRF Vulnerability in Custom Body Class Plugin Allows Authentication Hijacking Cross-Site Scripting Vulnerability in KINZA RSS Reader Unverified X.509 Certificates in NTV News24 Ver.3.0.0 Vulnerability Arbitrary Code Injection in a-blog cms versions prior to Ver.2.10.23, Ver.2.9.26, and Ver.2.8.64 Arbitrary Script Execution Vulnerability in a-blog CMS Versions Prior to Ver.2.10.23, Ver.2.9.26, and Ver.2.8.64 Athenz v1.8.24 and Earlier Open Redirect Vulnerability Arbitrary Web Script Injection Vulnerability in F-RevoCRM 6.0 to 6.5 patch6 OpenSSH 7.9 Vulnerability: Manipulation of Client Output via Crafted Object Names OpenSSH 7.9 Vulnerability: Manipulation of Client Output by Malicious Server Arbitrary File Overwrite Vulnerability in OpenSSH 7.9 Cross-site Scripting (XSS) Vulnerability in Sell Media Plugin v2.4.1 for WordPress Directory Traversal Vulnerability on ONKYO TX-NR686 A/V Receiver Devices Integer Overflow Vulnerability in Corel PaintShop Pro 2019 Ephemeral or Transient Procedure Vulnerability in Artifex Ghostscript Stored XSS Vulnerability in wpape APE GALLERY Plugin 1.6.14 for WordPress Unauthenticated Email Address Enumeration in NiceHash Miner Missing Authorization Vulnerability in NiceHash Miner Allows Unauthorized Access to Miner's Information Username Enumeration via Error Message Vulnerability in NiceHash Miner Bypassing Access Restrictions in PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 Admin Panel XiaoCms 20141229 SQL Injection Vulnerability with PHP Code Execution Memory Leak in LibTIFF 4.0.10's TIFFFdOpen Function Memory Leak in png_create_info_struct in libpng 1.6.36 SEGV Vulnerability in Artifex MuPDF 1.14.0 Infinite Recursion Vulnerability in Artifex MuPDF 1.14.0 Memory Leak in AP4_DescriptorFactory::CreateDescriptorFromStream Bypassing Start Time Protection Mechanism in PolicyKit 0.115 Memory Leak in libIEC61850 v1.3.1 SEGV Vulnerability in libIEC61850 v1.3.1 Ethernet_setProtocolFilter NULL Pointer Dereference in lib60870's LinkLayer_setAddress Memory leaks in libIEC61850 v1.3.1 when calling Memory_malloc and Memory_calloc Remote Arbitrary File Upload Vulnerability in Forcepoint User ID (FUID) Server Versions up to 1.2 Incomplete Hybrid Registration Process Vulnerability in Forcepoint Email Security 8.4.x and 8.5.x XSS Vulnerability in Forcepoint Email Security 8.5 and 8.5.3 Authentication Bypass Vulnerability in Forcepoint Next Generation Firewall Forcepoint One Endpoint Vulnerability: Disabling Security Features and Bypassing DLP and Web Protection Unquoted Search Path Vulnerability in Forcepoint VPN Client for Windows Cross-Site Scripting (XSS) Vulnerability in Forcepoint Web Security 8.x via Host Header Injection Vulnerability: Database Corruption in Forcepoint NGFW Security Management Center (SMC) Unquoted Search Path Vulnerability in Lenovo Dynamic Power Reduction Utility Lenovo Bootable Generator DLL Search Path Vulnerability Denial of Service Vulnerability in Legacy IBM System x and BladeCenter BIOS Versions Vulnerability: PRx Not Set After Resuming from S3 Sleep Mode in Lenovo Systems Exposure of Private Key in Lenovo System x IMM2 Firmware FFDC Log Clear text storage of HTTP proxy credentials in Lenovo XClarity Administrator (LXCA) log files Stored XSS Vulnerability in Legacy IBM System x IMM Firmware Unauthenticated Access Vulnerability in Iomega and LenovoEMC NAS Products Session Reuse Vulnerability in ThinkAgile CP-SB BMC Firmware Denial of Service Vulnerability in Lenovo System Update Allows Unauthorized Log File Writing Privilege Escalation Vulnerability in PaperDisplay Hotkey Service 1.2.0.8 Cross-Site Request Forgery Vulnerability in Lenovo Service Bridge Remote Code Execution Vulnerability in Lenovo Service Bridge Remote Code Execution Vulnerability in Lenovo Service Bridge Unencrypted FTP Downloads Vulnerability in Lenovo Service Bridge Arbitrary Code Execution Vulnerability in Lenovo ThinkPad Legacy USB Driver ThinkPad BIOS Vulnerability: Unauthorized Firmware Update Exploit Arbitrary Code Execution Vulnerability in Lenovo ThinkPad Legacy USB Driver Privilege Escalation Vulnerability in Lenovo Installation Packages Denial of Service Vulnerability in Lenovo System Update Allows Unauthorized Configuration File Writing ThinkPad USB-C Dock Firmware 3.7.2 Denial of Service Vulnerability Privilege Escalation Vulnerability in Unsupported Lenovo Solution Center Version 03.12.003 Information Leakage Vulnerability in Iomega and LenovoEMC NAS Products with Personal Cloud Enabled XML External Entity (XXE) Processing Vulnerability in Lenovo XClarity Administrator (LXCA), Lenovo XClarity Integrator (LXCI) for Microsoft System Center, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter Stored Cross-Site Scripting (XSS) Vulnerability in Lenovo XClarity Administrator (LXCA) Versions Prior to 2.5.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Lenovo XClarity Administrator (LXCA) Versions Prior to 2.5.0 CSV Injection Vulnerability in Lenovo XClarity Administrator (LXCA) Versions Prior to 2.5.0 Lenovo Energy Management Driver for Windows 10 Denial of Service Vulnerability Local Privilege Escalation Vulnerability in CCSDK Software Version 2.0.21.1 Code Execution Vulnerability in Lenovo System Interface Foundation CSV Injection Vulnerability in Lenovo XClarity Controller (XCC) Untriggered BIOS Tamper Detection in Lenovo ThinkPad T460p and T470p Allows Unauthorized Access Lenovo System Interface Foundation: Unsigned DLL Loading Vulnerability Intermittent PCR Clearing Vulnerability in Lenovo BIOS for Desktop and ThinkStation Systems Local Privilege Escalation Vulnerability in LenovoPaper Software v1.0.0.22 Buffer Overflow Vulnerability in Lenovo Power Management Driver Information Disclosure Vulnerability in Lenovo XClarity Administrator (LXCA) Versions Prior to 2.6.6 Lenovo XClarity Administrator (LXCA) XML External Entity (XXE) Processing Vulnerability Authorization Bypass Vulnerability in Lenovo XClarity Controller (XCC) Privilege Escalation Vulnerability in Lenovo Installation Packages Privileged Network Position Exploit: Arbitrary Code Execution Vulnerability Arbitrary Code Execution Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Elevated Privileges Vulnerability Fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3 Improved State Management to Address Logic Issue in iOS 12.2, macOS Mojave 10.14.4, and tvOS 12.2 Universal Cross-Site Scripting Vulnerability in Safari Reader Feature Memory Corruption Vulnerability in iOS, macOS, and tvOS Vulnerability: Password Autofill Resumes After Cancellation Kernel Memory Disclosure Vulnerability Memory Initialization Vulnerability Kernel Memory Disclosure Vulnerability Memory Corruption Vulnerability in iOS, macOS, tvOS, and watchOS Allows Arbitrary Code Execution Memory Corruption Vulnerability in iOS 12.1.3 and macOS Mojave 10.14.3 Allows Arbitrary Code Execution Arbitrary Code Execution Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Improved Bounds Checking Fixes Buffer Overflow Vulnerability in iOS, macOS, tvOS, and watchOS Type Confusion Vulnerability Allows Sandbox Escape Type Confusion Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Memory Corruption Vulnerability in iOS, macOS, and tvOS Allows Arbitrary Code Execution Improper Validation in Message Processing Leads to Denial of Service Improper Input Validation Leads to Out-of-Bounds Read Vulnerability in macOS Mojave 10.14.3 Privilege Escalation Vulnerability Fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows iOS 12.2 Vulnerability: Unauthorized Microphone Access without Indicator Displayed Group FaceTime Call Vulnerability: Unauthorized Call Answering Exploit Buffer Overflow Vulnerability in FaceTime Call Handling Privilege Escalation Vulnerability in iOS, macOS, and tvOS Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in iOS, tvOS, watchOS, Safari, iTunes, and iCloud Cross-Site Scripting Vulnerability in Safari Fixed in iOS 12.1.3 and Safari 12.0.3 Universal Cross-Site Scripting Vulnerability Fixed in iOS, tvOS, Safari, iTunes, and iCloud Memory Initialization Vulnerability in iOS, macOS, tvOS, and watchOS Improper Bounds Checking Allows Unauthorized Memory Reading Race Condition Vulnerability in iTunes Installer for Windows Arbitrary Code Execution Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Sandbox Bypass Vulnerability in iOS, macOS, tvOS, watchOS, and iTunes Race Condition Vulnerability in iCloud for Windows Installer Arbitrary Code Execution Vulnerability in Multiple Apple Products Symlink Validation Vulnerability in macOS Mojave and High Sierra Gatekeeper Bypass Vulnerability in macOS Mojave 10.14.4 Directory Traversal Vulnerability in GitLab Community and Enterprise Edition before 11.4 MQTTRoute 1.1 build 1018-002 Denial of Service Vulnerability Cleartext SMTP Password Disclosure in Kentico v10.0.42 Cross-Site Scripting (XSS) Vulnerability in Frog CMS 0.9.5 via Forgot Password Page CSRF Vulnerability in UsualToolCMS 8.0 Allows SQL Injection and Arbitrary PHP Code Execution Stack Overflow Vulnerability in Anti-Grain Geometry (AGG) 2.4 Out-of-Bounds Read Vulnerability in SVG++ (svgpp) 1.2.3 Heap-based Buffer Overflow in svgpp_agg_render Function Reflected XSS Vulnerability in PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 CSRF Vulnerability Allows Unauthorized Addition of Admin Account in HuCart v5.7.4 ZeroMQ libzmq v2_decoder_t::size_ready Integer Overflow with Code Execution Address Bar Spoofing Vulnerability in WebKitGTK and WPE WebKit (CVE-2020-XXXX) Denial of Service Vulnerability in LIVE555 Streaming Media Libraries Server Side Request Forgery (SSRF) Vulnerability in elFinder: Unauthorized Access to Internal Network Resources Buffer Overflow Vulnerability in D-Link DIR-822 Rev.Bx Devices SQL Injection in idreamsoft iCMS V7.0.13 via _data_id parameter in article.admincp.php Vulnerability: Arbitrary Read and Write Access to ASPEED BMC's Physical Address Space Stored XSS Vulnerability in Joomla! com_contact Stored XSS Vulnerability in Joomla! before 3.9.2 Stored XSS Vulnerability in Joomla! before 3.9.2 Stored XSS Vulnerability in Joomla! mod_banners Insecure Scripting and AutoUpdate Implementation in Cordaware bestinformed Microsoft Windows Client Versions before 6.2.1.0 Insecure SSL Certificate Verification and Access Pattern Vulnerability in Cordaware Bestinformed Microsoft Windows Client XSS Vulnerability in Premium WP Suite Easy Redirect Manager Plugin CVE-2019-6268 Command Injection Vulnerability in GL.iNet GL-AR300M-Lite Firmware 2.27 Arbitrary File Download Vulnerability in GL.iNet GL-AR300M-Lite Firmware 2.27 GL.iNet GL-AR300M-Lite Directory Traversal Vulnerability Firmware_cgi Command Injection Vulnerability in GL.iNet GL-AR300M-Lite Devices Cross-Site Scripting (XSS) Vulnerability in JPress v1.0.4 via Markdown Input ChinaMobile PLC Wireless Router GPN2.4P21-C-CN Firmware W2001EN-00 Incorrect Access Control Vulnerability CSRF Vulnerability in ChinaMobile PLC Wireless Router GPN2.4P21-C-CN Firmware W2001EN-00 Heap-Based Buffer Over-Read Vulnerability in LibSass 3.5.5 Heap-Based Buffer Over-Read Vulnerability in LibSass 3.5.5 Denial of Service Vulnerability in yaml-cpp (aka LibYaml-C++) 0.6.2 Heap-based Buffer Over-read in LibSass 3.5.5 Persistent Namespace Access Vulnerability in Rancher 2.0.0 through 2.1.5 Unauthenticated Command Injection in Edgecore ECS2020 Firmware 1.0.0.0 Devices Arbitrary PHP Code Execution via File Upload in DedeCMS V57_UTF8_SP2 Stack Exhaustion Vulnerability in Netwide Assembler (NASM) through 2.14.02 Stack Exhaustion Vulnerability in Netwide Assembler (NASM) through 2.14.02 Stack Exhaustion in YAML::SingleDocParser in yaml-cpp 0.6.2 Stack Exhaustion Vulnerability in mark_beginning_as_normal Function in flex 2.6.4 CSRF Vulnerability in EasyCMS 1.5 via index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent URI SQL Injection Vulnerability in Cleanto 5.0 via service_method_ajax.php service_id Parameter SQL Injection Vulnerability in Cleanto 5.0 via assets/lib/export_ajax.php id parameter Insufficient Solution Bundle Signature Validation in HP Printers: Potential Arbitrary Code Execution Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in HP DeskJet 3630 All-in-One Printers HP DeskJet 3630 All-in-One Printers CSRF Vulnerability Tampering Vulnerability in HP Workstation BIOS with Disabled TPM Tampering Vulnerability in HP Workstation BIOS with Disabled TPM Reflected XSS Vulnerability in HP Color LaserJet Pro and LaserJet Pro Printer Series Stored XSS Vulnerability in HP Color LaserJet Pro and LaserJet Pro MFP Printers' Wireless Configuration Page Potential Cross-site Request Forgery Vulnerability in HP Color LaserJet Pro M280-M281 and HP LaserJet Pro MFP M28-M31 Printer Series Potential Buffer Overflow Vulnerability in HP Color LaserJet Pro M280-M281 and HP LaserJet Pro MFP M28-M31 Printer Series Potential Buffer Overflow Vulnerability in HP Color LaserJet Pro M280-M281 and HP LaserJet Pro MFP M28-M31 Printer Series HP Support Assistant Privilege Escalation and Unauthorized File Modification Vulnerability HP Support Assistant Privilege Escalation and Unauthorized File Modification Vulnerability HP Access Control Elevation of Privilege Vulnerability Incomplete Obfuscation of Application Configuration Information in Samsung Mobile Print (Android) Versions Prior to 4.08.007 HP InkJet Printers XSS Vulnerability Local Privilege Escalation Vulnerability in HP Touchpoint Analytics Application Signature Check Bypass Vulnerability in HP Printers Samsung Laser Printers Vulnerability: Potential Denial of Service Exploit HP Inkjet Printers Vulnerable to Malicious Print File Exploitation and Core Dump Generation Vulnerability in Drupal Core's Third-Party PEAR Archive_Tar Library (CVE-2018-1000888) Remote Code Execution Vulnerability in Drupal Core Arbitrary PHP Code Execution Vulnerability in Drupal 8.5.x and 8.6.x File Upload XSS Vulnerability in Drupal 7 and Drupal 8 Access Bypass Vulnerability in Drupal 8.7.4 Workspaces Module 32-bit System Mishandling in SchedMD Slurm Versions 17.11.13 and 18.x before 18.08.5 Heap-Based Buffer Overflow in TLS Benchmark Tool Update Logic Vulnerability in Zemana AntiMalware before 3.0.658 Beta Unauthenticated Password Reset Vulnerability in Shenzhen Coship Routers Out-of-Bounds Write Vulnerability in NTPsec Stack-based Buffer Over-read Vulnerability in NTPsec Stack-based Buffer Over-read in NTPsec's process_control() Function NULL Pointer Dereference and Crash in NTPsec's ntp_control.c (CVE-2020-11868) Remote Code Execution via Unsafe Usage of Pickle in NumPy Arbitrary File Read and Application Execution Vulnerability in ES File Explorer File Manager for Android Unauthenticated POST Access Vulnerability on SOYAL AR-727H and AR-829Ev5 Devices Remote Code Execution via Test Button in Kyocera Command Center RX Remote Command Execution via Argument Injection in mIRC URI Protocol Handlers Stack Buffer Overflow in sd-bus Allows for Denial of Service Double-Free Vulnerability in GNU Recutils 1.8 NULL Pointer Dereference in rec_fex_size() Function of GNU Recutils 1.8 Memory Leak in GNU Recutils 1.8: rec_aggregate_reg_new in rec-aggregate.c Memory Leak in GNU Recutils 1.8: rec_buf_new Function in rec-buf.c Memory Leak in rec_extract_type in GNU Recutils 1.8 NULL Pointer Dereference in rec_field_set_name() Function in GNU Recutils 1.8 Assertion Problem in _cairo_arc_in_direction Function Infinite Loop Vulnerability in Cairo 1.16.0 Improper Application of Zone Transfer Controls in BIND 9.9.0 - 9.13.6 Vulnerability: Assertion Failure in Query.c due to Programming Error in NXDOMAIN-Redirect Feature Vulnerability: Assertion Failure in BIND Supported Preview Edition with nxdomain-redirect and ECS Support Vulnerability: Assertion Failure in BIND DNS Resolver with Malformed RRSIGs Vulnerability: Potential Crash in ISC BIND Library Function Used by DHCPv6 Mode BIND Vulnerability: Race Condition Leading to REQUIRE Assertion Failure in dispatch.c Kea DHCPv6 Server Assertion Failure Vulnerability Assertion Failure in Kea DHCPv4 Server Process due to Invalid Hostname Option Kea Server Lease Storage Vulnerability Mirror Zone Data Validation Bypass Vulnerability QNAME Minimization Vulnerability in BIND Versions 9.14.0-9.14.6 and 9.15.0-9.15.4 TCP Pipelining Vulnerability: Resource Exhaustion and Server Unresponsiveness Abine Blur 7.8.2431 Vulnerability: Second-Factor Auth Bypass via Forgotten Dev Menu TLS Padding Oracle Vulnerability in Citrix NetScaler Gateway and Application Delivery Controller Elliptic Curve Vulnerability in Go Versions 1.10.8 and 1.11.x Command Injection Vulnerability in TP-Link WDR Series Devices through Firmware v3 Segmentation Fault Vulnerability in GNU C Library on x32 Architecture Remote Shortcut Erasure Vulnerability in Lexmark CX, MX, X, XC, XM, XS, and 6500e Devices SQL Injection Vulnerability in RISI Gestao de Horarios v3201.09.08 rev.23 Kernel Pool Memory Leak Vulnerability in IObit Smart Defrag 6 Kernel Pool Memory Leak Vulnerability in IObit Smart Defrag 6 Vulnerability: Arbitrary File Deletion via IMFForceDelete.sys in IObit Malware Fighter 6.2 Remote Code Execution and Denial of Service Vulnerability in Marvell Avastar Wi-Fi Devices SQL Injection Vulnerability in Hotels_Server through 2018-11-05 via controller/fetchpwd.php username parameter Stack-Based Buffer Over-Read Vulnerability in GattLib 0.2 Hardcoded Password Vulnerability in Teradata Viewpoint Unauthenticated Directory Traversal Vulnerability in Axway File Transfer Direct 2.7.1 Out-of-Bounds Read/Write Vulnerability in QEMU 3.1's scsi_handle_inquiry_reply Memory Leak in sc_context_create in libopensc in OpenSC 0.19.0 Deserialization Vulnerability in Chatopera Cosin v3.10.0: Remote Code Execution via Malicious File Upload Persistent Cross-Site Scripting (XSS) Vulnerability in Automic Web Interface (AWI) SQL Injection Vulnerability in SuiteCRM CSRF Vulnerability in creditease-sec insight CSRF Vulnerability in creditease-sec insight CSRF Vulnerability in depart_delete Function in creditease-sec insight CSRF Vulnerability in creditease-sec insight SSRF Vulnerability in WSO2 API Manager 2.6.0 Arbitrary File Upload Vulnerability in WSO2 API Manager 2.6.0 Cross-Site Scripting (XSS) Vulnerability in WSO2 Dashboard Server 2.0.0 Unauthenticated Access to Uploaded API Documentation in WSO2 API Manager 2.6.0 Server-Side Request Forgery (SSRF) Vulnerability in WSO2 Dashboard Server 2.0.0 Improper User Access Control in BD FACSLyric Research and IVD Systems Vulnerability: Moxa IKS and EDS Store Plaintext Passwords Improper Authentication Vulnerability in WebAccess/SCADA Version 8.3 Server-side Authority Check Bypass in Moxa IKS and EDS: Enabling Arbitrary Configuration Changes for Read-Only Users Authentication Bypass Vulnerability in WebAccess/SCADA Version 8.3 Array Bounds Check Failure in Moxa IKS and EDS Devices: Potential Memory Read and Data Leakage Vulnerability SQL Injection Vulnerability in WebAccess/SCADA Version 8.3 Insufficient Authentication Measures in Moxa IKS and EDS Devices Enable Brute Force Password Discovery Privilege Escalation via ArchestrA Network User Account in AVEVA Wonderware System Platform 2017 Update 2 and Prior Plaintext Transmission of Sensitive Data in Moxa Industrial Switches Modbus Gateway Password Change Vulnerability Arbitrary Code Execution in PSI GridConnect Telecontrol Gateway and Smart Telecontrol Unit Family FTP Request Vulnerability in PR100088 Modbus Gateway Heap-Based Buffer Overflow in Panasonic FPWIN Pro Version 7.3.0.0 and Prior Vulnerability: Password Retrieval via MITM Attack in Kunbus PR100088 Modbus Gateway Remote Code Execution in Panasonic FPWIN Pro Version 7.3.0.0 and Prior Unauthenticated Access to Modbus Registers in PR100088 Modbus Gateway Gemalto Sentinel UltraPro Client Library ux32w.dll Uncontrolled Search Path Element Vulnerability Mitsubishi Electric Ethernet Stack Crash Vulnerability Buffer Overflow Vulnerability in LCDS LAquis SCADA Stack-based Buffer Overflow Vulnerabilities in WECON LeviStudioU Version 1.8.56 and Prior Unauthenticated Telemetry Communication Vulnerability in Medtronic MyCareLink Monitor and Implantable Cardiac Devices Heap-based Buffer Overflow Vulnerabilities in WECON LeviStudioU Version 1.8.56 and Prior: Arbitrary Code Execution Unencrypted Telemetry Communication Vulnerability in Medtronic MyCareLink Monitor and Other Devices Arbitrary Code Execution Vulnerability in WECON LeviStudioU Version 1.8.56 and Prior Unauthenticated Remote Reboot Vulnerability in ENTTEC Datagate MK2, Storm 24, and Pixelator Privilege Escalation Vulnerability in AVEVA InduSoft Web Studio and InTouch Edge HMI Privilege Escalation in GE Communicator Arbitrary Process Execution via Specially Crafted Database Connection Configuration File in AVEVA InduSoft Web Studio and InTouch Edge HMI Arbitrary File Placement Vulnerability in GE Communicator Out-of-Bounds Read Vulnerability in Delta Industrial Automation CNCSoft ScreenEditor Hardcoded Credentials Backdoor in GE Communicator FTP-based Retrieval of Plain-Text Credentials in PR100088 Modbus Gateway Multiple Stack-Based Buffer Overflow Vulnerabilities in Advantech WebAccess/SCADA Versions 8.3.5 and Prior Authentication Bypass and Denial-of-Service Vulnerability in Pangea Communications Internet FAX ATA Command Injection Vulnerabilities in Advantech WebAccess/SCADA Stack-based Buffer Overflow in Rockwell Automation RSLinx Classic Improper Access Control Vulnerability in Advantech WebAccess/SCADA Versions 8.3.5 and Prior Improper Input Validation Vulnerability in Cscape 9.80 SP4 and Prior Memory Reference Vulnerability in Omron CX-Programmer v9.70 and Prior Buffer Overflow Vulnerabilities in Moxa IKS and EDS: Remote Code Execution Risk Weak Password Recovery Mechanism in Auto-Maskin RP210E, DCU210E, and Marine Observer Pro Remote Denial of Service Vulnerability in Moxa IKS and EDS Switches Weak Password Recovery Mechanism in Auto-Maskin RP210E, DCU210E, and Marine Observer Pro Title: Moxa IKS and EDS Devices Vulnerable to Cross-Site Request Forgery (CSRF) Attack Cross-Site Scripting (XSS) Vulnerability in Philips Tasy EMR Versions 3.02.1744 and Prior Predictable Cookie Vulnerability in Moxa IKS and EDS Devices Privilege Escalation Vulnerability in GE Communicator Unvalidated User Input in Moxa IKS and EDS Enables XSS Attacks Privilege Escalation via Uninstaller Replacement in GE Communicator Vulnerability: Password Extraction from SCALANCE X-200, X-200IRT, X-300, and X-414-3E Switches Webserver Denial of Service Vulnerability Insufficient Monitor Barrier Allows Unauthorized Data Forwarding and Manipulation Insufficient User Permission Checking in SINEMA Remote Connect Server (All versions < V2.0) SIEMENS LOGO!8 Denial-of-Service Vulnerability Title: Critical SNMP Hardcoded Community String Vulnerability in SIMATIC HMI Panels and WinCC Software Vulnerability in SINAMICS PERFECT HARMONY GH180 with NXG I and II Control Multiple Siemens Products Denial of Service Vulnerability Title: TLS Traffic Decryption Vulnerability in SIMATIC HMI Comfort Panels and WinCC Software Title: Cross-Site Scripting (XSS) Vulnerability in SIMATIC HMI Panels and WinCC Software Denial of Service Vulnerability in SINAMICS PERFECT HARMONY GH180 with NXG I and NXG II Control Remote Code Execution Vulnerability in Spectrum Power 4 (Web Office Portal) Unauthorized Device Property Modification Vulnerability in Siveillance VMS Unauthorized User Role Change Vulnerability in Siveillance VMS Unauthorized Modification of User-Defined Event Properties in Siveillance VMS Session ID Persistence Vulnerability in SIEMENS LOGO!8 Cross-Site Scripting (XSS) Vulnerability in SCALANCE S602, S612, S623, and S627-2M Configuration Web Server XSS Vulnerability in Liferay Portal SimpleCaptcha API Reflected Cross Site Scripting (XSS) Vulnerability in BIG-IP TMUI Excessive Resource Consumption Vulnerability in BIG-IP LTM Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP APM Webtop Configuration SSL Certificate Validation Vulnerability in BIG-IP 14.1.0-14.1.0.1 Zombie POODLE and GOLDENDOODLE: Chosen Ciphertext Attack on BIG-IP Virtual Servers Infinite Loop Vulnerability in Multi-Path TCP (MPTCP) on BIG-IP F5 BIG-IP Access Policy Manager (APM) Admin Web UI XSS Vulnerability DTLS Fragmented ClientHello Memory Corruption Vulnerability Command Execution Vulnerability in BIG-IP Configuration Utility TMUI Malformed Request Vulnerability Remote Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Cross-Site Scripting (XSS) Vulnerability in BIG-IP Administrative Login Page Group Permission Escalation in BIG-IP Application Acceleration Manager (AAM) Insecure Handling of Malicious Requests in BIG-IP Configuration Utility Login Page Malformed TCP Packets Vulnerability in BIG-IP Virtual Servers and Self IPs High-Speed Bridge Lockup Vulnerability Denial of Service Vulnerability in BIG-IP SSL Virtual Server Memory Leak Vulnerability in BIG-IP SNMP Processing Stored Cross-Site Scripting Vulnerability in BIG-IP ASM Configuration Utility Memory Leakage Vulnerability in BIG-IP SNMP Daemon on vCMP Guests Platform Dependent Weakness: Plaintext Storage of Unit Key on iSeries Platforms in BIG-IP Denial of Service Vulnerability in BIG-IP URL Classification PPTP VPN Traffic Processing Logic Vulnerability in BIG-IP Systems DNS Query TCP Connection Aborted Vulnerability Insecure Transmission of Sensitive Configuration Objects via SNMPv2 on BIG-IP Arbitrary File Overwrite Vulnerability in BIG-IP Appliance Mode TMSH Access Exploit Allows Bypassing Appliance Mode Restrictions on BIG-IP Systems TMSH Access Vulnerability on BIG-IP Appliances Vulnerability: Unauthorized File Overwrite by Resource Administrator Role Vulnerability: Unauthorized Filesystem Modification by Resource Administrators HTTP/2 Profile ALPN Zero-Length Extension Vulnerability Undisclosed iControl REST Worker Command Injection Vulnerability Command Injection Vulnerability in iControl REST Worker Command Injection Vulnerability in iControl REST Worker on BIG-IP Multi-Bladed Systems Denial-of-Service Vulnerability in BIG-IP iSession Virtual Server Undisclosed Traffic Pattern Denial-of-Service (DoS) Vulnerability on BIG-IP Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Race condition vulnerability in F5 SSL Orchestrator 14.1.0-14.1.0.5 leading to TMM restart during SSL Forward Proxy bypass action enforcement on transparent virtual server with SNAT enabled TMM Process Termination and Restart Vulnerability in BIG-IP PEM with OpenVPN Classifier Undisclosed SSL Traffic Vulnerability in BIG-IP 14.1.0-14.1.0.5 Undisclosed Traffic Flow Vulnerability in F5 SSL Orchestrator HTTP Header Manipulation Vulnerability in BIG-IP 11.5.1-11.6.4 Insufficient Randomness in vCMP Configuration Unit Key Generation Vulnerability Bypassing Appliance Mode Restrictions in BIG-IP Systems Vulnerability: High Volume Malformed Analytics Report Requests Leading to Instability in restjavad Process Appliance Mode Bypass Vulnerability in BIG-IP Systems Stored Cross-Site Scripting Vulnerability in BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4, and 11.5.1-11.6.4 Application Logic Abuse in BIG-IP (ASM) REST Endpoints Leading to System Instability and OOM Killer Trigger Infinite Loop Vulnerability in BIG-IP iControl REST Endpoint Stored Cross-Site Scripting (XSS) Vulnerability in BIG-IP (AFM, PEM) Subscriber Management Pages Insecure Transmission of Sensitive Configuration Objects via SNMPv2 in BIG-IP Vulnerability: iControl REST Process Crash via Undisclosed Requests on BIG-IP 12.1.0-12.1.4.1 Privilege Escalation via File Upload in BIG-IP, BIG-IQ, iWorkflow, and Enterprise Manager DHCPv6 Request Crafted Attack Vulnerability CVE-2021-XXXX: Unauthorized Access to Debug Node.js Process in BIG-IP FTP Traffic Vulnerability in BIG-IP Virtual Server with Active FTP Profile and Connection Mirroring Privilege Escalation Vulnerability in BIG-IP and Enterprise Manager REST Users Memory Leakage Vulnerability in BIG-IP Control-Plane Authentication Processing Exposure of BIG-IP Secrets in F5 Container Ingress Service (CIS) and Red Hat OpenShift (k8s-bigip-ctlr) Log Files Sensitive Information Exposure and System Configuration Modification Vulnerability in F5 BIG-IP and Enterprise Manager Sensitive Information Exposure and System Configuration Modification Vulnerability in F5 BIG-IP ASM Insecure Configuration Utility Login Page Handling Vulnerability Unauthenticated and Unencrypted Services in BIG-IQ 6.0.0-6.1.0 Stored Cross Site Scripting Vulnerability in BIG-IQ System Vulnerability: Lack of Martian Address Filtering on BIG-IP Control Plane Sensitive Data Leakage Vulnerability in BIG-IP Platforms with AVR, ASM, APM, PEM, AFM, and/or AAM Provisioning Full APM Session ID Exposure in BIG-IP APM Edge Client Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP Traffic Management User Interface (TMUI) SQL Injection Vulnerability in BIG-IP AFM Configuration Utility Denial of Service Vulnerability in BIG-IP Virtual Servers with TLSv1.3 Enabled Excessive Resource Consumption Denial of Service Vulnerability in BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1 Excessive Resource Consumption Vulnerability in BIG-IP APM Sensitive Information Leakage in BIG-IP 13.1.0-13.1.1.4 through Invalid Request Handling BIG-IP, BIG-IQ, iWorkflow, and Enterprise Manager Configuration Utility Anti DNS Pinning Vulnerability Vulnerability: Network Protections on Management Port Not Following Best Practices Vulnerability: Proxy Traffic Interception in BIG-IP ASM and BIG-IQ/Enterprise Manager/iWorkflow Communication TMM Process Core File Generation Vulnerability Excessive Resource Consumption Vulnerability in BIG-IP Virtual Server with FIX Profile Privilege Escalation Vulnerability in BIG-IP APM Edge Client for macOS Undisclosed Traffic Flow Vulnerability in BIG-IP Exposure of Plaintext Unit Key in vCMP Hypervisors on BIG-IP Memory Leakage Vulnerability in BIG-IP Versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1 Performance Degradation in BIG-IP AFM System with Bad-Actor Detection on Wildcard Virtual Server HTTP/2 Full Proxy Mode Disruption of Service Vulnerability TMM Crash Vulnerability in F5 SSL Orchestrator Authentication Bypass Vulnerability in BIG-IP Configurations with Active Directory, LDAP, or Client Certificate LDAP TMM Restart Vulnerability on BIG-IP Virtual Edition (VE) with Virtio Direct Descriptors TCP Profile Custom Congestion Control Vulnerability TMM Process Restart Vulnerability in BIG-IP Versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1 Symlink Bypass Vulnerability in BIG-IP Access Controls Virtual Server Targeting FastL4 Virtual Server Vulnerability Memory Leak Vulnerability in BIG-IP Multicast Forwarding Cache (MFC) Handling Excessive Resource Consumption Vulnerability in BIG-IP ASM System Excessive Flow Usage Vulnerability in BIG-IP Virtual Servers with Loose Initiation Enabled Fragmented Broadcast IP Packet Vulnerability in BIG-IP Virtual Clustered Multiprocessing (vCMP) Elevation of Privilege and Command Execution via iRules in BIG-IP Diameter Connection Overload Vulnerability on BIG-IP X.509 Certificate Authentication Failure in BIG-IP ASM Cloud Security Services Profile Vulnerability: Secret Disclosure via SNMP Query on BIG-IP and BIG-IQ Systems Privilege Escalation via Command Injection in Tidal Workload Automation Agent Improper Input Validation in python-gnupg 0.4.3 allows for unauthorized decryption SQL Injection Vulnerability in phpwind 9.0.2.170426 UTF8 via admin.php?m=backup&c=backup&a=doback tabledb[] parameter DLL Preload Vulnerability in Fortinet FortiClient for Windows 6.2.0 and Below: Arbitrary Code Execution Hard-coded Cryptographic Key Vulnerability in FortiOS Configuration Backup File Root File System Integrity Vulnerability in Fortinet FortiManager VM Application Images URL Redirect Vulnerability in FortiOS Admin WebUI Hard-coded Credentials Vulnerability in FortiRecorder: Unauthorized Control of FortiCameras Stored Cross Site Scripting (XSS) Vulnerability in Fortinet FortiADC 5.3.3 and Earlier Information Exposure Vulnerability in FortiSIEM External Authentication Profile Form Missing SSL Certificate Validation in MasterCard Qkr! App (iOS versions prior to 5.0.8) Arbitrary WordPress Option Update Vulnerability in Total Donations Plugin Use-After-Free Vulnerability in Lua 5.3.5's lua_upvaluejoin in lapi.c SQL Injection Vulnerability in PHPSHE 1.7 via admin.php?mod=product&act=state product_id[] parameter SQL Injection Vulnerability in PHPSHE 1.7 via admin.php?mod=order state parameter CSRF Vulnerability in Zyxel NBG-418N v2 v1.00(AAXM.4)C0 Devices Arbitrary PHP Code Execution in ThinkCMF 5.0.190111 via RouteController.php Path Traversal and Local File Inclusion Vulnerability in BlogEngine.NET Arbitrary File Read Vulnerability in W3 Total Cache Plugin Unauthenticated IDOR Vulnerability in LogonBox Nervepoint Access Manager 2013-2017 Use-after-free vulnerability in libIEC61850 v1.3.1 getState function in iso_server.c Privilege Escalation Vulnerability in Barracuda VPN Client Unauthenticated Access to Admin Password and Modem Interface on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) Devices Arbitrary File Deletion Vulnerability in WP Fastest Cache Plugin Arbitrary Code Execution in Foxit Reader via XFA Remerge Method (ZDI-CAN-7347) Remote Code Execution Vulnerability in Foxit Reader (ZDI-CAN-7353) Arbitrary Code Execution Vulnerability in Foxit Reader (ZDI-CAN-7423) Arbitrary Code Execution Vulnerability in Foxit Reader's popUpMenu Method (ZDI-CAN-7368) Arbitrary Code Execution via HTML to PDF Conversion in Foxit PhantomPDF (ZDI-CAN-7369) Remote Code Execution Vulnerability in Foxit PhantomPDF (ZDI-CAN-7453) Remote Code Execution Vulnerability in Foxit PhantomPDF Remote Code Execution Vulnerability in Foxit PhantomPDF Remote Code Execution Vulnerability in Foxit Reader (ZDI-CAN-7355) Arbitrary Code Execution Vulnerability in Bitdefender SafePay 23.0.10.34 Arbitrary Code Execution via Bitdefender SafePay 23.0.10.34 TIScript openFile Method Vulnerability Arbitrary Code Execution Vulnerability in Bitdefender SafePay 23.0.10.34 (ZDI-CAN-7250) Arbitrary Code Execution via Malicious URIs in Malwarebytes Antimalware 3.6.1.2711 Arbitrary Code Execution via ASN.1 Parser in Samsung Galaxy S9 (CVE-2018-13467) Captive Portal HTML Manipulation Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Samsung Galaxy S9 (ZDI-CAN-7477) Remote Code Execution in Xiaomi Mi6 Browser (CVE-2021-XXXX) Local Authentication Bypass Vulnerability in Samsung Knox 1.2.02.39 on Samsung Galaxy S9 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6 via TIF File Handling Arbitrary Code Execution via EZI File Handling in Foxit Studio Photo 3.6.6 Arbitrary Code Execution via EZI File Handling in Foxit Studio Photo 3.6.6 Arbitrary Code Execution via EZIX File Handling in Foxit Studio Photo 3.6.6 Arbitrary Code Execution via EZI File Handling in Foxit Studio Photo 3.6.6 Arbitrary Code Execution Vulnerability in Foxit Studio Photo 3.6.6.779 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.3.10826 Integer Overflow Vulnerability in Foxit Reader 9.3.0.10826 (ZDI-CAN-7561) Arbitrary Code Execution Vulnerability in Foxit Reader 9.3.10826 (ZDI-CAN-7407) Arbitrary Code Execution Vulnerability in Foxit Reader 9.3.10826 (ZDI-CAN-7613) Remote Code Execution Vulnerability in Foxit PhantomPDF 9.4.0.16811 Arbitrary Code Execution Vulnerability in Foxit Reader 9.4.16811 (ZDI-CAN-7696) Remote Code Execution Vulnerability in Foxit Reader 9.4.16811 via ConvertToPDF_x86.dll Arbitrary Code Execution Vulnerability in Foxit Reader 9.3.10826 (ZDI-CAN-7614) Arbitrary Code Execution Vulnerability in Foxit Reader 9.4.16811 (ZDI-CAN-7694) Arbitrary Code Execution Vulnerability in Foxit Reader 9.4.0.16811 (ZDI-CAN-7777) Arbitrary Code Execution via HTML to PDF Conversion in Foxit PhantomPDF 9.4.1.16828 Arbitrary Code Execution in Foxit Reader 9.4.1.16828 via ToggleFormsDesign Method (ZDI-CAN-7874) Arbitrary Code Execution via XFA Template Objects in Foxit Reader 9.4.1.16828 Arbitrary Code Execution via HTML to PDF Conversion in Foxit PhantomPDF 9.4.1.16828 Remote Code Execution Vulnerability in Foxit Reader 9.4.1.16828 Arbitrary Code Execution Vulnerability in Foxit Reader 9.4.1.16828 Arbitrary Code Execution Vulnerability in Foxit Reader 9.4.1.16828 Arbitrary Code Execution Vulnerability in Foxit Reader 9.4.1.16828 Remote Code Execution Vulnerability in Foxit Reader 9.4.1.16828 Remote Code Execution Vulnerability in Foxit Reader 2019.010.20098 Remote Code Execution Vulnerability in Foxit Reader 2019.010.20098 Remote Code Execution Vulnerability in Foxit Reader 9.4.1.16828 Arbitrary Code Execution Vulnerability in Foxit Reader 9.4.1.16828 Arbitrary Code Execution Vulnerability in Foxit Reader 9.5.0.20723 Arbitrary Code Execution via removeField Method in Foxit PhantomPDF 9.5.0.20723 Reflected XSS Vulnerability in ZoneMinder v1.32.3 via plugin.php Heap-Based Buffer Overflow in tcp_emu of QEMU 3.0.0 CSRF Vulnerability in CSCMS 4.1.8 Allows Unauthorized Modification of Friend Links Improper Handling of External Links in Wise Chat Plugin for WordPress Improper Input Validation Allows Injection of Malicious Links in GitLab Notification Emails Information Disclosure Vulnerability in GitLab Community and Enterprise Edition GitLab Pages Directory Traversal Vulnerability Leading to Remote Command Execution Persistent XSS vulnerability in GitLab Community and Enterprise Edition before 11.7.1 Denial of Service Vulnerability in GitLab Community and Enterprise Edition LFS Object Access Control Vulnerability Improper Access Control in GitLab API Allows Unauthorized Access to Trigger Tokens Covert Redirect Vulnerability in GitLab OAuth Integration Information Disclosure in GitLab Community and Enterprise Edition before 11.7.1 Insecure Access Control Allows Guest Users to View Group Merge Requests Incorrect Access Control during Project Import Path Disclosure Vulnerability in GitLab Community and Enterprise Edition Unauthenticated Blind SSRF Vulnerability in GitLab Jira Integration Information Disclosure Vulnerability in GitLab Community and Enterprise Edition Insufficient Visual Distinction of Homoglyphs and RTLO Characters in GitLab Persistent XSS vulnerability in GitLab Community and Enterprise Edition before 11.7.1 Information Disclosure Vulnerability in GitLab Enterprise Edition SQL Injection Vulnerability in phpMyAdmin Designer Feature Arbitrary File Read Vulnerability in phpMyAdmin Arbitrary Command Injection in TitanHQ SpamTitan through 7.03 CRLF Injection and Possible XSS Attacks in pypiserver 1.2.5 and Below XSS and Remote Command Execution Vulnerability in Typora 0.9.9.20.3 Beta via Left Outline Bar Cross-Site Scripting (XSS) Vulnerability on Job Edit Page in Rundeck Community Edition SQL Injection Vulnerability in S-CMS V3.0 via alipay/alipayapi.php O_id Parameter Modicon Controllers: SNMP Information Disclosure Vulnerability Uncaught Exception Vulnerability in Modicon Controllers: Potential Denial of Service via Modbus Remote Code Execution via Modbus Configuration Overwrite Uncaught Exception Vulnerability in Modicon Controllers: Potential Denial of Service Unauthorized Command Execution in BMXNOR0200H Ethernet / Serial RTU Module Denial of Service Vulnerability in Modicon Quantum 140 NOE771x1 (CWE-754) BMX-NOR-0200H Firmware Vulnerability: Hardcoded Credentials Expose Confidentiality Risk Denial of Service Vulnerability in BMXNOR0200H Ethernet / Serial RTU Module and Modicon M340 Controller CWE-287: Improper Authentication in NET55XX Encoder Firmware CWE-264: Access Control Vulnerability in Modicon Quantum PLCs via Ethernet/IP Protocol CWE-94: Code Injection Vulnerability in Modicon Quantum Firmware Allows Unauthorized Firmware Modification and Denial of Service Denial of Service Vulnerability in Modicon Controllers Title: Critical Function Authentication Bypass Vulnerability in Modicon and PacDrive Devices Insufficiently Random Values Vulnerability in Modicon M580, M340, Premium, and Quantum Firmware Remote Code Execution Vulnerability in Zelio Soft 2: CWE-416 Arbitrary Code Execution Vulnerability in ProClima (Versions Prior to 8.0.0) Arbitrary Code Execution Vulnerability in ProClima (Versions Prior to 8.0.0) Uncontrolled Search Path Element Vulnerability in ProClima (Versions Prior to 8.0.0) Arbitrary Code Execution Vulnerability in SoMachine HVAC v2.4.1 and Earlier Versions Out-of-bounds Write Vulnerability in Interactive Graphical SCADA System (IGSS) Version 14 and Prior Denial of Service Vulnerability in Modicon Controllers Uncaught Exception Vulnerability in Modicon M580 and M340 Controllers Uncaught Exception Vulnerability in Modicon M580 (Versions Prior to V2.80) Denial of Service Vulnerability in BMXNOR0200H Ethernet / Serial RTU Module Authentication Bypass Vulnerability in spaceLYnk and Wiser for KNX (Versions < 2.4.0) Uncontrolled Frame Rate Vulnerability in Magelis HMI Panels Arbitrary Code Execution via Deserialization in Schneider Electric Software Update (SESU) SUT Service (V2.1.1 to V2.3.0) U.motion Server Cross-Site Scripting (XSS) Vulnerability U.motion Server Incorrect Authorization Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in U.motion Server: Exposing Server Configuration Data Privilege Escalation: Unauthorized File Deletion in U.motion Server Unrestricted File Upload Vulnerability in U.motion Server Arbitrary Command Execution Vulnerability in U.motion Server Denial of Service Vulnerability in Modicon PLCs during Firmware Upgrade Firmware Upgrade Denial of Service Vulnerability in Modicon PLCs Denial of Service Vulnerability in Modicon PLCs via Empty Firmware Package Upgrade Denial of Service Vulnerability in Modicon PLCs via Invalid Web Server Image Upgrade CWE-319: Cleartext Transmission of Sensitive Information in Modicon Controllers via Modbus TCP Protocol CWE-319: Cleartext Transmission of Sensitive Information in Modicon M580, M340, BMxCRA, and 140CRA Modules via FTP Denial of Service Vulnerability in Modicon Controllers and Modules Denial of Service Vulnerability in Modicon M580 CPU and Communication Module CWE-200: Information Exposure in Modicon M580, BMENOC 0311, and BMENOC 0321 via REST API Modbus Services CWE-200: Information Exposure via REST API in Modicon M580, Modicon BMENOC 0311, and Modicon BMENOC 0321 TFTP Protocol Information Disclosure Vulnerability in Modicon Controllers CWE-200: Information Exposure Vulnerability in Modicon Controllers: Disclosure of FTP Hardcoded Credentials Andover Continuum Web Server XSS Vulnerability Improper Authentication Vulnerability in EcoStruxure Geo SCADA Expert (ClearSCADA) Bypassing Authentication in EcoStruxure Control Expert and Modicon Controllers Denial of Service Vulnerability in Modicon PLCs via Modbus TCP Denial of Service Vulnerability in Modicon PLCs via Modbus TCP Memory Block Reading Privilege Escalation via Uncontrolled Search Path Element in MSX Configurator CWE-798: Modicon Controllers Hardcoded FTP Credentials Disclosure Vulnerability Buffer Over-read Vulnerability in FAAD2 2.8.8 Bosch Video Management System (BVMS) and Related Products Vulnerability: Unauthorized Code Execution via Network Interface Bosch Video Management System (BVMS) Vulnerability: Unauthorized Access and Data Manipulation Incorrect Access Control in GitLab Community and Enterprise Edition Improper Access Control Allows Unauthorized Control of Privileged Configurations Shell Injection Vulnerability in CcspWifiAgent Module Remote Code Execution Vulnerability in RDKB-20181217-1 CcspPandM Module Heap-based Buffer Over-read Vulnerability in Service_SetParamStringValue in CcspPandM Module XSS Vulnerability in i-doit Open 1.12 via qr.php URL Parameter Excessive Memory Allocation Vulnerability in Bento4 1.5.1-628 AirTies Air5341 1.0.0.12 Devices CSRF Vulnerability in cgi-bin/login D-Link DVA-5592 20180823 Web Interface XSS Vulnerability Authentication Bypass Vulnerability in D-Link DVA-5592 20180823 Web Interface SSRF Vulnerability in Moodle 3.5.x before 3.5.4 Authentication Bypass Vulnerability in TP-Link TL-WR1043ND V2 Devices Vulnerability: Weak Credentials and Easy Decoding on TP-Link TL-WR1043ND V2 Devices Vulnerability: Denial of Service in Sricam IP CCTV Cameras Race condition in kvm_ioctl_create_device in Linux kernel before 4.20.8 leads to use-after-free vulnerability Uncontrolled Memory Consumption in Django's numberformat.format() Function Memory Leakage Vulnerability in libvips Heap-based Buffer Overflow in gdImageColorMatch function in LibGD Double Free Vulnerability in LibGD 2.2.5 XSS Vulnerability in User IP History Logs Plugin for MyBB Insecure Object Deserialization Vulnerability in Synacor Zimbra Collaboration Suite IMAP Component Blind SSRF Vulnerability in Zimbra Collaboration Suite Feed Component Out-of-Bounds Write Vulnerability in Foxit 3D Plugin Beta Integer Overflow Vulnerability in Foxit 3D Plugin Beta Use-After-Free and Type Confusion Vulnerability in Foxit 3D Plugin Beta Out-of-Bounds Read and Heap Overflow Vulnerability in Foxit 3D Plugin Beta VIVO Vitro v1.10.0 SPARQL Injection Vulnerability Denial of Service Vulnerability in OpenJPEG 2.3.0 Stack-based Buffer Overflow in TP-Link TL-WR940N: Remote Code Execution Stored-Self XSS Vulnerability in ZoneMinder 1.32.3 Stack-based Buffer Overflow in zmLoadUser() Function in ZoneMinder through 1.32.3 Stored-Self XSS Vulnerability in ZoneMinder 1.32.3: Remote Code Execution via controlcaps.php Incorrect Access Control Allows Commenting on Locked Project Issues Incorrect Access Control in GitLab Enterprise Edition Allows Project Maintainers to View Membership of Private Groups Incorrect Access Control Allows Guest Users to View Merge Request Titles Avaya Aura Conferencing Web UI XSS Vulnerability SQL Injection Vulnerability in IP Office Contact Center WebUI SQL Injection Vulnerability in Avaya Control Manager Reporting Component Cross-Site Scripting (XSS) Vulnerability in IP Office Application Server WebUI Component Remote Information Disclosure Vulnerability in IP Office Web Interface Weak Cryptographic Algorithms in Avaya one-X Communicator Client Authentication Component Directory Traversal Vulnerability in Avaya Equinox Management (iView) Versions R9.1.9.0 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Privilege Escalation Vulnerability Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Double Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Buffer Errors Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader: Data Leakage Vulnerability Out-of-Bounds Read Vulnerability in Flash Player Desktop Runtime and Browsers Deserialization of Untrusted Data Vulnerability in ColdFusion Versions Cross-Site Scripting Vulnerability in ColdFusion Versions Update 1 and Earlier, Update 7 and Earlier, and Update 15 and Earlier Insecure Library Loading Vulnerability in Creative Cloud Desktop Application Installer Heap Corruption Vulnerability in Adobe Photoshop CC 19.1.7 and Earlier, and 20.0.2 and Earlier Heap Overflow Vulnerability in Adobe Digital Editions 4.5.10.185749 and Below: Arbitrary Code Execution Use After Free Vulnerability in Adobe Flash Player (Versions 32.0.0.156 and Earlier) Insecure Protocol Implementation Vulnerability in Adobe Dreamweaver: Potential Sensitive Data Disclosure via SMB Relay Attack Memory Corruption Vulnerability in Adobe Shockwave Player Memory Corruption Vulnerability in Adobe Shockwave Player Memory Corruption Vulnerability in Adobe Shockwave Player Memory Corruption Vulnerability in Adobe Shockwave Player Memory Corruption Vulnerability in Adobe Shockwave Player Memory Corruption Vulnerability in Adobe Shockwave Player Memory Corruption Vulnerability in Adobe Shockwave Player Path Traversal Vulnerability in Adobe XD Versions 16.0 and Earlier: Arbitrary Code Execution Path Traversal Vulnerability in Adobe XD Versions 16.0 and Earlier: Arbitrary Code Execution Unsafe Hyperlink Processing Vulnerability in Adobe InDesign Versions 14.0.1 and Below Out-of-Bounds Read Vulnerability in Adobe Flash Player (CVE-2020-3757) Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Stored Cross-Site Scripting Vulnerability in Adobe Experience Manager Forms (Versions 6.2, 6.3, and 6.4) Heap Overflow Vulnerability in Adobe Bridge CC 9.0.2: Remote Code Execution Type Confusion Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Bridge CC 9.0.2 Out-of-Bounds Read Vulnerability in Adobe Bridge CC 9.0.2 Out-of-Bounds Read Vulnerability in Adobe Bridge CC 9.0.2 Out-of-Bounds Read Vulnerability in Adobe Bridge CC 9.0.2 Use After Free Vulnerability in Adobe Bridge CC 9.0.2: Risk of Information Disclosure Memory Corruption Vulnerability in Adobe Bridge CC 9.0.2: Risk of Information Disclosure Out-of-Bounds Read Vulnerability in Adobe Bridge CC 9.0.2 SQL Injection Vulnerability in Magento 2.1, 2.2, and 2.3 Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Buffer Over-read Vulnerability in elfutils 0.175 Buffer Over-read Vulnerability in NASM 2.14rc16: Denial-of-Service Exploitation Denial-of-Service Vulnerability in libelf's read_long_names Function Heap-based Buffer Over-read Vulnerability in libdw in elfutils 0.175 Segmentation Fault in elf64_xlatetom in elfutils 0.175 NULL Pointer Dereference Vulnerability in Binaryen 1.38.22 Heap-based Buffer Over-read in wasm::WasmBinaryBuilder::processFunctions() in Binaryen 1.38.22 NULL Pointer Dereference in wasm::WasmBinaryBuilder::processFunctions() in Binaryen 1.38.22 Heap-based Buffer Overflow in Binaryen 1.38.22 Incorrect Access Control in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1: Retention of User Role in Private Group after Removal Division by Zero Vulnerability in libdoc through 2019-01-28 Incorrect Access Control in OX App Suite 7.10.0 and earlier Information Exposure in OX App Suite 7.10.1 and earlier Arbitrary PHP Code Execution Vulnerability in iCMS 7.0.13 Fixed Ciphering Keys in Zoho ManageEngine ADSelfService Plus 5.x Allows for Data Decryption Unauthenticated Information Disclosure and Product Installation Modification in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607 Authentication Bypass Vulnerability in Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 Web Interface SQLAlchemy: SQL Injection via order_by Parameter Buffer Overflow Vulnerability in DOSBox 0.74-2 Enables Arbitrary Code Execution Zcash Counterfeiting Vulnerability: Bypassing Consistency Check in Pre-Sapling Network Upgrade Stored-Self XSS Vulnerability in Croogo v3.0.5: Remote Code Execution in Blog Field Stored-Self XSS Vulnerability in Croogo v3.0.5: Execution of HTML/JavaScript Code via Title Field in /admin/menus/menus/edit/3 Stored-Self XSS Vulnerability in Croogo v3.0.5: Execution of HTML/JavaScript Code via Vulnerable Title Field Stored-Self XSS Vulnerability in Croogo v3.0.5: Execution of HTML/JavaScript Code via Title Field in /admin/blocks/blocks/edit/8 Stored-Self XSS Vulnerability in ATutor v2.2.4 Stored-Self XSS Vulnerability in Croogo v3.0.5: Execute Code via Title Field in /admin/file-manager/attachments/edit/4 Vulnerability: Arbitrary File Operations in Roxy Fileman 1.4.5 Memory leaks in DecodeImage in coders/pcd.c in ImageMagick before 7.0.8-25 Incorrect Access Control Allows Guest Users to Add Reaction Emojis on Inaccessible Comments Code Injection Vulnerability in Pexip Infinity before 20.1 Privilege Escalation via System Backup Restoration in Pexip Infinity before 20.1 Buffer Overflow Vulnerability in myQNAPcloud Connect 1.3.3.0925 and Earlier: Remote Crash Exploit Improper Link Resolution Vulnerability Enables Unauthorized Access to System Files Remote Code Execution Vulnerability in Video Station Allows Injection of Scripts on Administrator's Management Console Remote Code Execution Vulnerability in Music Station Allows Injection of Malicious Scripts Improper Access Control Vulnerability in QNAP Photo Station Allows Unauthorized Remote Access Arbitrary Code Injection Vulnerability in QNAP QTS External Control of File Name or Path Vulnerability in QNAP Photo Station External Control of File Name or Path Vulnerability in QNAP Photo Station Stored Cross-Site Scripting (XSS) Vulnerability in QTS Command Injection Vulnerability in QNAP QTS and QuTS hero Unquoted Service Path Vulnerability in QNAP NetBak Replicator Stored XSS Vulnerability in SmarterTools SmarterMail 16.x before build 6995 Hardcoded Secret Keys in SmarterTools SmarterMail 16.x Allows Unauthorized Access to Emails and File Attachments Directory Traversal Vulnerability in SmarterTools SmarterMail 16.x Remote Code Execution Vulnerability in SmarterTools SmarterMail 16.x Session Cookie Invalidation Vulnerability in Progress Sitefinity 10.1.6536 FileChucker 4.99e-free-e02 File Upload Filter Bypass Vulnerability User Enumeration Vulnerability in Citrix ShareFile Downgrade Attack Vulnerability in Citrix ShareFile: Bypassing Two-Factor Authentication Unauthenticated Reflected XSS Vulnerability in Zarafa Webapp 2.0.1.47791 and Earlier X-Cart V5 CategoryFilter2 Parameter XSS Vulnerability Linux Kernel KVM Use-after-Free Vulnerability Linux Kernel KVM Information Leak Vulnerability Stored XSS in InvoicePlane 1.5 via invoice_password parameter in Create Invoice option Undocumented Administrative Accounts with Default Credentials in ABB HMI Components Unauthenticated Access to Privileged Functions via ABB IDAL HTTP Server CGI Interface Arbitrary Directory Traversal and Unauthorized Access in ABB IDAL FTP Server Format String Vulnerability in ABB IDAL HTTP Server Lack of Encryption and Authenticity Checks in ABB CP635 HMI Firmware Upgrade Methods Format String Vulnerability in ABB IDAL FTP Server ABB IDAL FTP Server Buffer Overflow Vulnerability ABB IDAL HTTP Server Buffer Overflow Vulnerability NULL Pointer Dereference in doc2text function of catdoc.c Directory Traversal Vulnerability in idreamsoft iCMS 7.0.13 Arbitrary Directory Deletion Vulnerability in idreamsoft iCMS 7.0.13 Directory Traversal Vulnerability in idreamsoft iCMS 7.0.13 Directory Traversal Vulnerability in idreamsoft iCMS 7.0.13 Incorrect Access Control in Sonatype Nexus Repository Manager before 3.15.0 Arbitrary MSR Write Vulnerability in Moo0 System Monitor 1.83 Arbitrary MSR Write Vulnerability in AIDA64 Arbitrary MSR Write Vulnerability in TechPowerUp GPU-Z Privilege Escalation via Arbitrary MSR Writes in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0 Privilege Escalation via Arbitrary MSR Writes in AMD OverDrive Driver Time-to-check-time-to-use vulnerability in Keybase on macOS allows unauthorized tampering of user installs Stored XSS Vulnerability in Cross Reference Add-on 36 for Google Docs Integer Signedness Issue in res_pjsip_sdp_rtp Module Allows Remote Crash Default Credentials in Linear eMerge E3-Series Devices Directory Traversal Vulnerability in Linear eMerge E3-Series Devices File Inclusion Vulnerability in Linear eMerge E3-Series Devices Cross-Site Scripting (XSS) Vulnerability in Linear eMerge E3-Series Devices Command Injection Vulnerability in Linear eMerge E3-Series Devices Unrestricted File Upload Vulnerability in Linear eMerge E3-Series Devices Privilege Escalation Vulnerability in Linear eMerge E3-Series Devices Authorization Bypass and Information Disclosure Vulnerability in Linear eMerge E3-Series Devices Cleartext Credentials Vulnerability in Linear eMerge E3-Series Devices Hard-coded Credentials in Linear eMerge E3-Series Devices Cross-Site Request Forgery (CSRF) Vulnerability in Linear eMerge E3-Series Devices Version Control Failure in Linear eMerge E3-Series Devices Stack-based Buffer Overflow Vulnerability in Linear eMerge E3-Series Devices on ARM Platform Remote Code Execution Vulnerability in Linear eMerge E3-Series Devices Authentication Bypass Vulnerability in Linear eMerge 50P/5000P Devices Cookie Path Traversal Vulnerability in Linear eMerge 50P/5000P Devices Unauthenticated File Upload Vulnerability in Linear eMerge 50P/5000P Devices Authenticated Command Injection with Root Code Execution in Linear eMerge 50P/5000P Devices Cross-Site Request Forgery (CSRF) Vulnerability in Linear eMerge 50P/5000P Devices Default Credentials in Nortek Linear eMerge 50P/5000P Devices Username Disclosure Vulnerability in Optergy Proton/Enterprise Devices Cross-Site Request Forgery (CSRF) Vulnerability in Optergy Proton/Enterprise Devices Vulnerability: Authenticated File Upload with Root Code Execution in Optergy Proton/Enterprise Devices Open Redirect Vulnerability in Optergy Proton/Enterprise Devices Backdoor Console Vulnerability in Optergy Proton/Enterprise Devices Allows Remote Root Code Execution Unauthenticated Internal Network Information Disclosure in Optergy Proton/Enterprise Devices Unauthenticated SMS Sending Service in Optergy Proton/Enterprise Devices Hard-coded Credentials in Optergy Proton/Enterprise Devices Insufficient Length Session-ID Vulnerability in Prima Systems FlexAir Unauthenticated Remote Code Execution in Prima Systems FlexAir Remote Code Execution Vulnerability in NetKit rcp Client Arbitrary File Overwrite Vulnerability in rcp S/MIME Signature Spoofing Vulnerability Fixed in iOS 12.2 Use After Free Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Elevated Privileges Vulnerability Patched in iOS 12.1.4 and macOS Mojave 10.14.3 Supplemental Update iOS 12.1.4 Patch: Memory Corruption Vulnerability Allows Arbitrary Code Execution FaceTime Live Photos Vulnerability Patched in macOS Mojave and iOS 12.1.4 Improper Path Validation Allows Local User to Access Sensitive User Information Sandbox Circumvention Vulnerability in Shortcuts 2.1.3 for iOS Denial of Service Vulnerability in AirPort Base Station Firmware Disclosure of Process Memory Vulnerability Memory Corruption Vulnerability Allows Local User to Read Kernel Memory XSS and Remote Command Execution Vulnerability in Typora 0.9.63 XSS and Remote Command Execution Vulnerability in Typora 0.9.64 Command Injection Vulnerability in D-Link DIR-823G Devices Command Injection Vulnerability in D-Link DIR-823G Devices Stored XSS Vulnerability in WP Support Plus Responsive Ticket System Plugin 9.1.1 for WordPress Arbitrary Command Execution in Artica Proxy 3.06.200056 Arbitrary Command Execution Vulnerability in Zen Load Balancer 3.10.1 Vulnerability in Canonical snapd Allows Terminal Character Injection Arbitrary Command Execution Vulnerability in Canonical snapd eXtplorer Information Exposure Vulnerability: World-Accessible System Directories Over HTTP Byobu Apport Hook Vulnerability: Disclosure of Sensitive Information TOCTTOU vulnerability in Apport allows local attackers to read arbitrary files Out-of-Bounds Speculation Vulnerability in Linux Kernel's BPF Verifier Vulnerability: Incorrect Return Value in memcmp Function for x32 Architecture in GNU C Library Heap-based Buffer Over-read Vulnerability in Poppler 0.73.0 Lack of Encryption in Linksys WRT1900ACS Admin-Auth Cookie Storage Vulnerability Limited plaintext disclosure vulnerability in PRIMX Zed Enterprise and Zed Pro versions before 6.1.2240 for Windows, before 2.0.199 for Mac, and before 2.0.199 for Linux, and in Zed Free versions before 1.0.195 for Windows, before 1.0.199 for Mac, and before 1.0.199 for Linux. CRLF Injection in Buildbot's Redirect Parameter Allows Cross-Site Scripting Use-After-Free Vulnerability in liblivemedia Directory Traversal Vulnerability in Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera SQL Injection Vulnerability in CSS-TRICKS Chat2 (2015-05-05) Use-after-free vulnerability in libpng's png_image_free in png.c Privilege Escalation Vulnerability in Cloudera Hue 6.0.0 - 6.1.0 Heap Overflow Vulnerability in Artifex MuPDF 1.14: Uninitialized Variable in fz_load_jpeg Function Insecure Update Process Allows Arbitrary Code Execution in LightySoft LogMX XSS Vulnerability in Pagination Sorting of Kanboard before 1.2.8 ZoneMinder 1.32.3 - Reflected Cross Site Scripting (XSS) Vulnerability ZoneMinder 1.32.3 - Self-Stored Cross Site Scripting (XSS) Vulnerability in Host Parameter ZoneMinder 1.32.3 Reflected Cross Site Scripting (XSS) Vulnerability ZoneMinder 1.32.3 Reflected Cross Site Scripting (XSS) Vulnerability ZoneMinder 1.32.3 Reflected Cross Site Scripting (XSS) Vulnerability ZoneMinder 1.32.3 Reflected Cross Site Scripting (XSS) Vulnerability ZoneMinder 1.32.3 - Self-Stored Cross Site Scripting (XSS) in signal check color field ZoneMinder 1.32.3 Reflected Cross Site Scripting (XSS) Vulnerability in download.php ZoneMinder 1.32.3 Reflected Cross Site Scripting (XSS) Vulnerability ZoneMinder 1.32.3 Reflected Cross Site Scripting (XSS) Vulnerability in Exportfile Parameter ZoneMinder 1.32.3 Self-Stored XSS Vulnerability in 'log' View Insecure Input Handling in ZoneMinder: Self-Stored Cross-Site Scripting (XSS) Vulnerability ZoneMinder 1.32.3 Reflected Cross Site Scripting (XSS) Vulnerability in 'events.php' ZoneMinder 1.32.3 Vulnerability: Self-Stored XSS in 'Group Name' Field Cross Site Scripting (XSS) Vulnerability in ZoneMinder 1.32.3 via 'level' Parameter in log.php ZoneMinder 1.32.3 - Cross Site Scripting (XSS) Vulnerability in filter.php ZoneMinder 1.32.3 - Reflected Cross Site Scripting (XSS) in 'newMonitor[LinkedMonitors]' Parameter Cross Site Scripting (XSS) Vulnerability in ZoneMinder 1.32.3 ZoneMinder 1.32.3 - Reflected Cross Site Scripting (XSS) in monitor.php Reflected XSS Vulnerability in ZoneMinder 1.32.3: Unfiltered Execution of HTML/JavaScript Code in 'filter[Name]' Field ZoneMinder 1.32.3 - Unvalidated Input in 'options.php' Allows Self-Stored XSS CSRF Vulnerability in ZoneMinder: Bypassing CSRF Check with Try Again Button TOCTOU Race Condition in ZoneMinder: Persistent Session Access Vulnerability ZoneMinder 1.32.3 - Self-Stored Cross Site Scripting (XSS) Vulnerability in User View ZoneMinder 1.32.3 - Reflected Cross Site Scripting (XSS) Vulnerability in monitor.php Session Fixation Vulnerability in ZoneMinder 1.32.3: Account Hijacking through Cookie Fixation ZoneMinder Log Injection Vulnerability ZoneMinder 1.32.3 - Self-Stored Cross Site Scripting (XSS) Vulnerability Unauthorized Access to Confidential Issue and Merge Request Titles in GitLab Cross-Site Scripting (XSS) Vulnerability in Subrion CMS v4.2.1 via panel/phrases/ VALUE Parameter CSRF Vulnerability in Subrion CMS 4.2.1 Allows Remote Activation/Deactivation of Plugins Heap Overflow Vulnerability in Autodesk Software Heap Overflow Vulnerability in Autodesk Software DXF-parsing Use-After-Free Vulnerability in Autodesk Software Code Execution Vulnerability in Multiple Autodesk Products via Malicious .actm File Autodesk Design Review DLL Preloading Vulnerability Autodesk Design Review Use-After-Free Code Execution Vulnerability DLL Preloading Vulnerability in Autodesk Software: Exploiting AutoCAD's Weaknesses Autodesk Desktop Application DLL Preloading Vulnerability Critical Buffer Overflow Vulnerability in Autodesk FBX SDK 2019.5 Shell Command Injection via ISP File Description in Systrome Cumilon Devices Authenticated Shell Command Injection in Raisecom ISCOM HT803G Series Authenticated Shell Command Injection in Raisecom ISCOM HT803G Series Gecko Denial of Service Vulnerability on KaiOS 2.5 Local File Inclusion Vulnerability in Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W Devices Incorrect Access Control in D-Link DIR-823G Firmware 1.02B03 Allows Unauthorized Access to Client Information Incorrect Access Control in D-Link DIR-823G Firmware 1.02B03 Allows Unauthorized Router Reset Remote DNS Hijacking Vulnerability in D-Link DIR-823G Devices CSRF Vulnerability in ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 Devices Improper Authentication Vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status UI Redress Vulnerability in CA Strong Authentication and CA Risk Authentication Privilege Escalation in CA Strong Authentication and CA Risk Authentication Memory Leak in WritePSDChannel in ImageMagick Memory Leak in ReadSIXELImage in ImageMagick Memory Leaks in WritePDFImage in ImageMagick and GraphicsMagick Memory Leak in WriteDIBImage in ImageMagick Man-in-the-Middle Vulnerability in Amazon Fire OS: Exploiting HTTP Requests for Terms of Use and Privacy Pages Rukovoditel before 2.4.1 Vulnerability: Cross-Site Scripting (XSS) Heap-based Buffer Overflow in NGINX Unit Router Process XSS and CSRF Vulnerability in PHPMyWind 5.5 via GetQQ Function Arbitrary Folder Deletion Vulnerability in PHPMyWind 5.5 Unauthenticated Log File Disclosure Vulnerability on LG GAMP-7100, GAPM-7200, and GAPM-8000 Routers Multiple Cross-Site Scripting (XSS) Vulnerabilities in ProfileDesign CMS v6.0.2.5 Stored Cross Site Scripting (XSS) Vulnerability in Galileo CMS v0.042 via $page_title Field Stored Cross-Site Scripting (XSS) Vulnerabilities in MyThemeShop Launcher Plugin 1.0.8 for WordPress Input Sanitization Vulnerability in PS PHPCaptcha WP Plugin XSS Vulnerability in Parallax Scroll Plugin for WordPress OpenText Documentum Webtop 5.3 SP2 - XSS and Client Side URL Redirect Vulnerability in startat Parameter Cross-Site Scripting (XSS) Vulnerability in Ericsson Active Library Explorer (ALEX) 14.3 Cross-Site Scripting (XSS) Vulnerability in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 Cross-Site Scripting (XSS) Vulnerability in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 Cross-Site Scripting (XSS) Vulnerability in SAMSUNG X7400GX SyncThru Web Service Cross-Site Scripting (XSS) Vulnerability in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Directory Traversal Vulnerability in PHP Scripts Mall Property Rental Software 2.1.4 HTML Injection Vulnerability in PHP Scripts Mall Image Sharing Script 1.3.4 via Search Bar Directory Traversal Vulnerability in PHP Scripts Mall Image Sharing Script 1.3.4 HTML Injection Vulnerability in Rental Bike Script 2.0.3 - Profile Edit Section (STREET Field) Cross-Site Request Forgery (CSRF) Vulnerability in Rental Bike Script 2.0.3 Directory Traversal Vulnerability in PHP Scripts Mall Rental Bike Script 2.0.3 Reflected HTML Injection Vulnerability in PHP Scripts Mall Opensource Classified Ads Script 3.2.2 Directory Traversal Vulnerability in PHP Scripts Mall Opensource Classified Ads Script 3.2.2 Reflected Cross-Site Scripting (XSS) Vulnerability in PHP Scripts Mall Opensource Classified Ads Script 3.2.2 XSS and HTML Injection Vulnerability in JioFi 4G M2S 1.0.2 - cgi-bin/qcmap_web_cgi DoS Vulnerability in JioFi 4G M2S 1.0.2: Hang via mask POST Parameter in cgi-bin/qcmap_web_cgi CSRF Vulnerability in JioFi 4G M2S 1.0.2 Devices via Edit Wi-Fi Settings Parameter Tampering Vulnerability in WooCommerce PayPal Checkout Payment Gateway Plugin 1.6.8 XML External Entity (XXE) Vulnerability in CyberArk Enterprise Password Vault <=10.7 Allows Arbitrary File Reading and Authentication Bypass Arbitrary Type Parameter Vulnerability in KDE KAuth Unstable State Vulnerability in SonicWall SonicOS and SonicOSv Unprivileged User Access to Advanced Routing Services in SonicWall SonicOS and SonicOSv SonicWall Global Management System (GMS) SSH Key Access Vulnerability SonicWall SonicOS and SonicOSv TLS CBC Cipher Vulnerability Unauthenticated SQL Injection Vulnerability in GMS Webservice Module SonicOS Privilege Escalation Vulnerability Unauthenticated Read-Only Access Vulnerability in SonicWall SMA100 (Version 9.0.0.3 and Earlier) SonicWall SMA100 Stack-Based Buffer Overflow Vulnerability Unauthenticated Directory Traversal Vulnerability in SonicWall SMA100's handleWAFRedirect CGI Authenticated SQL Injection in SonicWall SMA100: Unauthorized Read-Only Access via viewcacert CGI Script Buffer Overflow in SonicWall SMA100 DEARegister CGI Script Arbitrary Code Execution Vulnerability in SonicWall SMA100 (CVE-2021-20016) SonicOS SSLVPN NACagent 3.5 Windows Autorun Path Vulnerability Default Password Vulnerability in SonicWall Email Security Appliance Allows Unauthorized Access to Database Remote Code Execution Vulnerability in SonicWall Email Security Appliance Buffer Overflow Vulnerability in Dovecot Indexer-Worker Process Full Path Disclosure and PHP Backend Identification Vulnerability in Gurock TestRail 5.3.0.3603 Arbitrary Command Execution Vulnerability in Donfig 0.3.0 Critical Code Injection Vulnerability in ipycache (2016-05-31) Cross-Site Scripting (XSS) Vulnerability in Rukovoditel 2.4.1 Reflected XSS Vulnerability in KindEditor 4.1.11's php/demo.php Content1 Parameter Stored XSS Vulnerability in User Name Field of MyWebSQL User Manager Stored Cross-site Scripting (XSS) Vulnerability in User Name Field of DbNinja 3.2.7's Add Host Function Reflected XSS Vulnerability in SIDU 6.0's conn.php Page Stored XSS Vulnerability in SIDU 6.0 via Unfiltered Database Name Input SQLAlchemy 1.2.17 Group_by Parameter SQL Injection Vulnerability Unauthorized Access to Job Information in GitLab Pipelines User Enumeration Vulnerability in JForum 2.1.8 Cross-Site Scripting (XSS) Vulnerability in Cantemo Portal Versions 3.2.13, 3.3.x, and 3.4.x Stored XSS Vulnerability in Investment MLM Software 2.0.2 Stored XSS in Profile Update Page via My Name Field Reflected XSS Vulnerability in PHP Scripts Mall API Based Travel Booking 3.4.7 Out of Bounds Write Vulnerability in btor2parser.c in Boolector Btor2Tools Use After Free Vulnerability in Boolector 3.0.0 Unauthenticated Password Reset Vulnerability in Shenzhen Coship WM3300 WiFi Router 5.0.0.55 CSZ CMS 1.1.8 CSRF Vulnerability in admin/users/new/add Cross-Site Scripting (XSS) Vulnerability in Waimai Super Cms 20150505 Time-Based Blind SQL Injection in baijiacms V4 via cate Parameter CSRF Vulnerability Allows Unauthorized Creation of Super Administrator Account in DOYO CMS CSRF Vulnerability in PbootCMS v1.3.6 Allows Unauthorized User Deletion Buffer Over-read Vulnerability in SDL_wave.c Heap-Based Buffer Over-read Vulnerability in SDL (Simple DirectMedia Layer) Heap-Based Buffer Over-read Vulnerability in SDL's IMA_ADPCM_decode Function Heap-Based Buffer Overflow in SDL's MS_ADPCM_decode Function Heap-Based Buffer Over-read Vulnerability in SDL (Simple DirectMedia Layer) Buffer Over-read Vulnerability in SDL_LoadWAV_RW in SDL Heap-Based Buffer Over-read Vulnerability in SDL's InitIMA_ADPCM Function Unauthenticated Access to Confidential Setup File on Linksys WRT1900ACS Routers Arbitrary PHP Code Execution in ThinkCMF 5.0.190111 via Alias Parameter Injection Memory Allocation Failure Vulnerability in libming through 0.4.8 Memory Allocation Failure Vulnerability in libming through 0.4.8 Time-Based SQL Injection in Waimai Super Cms 20150505 SQL Injection Vulnerability in Bo-blog Wind through 1.6.0-r Privilege Escalation Vulnerability in exacqVision ESM v5.12.2 and Prior Versions SmartService API Service Unauthorized Code Execution Vulnerability Unquoted Service Path Privilege Escalation in ExacqVision Server 9.6 and 9.8 Shared RSA Key Pair Vulnerability in Metasys® ADS/ADX Servers and NAE/NIE/NCE Engines Hardcoded RC2 Key Vulnerability in Metasys® ADS/ADX Servers and NAE/NIE/NCE Engines Cross-Site Scripting (XSS) Vulnerability in Kibana Versions Before 5.6.15 and 6.6.1 Arbitrary Code Execution Vulnerability in Kibana Timelion Visualizer Arbitrary Code Execution Vulnerability in Kibana Security Audit Logger Permission Bypass Vulnerability in Elasticsearch Logstash Sensitive Data Disclosure Vulnerability Insufficient Logging Vulnerability in Winlogbeat Race Condition Vulnerability in Elasticsearch Versions Before 7.2.1 and 6.8.2 Allows Unauthorized Access to Response Headers TLS Certificate Validation Flaw in Elastic APM Agent for Ruby: Man-in-the-Middle Attack Vulnerability Server Side Request Forgery (SSRF) Vulnerability in Kibana's Timelion Visualizer Integration Variable Name Clash Vulnerability in Elastic APM Agent for Python Local File Disclosure Vulnerability in Elastic Code Username Disclosure Vulnerability in Elasticsearch API Key Service Logstash Beats Input Plugin Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Kibana Coordinate and Region Map Visualizations API Key Leakage via Insecure E-mail Communication in Pagure 5.2 Arbitrary Code Execution via Stack-based Buffer Overflow in TinTin++ 2.01.6 and WinTin++ 2.01.6 Arbitrary MSR Writes Vulnerability in Gigabyte APP Center Authenticated Remote OS Command Injection in LifeSize Devices XSS Vulnerability in SUAP V2 User Information Update Heap-Based Buffer Over-read Vulnerability in SDL's Blit1to4 Function Heap-Based Buffer Over-read in SDL_GetRGB in SDL Heap-Based Buffer Overflow in SDL_FillRect in SDL_Surface.c Heap-Based Buffer Over-Read Vulnerability in SDL's Map1toN Function Authentication Bypass Vulnerability in gsi-openssh-server 7.9p1 Unauthenticated Access to DNS and Login Logs in D-Link mydlink Routers JWT Signature Leakage in Auth0-WCF-Service-JWT before 1.0.4 Stored/Persistent XSS Vulnerability in CentOS Web Panel (CWP) through 0.9.8.763 Insecure Password Storage in Hotels_Server through 2018-11-05 Weak Password Hashing Algorithm in CMSWing 1.3.7 ACL Bypass Vulnerability in Emsisoft Anti-Malware (CVE-2018-XXXX) SSRF Vulnerability in TheHive Project UnshortenLink Analyzer Code Injection Vulnerability in Debian python-rdflib-tools 4.2.2-1 Package CSRF Vulnerabilities in Wowza Streaming Engine 4.8.0 and Earlier Multiple Authenticated XSS Vulnerabilities in Wowza Streaming Engine 4.8.0 and Earlier Privilege Escalation Vulnerability in Wowza Streaming Engine 4.8.0 and Earlier Denial of Service Vulnerability in Genivia gSOAP Libraries with -DWITH_COOKIES Flag Stored Cross-site Scripting (XSS) Vulnerability in PHPMyWind 5.5 Reflected Cross-site Scripting (XSS) Vulnerability in PHPMyWind 5.5 Denial of Service Vulnerability in Binaryen 1.38.22 Invalid Address Dereference in LibTIFF 4.0.10: Remote Denial-of-Service Vulnerability Denial of Service Vulnerability in elfutils 0.175: Negative-Sized memcpy in elf_cvt_note Heap-based Buffer Over-read in elf32_xlatetom.c in libelf Improper Authentication in Prima Systems FlexAir, Versions 2.3.38 and prior Predictable Database Backup File Name Vulnerability in Prima Systems FlexAir Default Credentials Vulnerability in Prima Systems FlexAir Devices Arbitrary File Upload Vulnerability in Prima Systems FlexAir Command Injection Vulnerability in Prima Systems FlexAir, Versions 2.3.38 and prior Arbitrary Code Execution Vulnerability in Prima Systems FlexAir Hard-coded Username and Password Vulnerability in Prima Systems FlexAir Insecure Storage of Administrator Credentials in MOBOTIX S14 MX-V4.2.1.61 Devices Insecure Password Setting Vulnerability on MOBOTIX S14 MX-V4.2.1.61 Devices Cleartext HTTP and Basic Authentication Vulnerability on MOBOTIX S14 MX-V4.2.1.61 Devices Enphase Envoy R3.*.* Weak Password Vulnerability Cross-Site Scripting (XSS) Vulnerability in Enphase Envoy R3.*.* via profileName Parameter Directory Traversal Vulnerability in Enphase Envoy R3.*.* via TCP Port 8888 Vulnerability: Arbitrary File Upload via fileType Parameter Reflected XSS Vulnerability in JioFi 4 jmr1140 Amtel_JMR1140_R12.07 Devices Vulnerability: Passwordless Authentication with Password Protected SSH Private Key in MobaTek MobaXterm Personal Edition v11.1 Build 3860 Arbitrary PHP Code Execution via install/install.php in CIM 0.9.3 XSS Vulnerability in Axios Italia Axios RE 1.7.0/7.0.0 Devices via RELogOff.aspx Error_Parameters Parameter Denial of Service Vulnerability in Bento4 v1.5.1-627 Memory Allocation Vulnerability in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Bento4 1.5.1-627 Heap-based Buffer Over-read Vulnerability in AP4_BitStream::WriteBytes in Bento4 v1.5.1-627 Heap-based Buffer Over-read Vulnerability in Binaryen 1.38.22 Heap-based Buffer Over-read in wasm::SExpressionParser::skipWhitespace() in Binaryen 1.38.22 NULL Pointer Dereference Vulnerability in Binaryen 1.38.22 Use-after-free vulnerability in Binaryen 1.38.22 allows remote attackers to cause denial-of-service via a crafted wasm file Excessive Memory Allocation Vulnerability in Binaryen 1.38.22 Information Leak in Interpeak IPCOMShell TELNET Server on Green Hills INTEGRITY RTOS 5.0.4 Format String Vulnerability in handler_ipcom_shell_pwd in Interpeak IPCOMShell TELNET Server on Green Hills INTEGRITY RTOS 5.0.4 Heap-based Buffer Overflow in Interpeak IPCOMShell TELNET Server on Green Hills INTEGRITY RTOS 5.0.4 Stack-based Buffer Overflow in Interpeak IPWEBS on Green Hills INTEGRITY RTOS 5.0.4 Format String Vulnerability in Interpeak IPCOMShell TELNET Server on Green Hills INTEGRITY RTOS 5.0.4 Race Condition Vulnerability in Metinfo 6.x Database Backup Function Eval Injection Vulnerability in Nibbleblog 4.0.5 via install.php Username Parameter Eval Injection Vulnerability in Taocms (through 2014-05-24) via install.php db_name Parameter Arbitrary PHP File Upload Vulnerability in nc-cms 3.5 XML External Entity (XXE) Vulnerability in PMD 5.8.1 and Earlier Untrusted nvloginhash Cookie Deserialization Vulnerability in NukeViet SQL Injection Vulnerability in NukeViet's click.php Module Unauthenticated Remote Code Execution via JMX/RMI Interface in NICE Engage through 6.5 Improper TLS Certificate Checks in Bosch Smart Camera App for Android Insecure Permissions Allow Unauthorized Access to Cached Video Clips and Images in Bosch Smart Camera App for Android Cross-Site Request Forgery (CSRF) Vulnerability in MyWebSQL 3.7 for Database Deletion Remote Code Execution Vulnerability in MyWebSQL 3.7 via Backup Database Function Memory Leak Vulnerability in Live555 0.95: DoS Exploitation via Setup Packet Buffer Overflow Vulnerability in Live555 0.95 via Content-Length HTTP Header Authentication Bypass Vulnerability in D-Link DIR-600M C1 3.04 Devices CSRF Vulnerability in Verydows v2.0 Allows Unauthorized Admin Account Addition CSRF Vulnerability in C.P.Sub before 5.3 via manage.php?p=article_del&id= URI Vulnerability: Lack of Explanation for No Filtering Textfilter Override in Joomla Cross-Site Scripting (XSS) Vulnerability in Joomla! before 3.9.3 Stored XSS Vulnerability in Joomla! before 3.9.3 Cross-Site Scripting (XSS) Vulnerability in Joomla! before 3.9.3 Vulnerability: Object Injection via phar:// Stream Wrapper in Joomla! Cross-Site Scripting (XSS) Vulnerability in Joomla! Core Components JioFi 4 jmr1140 Amtel_JMR1140_R12.07: Remote Wi-Fi Password Disclosure Vulnerability JioFi 4 jmr1140 Amtel_JMR1140_R12.07 - Remote Admin Token Disclosure Vulnerability Session Fixation Vulnerability in DbNinja 3.2.7 via data.php sessid Parameter XSS Vulnerability in DbNinja 3.2.7 via data.php Task Parameter Directory Traversal and Local File Inclusion Vulnerability in Ricoh MarcomCentral's FPProducerInternetServer.exe XSS Vulnerability in Verydows 2.0 via index.php?m=api&c=stats&a=count Referrer Parameter SQL Injection Vulnerability in webERP 4.15 Import Bank Transactions Function Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Security Bypass Vulnerability Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Double Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Data Leakage Vulnerability Arbitrary Code Execution Vulnerability in ColdFusion File Upload Restriction Bypass Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader Allows Memory Disclosure Type Confusion Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Flash Player (CVE-2020-9633) Arbitrary Code Execution Vulnerability in ColdFusion Versions Update 3 and Earlier, Update 10 and Earlier, and Update 18 and Earlier Command Injection Vulnerability in ColdFusion Versions: Update 3 and Earlier, Update 10 and Earlier, and Update 18 and Earlier Deserialization of Untrusted Data Vulnerability in ColdFusion Versions: Update 3 and Earlier, Update 10 and Earlier, and Update 18 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use-After-Free Vulnerability in Adobe Media Encoder 13.0.2 Allows Remote Code Execution Insufficient Input Validation Vulnerability in Adobe Campaign Classic Out-of-Bounds Read Vulnerability in Adobe Media Encoder 13.0.2 Use After Free Vulnerability in Adobe Flash Player (CVE-2019-7845) Improper Error Handling Vulnerability in Adobe Campaign Classic 18.10.5-8984 and Earlier Versions Adobe Campaign Classic XXE Vulnerability Inadequate Access Control Vulnerability in Adobe Campaign Classic Versions 18.10.5-8984 and Earlier Inadequate Session Validation Handling Vulnerability in Magento Command Injection Vulnerability in Adobe Campaign Classic (CVE-2020-9735) Unintended Data Deletion Vulnerability in Magento 2.x Path Disclosure Vulnerability in Magento 2.x Prior to 2.3.2 Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Unauthorized Disclosure of Company Credit History Details in Magento 2.x Gift Card Generation Invariant Discovery Vulnerability in Magento 2.x Insufficient Anti-CSRF Token Implementation in Magento 2.x: Cart Manipulation Vulnerability Insecure Cryptographic Storage in Magento 2.x Path Traversal Vulnerability in Magento WYSIWYG Editor Allows Unauthorized Access to Uploaded Images Cryptographically Weak Pseudo-Random Number Generator Vulnerability in Magento 2.x File Upload Bypass Vulnerability in Magento 2.x Reflected Cross-Site Scripting Vulnerability in Magento 2.x Product Widget Chooser Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Insecure Direct Object Reference (IDOR) Vulnerability in Magento RSS Feeds CSRF Vulnerability in Magento Checkout Cart Item Stored Cross-Site Scripting Vulnerability in Magento 2 Admin Panel Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Stored Cross-Site Scripting Vulnerability in Magento 2.x Admin Panel Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Character Animator Arbitrary PHP Code Execution Vulnerability in Magento 2.x Insecure Direct Object Reference (IDOR) Vulnerability in Magento 2.x Cross-Site Request Forgery Vulnerability in Magento 2.1, 2.2, and 2.3 Unintended User Role Deletion Vulnerability in Magento 2.x Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Remote Code Execution Vulnerability in Magento 2.x Stored Cross-Site Scripting Vulnerability in Magento 2.x Admin Panel Stored Cross-Site Scripting Vulnerability in Magento 2.x Admin Panel Cross-Site Scripting Mitigation Bypass in Magento 2.1, 2.2, and 2.3 Stored Cross-Site Scripting Vulnerability in Magento WYSIWYG Editor Remote Code Execution Vulnerability in Magento 2.x Elastic Search Module Weak Cryptographic Initialization Vector Generation in Magento 2.x Reflected Cross-Site Scripting Vulnerability in Magento Admin Panel Information Disclosure Vulnerability in Magento 2.x: Privileged User Email Template Data Leak Authenticated User Injection Vulnerability in Magento Unauthorized Access to Order Details in Magento 2.x Arbitrary Code Execution via Server-Side Request Forgery in Magento Arbitrary Code Execution through Crafted XML Layout Update in Magento 2.x Arbitrary Code Execution via Product Import in Magento 2.x Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Inadequate Validation of User Input in Magento Allows Access to Disabled Downloadable Products Inadequate Validation of User Input in Magento: Disclosure of Disabled Downloadable Product Names Arbitrary Code Execution via Email Template Preview in Magento 2.x User Access Control Vulnerability in Magento 2.1, 2.2, and 2.3 Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Server-side Request Forgery (SSRF) Vulnerability in Magento File Upload Filter Bypass in Magento 2.x SSRF Vulnerability in Magento 2.x: Arbitrary Code Execution via Shipment Method Manipulation Denial-of-Service Vulnerability in Magento Full Page Cache Stored Cross-Site Scripting Vulnerability in Magento 2.x Product Catalog Form Server-side Request Forgery (SSRF) Vulnerability in Magento 2.1, 2.2, and 2.3 Insecure Direct Object Reference (IDOR) Vulnerability in Magento 2.1, 2.2, and 2.3 Stored Cross-Site Scripting Vulnerability in Magento 2.x Admin Panel Stored Cross-Site Scripting Vulnerability in Magento 2.x Admin Panel Denial-of-Service (DoS) Vulnerability in Magento's PayPal Integration Authenticated User Metadata Leakage Vulnerability in Magento 2.x File Upload Restriction Bypass in Magento 2.x Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Premiere Pro CC Versions 13.1.2 and Earlier Arbitrary PHP Code Execution via Malicious Sitemap in Magento Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Stored Cross-Site Scripting Vulnerability in Magento 2.x Admin Panel Stored Cross-Site Scripting Vulnerability in Magento 2.x Admin Panel Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Reflected Cross-Site Scripting Vulnerability in Magento 2.x Stored Cross-Site Scripting Vulnerability in Magento Admin Panel Adobe Campaign Classic Information Exposure Through Error Message Vulnerability Arbitrary Code Execution via Malicious XML Layout Updates in Magento 2.x Stored Cross-Site Scripting Vulnerability in Magento Open Source and Magento Commerce Stored Cross-Site Scripting Vulnerability in Magento Versions Prior to 2.3.2 Cross-Site Request Forgery Vulnerability in Magento GiftCardAccount Removal Feature Access Control Bypass Vulnerability in Magento 2.1, 2.2, and 2.3 SOAP Web Service Information Leakage Vulnerability in Magento Cross-Site Request Forgery Vulnerability in Adobe Experience Manager 6.4 and Earlier Stored Cross-site Scripting Vulnerability in Adobe Experience Manager 6.4 and Earlier: Risk of Sensitive Information Disclosure Reflected Cross-site Scripting Vulnerability in Adobe Experience Manager 6.4 and Earlier Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Dreamweaver Security Bypass Vulnerability in Creative Cloud Desktop Application 4.6.1 and Earlier: Risk of Denial of Service Insecure Inherited Permissions Vulnerability in Creative Cloud Desktop Application: Privilege Escalation Risk Arbitrary Code Execution Vulnerability in Creative Cloud Desktop Application Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Animate CC Versions 19.2.1 and Earlier Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Prelude CC Versions 8.1 and Earlier Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Illustrator CC Versions 23.1 and Earlier Out of Bound Read Vulnerability in Adobe Bridge CC 9.0.2 and Earlier Versions Authentication Bypass Vulnerability in Adobe Experience Manager Versions 6.5 and 6.4 Leading to Remote Code Execution Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Command Injection Vulnerability in Adobe Photoshop CC Type Confusion Vulnerability in Adobe Photoshop CC: Arbitrary Code Execution Type Confusion Vulnerability in Adobe Photoshop CC: Arbitrary Code Execution Type Confusion Vulnerability in Adobe Photoshop CC: Arbitrary Code Execution Type Confusion Vulnerability in Adobe Photoshop CC: Arbitrary Code Execution Type Confusion Vulnerability in Adobe Photoshop CC: Arbitrary Code Execution Type Confusion Vulnerability in Adobe Photoshop CC: Arbitrary Code Execution Type Confusion Vulnerability in Adobe Photoshop CC: Arbitrary Code Execution Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Read Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Heap Overflow Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Type Confusion Vulnerability in Adobe Photoshop CC: Arbitrary Code Execution Out of Bound Read Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Heap Overflow Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Read Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Command Injection Vulnerability in Adobe Photoshop CC Heap Overflow Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Read Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Heap Overflow Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Read Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Read Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Read Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Read Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out of Bound Write Vulnerability in Adobe Photoshop CC Versions 19.1.8 and Earlier and 20.0.5 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Double Free Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Command Injection Vulnerability Use After Free Vulnerability in Adobe Acrobat and Reader Insecure Library Loading Vulnerability in Adobe After Effects Versions 16 and Earlier Insecure Transmission of Sensitive Data in Creative Cloud Desktop Application 4.6.1 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Same Origin Method Execution Vulnerability in Adobe Flash Player Use After Free Vulnerability in Adobe Flash Player (CVE-2019-8070) Insecure File Permissions Vulnerability in Adobe Download Manager 2.0.0.363 ColdFusion Security Bypass Vulnerability: Information Disclosure Risk Command Injection Vulnerability in ColdFusion 2018 and 2016 Path Traversal Vulnerability in ColdFusion 2018 and 2016 Same Origin Policy Bypass Vulnerability in Adobe Flash Player (CVE-2019-7845) Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Application Manager Installer Version 10.0 Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Reflected Cross Site Scripting Vulnerability in Adobe Experience Manager Versions 6.4, 6.3, and 6.2 Stored Cross Site Scripting Vulnerability in Adobe Experience Manager Versions 6.0-6.4 Stored Cross Site Scripting Vulnerability in Adobe Experience Manager 6.4 and 6.3: Risk of Privilege Escalation Authentication Bypass Vulnerability in Adobe Experience Manager Versions 6.5, 6.4, 6.3, and 6.2 XML External Entity (XXE) Injection Vulnerability in Adobe Experience Manager (AEM) Versions 6.4, 6.3, and 6.2 Cross-Site Scripting Vulnerability in Adobe Experience Manager Versions 6.5, 6.4, and 6.3: Risk of Sensitive Information Disclosure Reflected Cross Site Scripting Vulnerability in Adobe Experience Manager Versions 6.2-6.5 Reflected Cross Site Scripting Vulnerability in Adobe Experience Manager Versions 6.2-6.5 XML External Entity (XXE) Injection Vulnerability in Adobe Experience Manager Versions 6.5, 6.4, 6.3, and 6.2 XML External Entity (XXE) Injection Vulnerability in Adobe Experience Manager Versions 6.5, 6.4, 6.3, and 6.2 Command Injection Vulnerability in Adobe Experience Manager Versions 6.2-6.5 Reflected Cross-Site Scripting Vulnerability in Adobe Experience Manager Forms 6.3-6.5 Arbitrary File Deletion Vulnerability in Magento 2.x Remote Code Execution via Product Attribute Layout Updates in Magento 1 Reflected Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Arbitrary File Access Vulnerability in Magento 2.2 and 2.3 Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Internal IP Disclosure Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Integer Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Arbitrary File Deletion Vulnerability in Magento 2.2 and 2.3 Insecure Authentication and Session Management Vulnerability in Magento 2.2 and 2.3 Arbitrary Command Execution via CSRF in Magento 2.2 and 2.3 Remote Code Execution Vulnerability in Magento 2.2 and 2.3 Magento 2.2 and 2.3 Remote Code Execution Vulnerability Email Confirmation Bypass Vulnerability in Magento 2.2 and 2.3 Weak Random Number Generator in Magento 2.2 and 2.3 for Customer Registration Confirmation Code Arbitrary Code Execution via Crafted Configuration Archive File Upload in Magento Reflected Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Insecure Authentication and Session Management Vulnerability in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Weak Cryptographic Function Used for Storing Failed Login Attempts in Magento Remote Code Execution Vulnerability in Magento 2.x through Bulk Product Import Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.1, 2.2, and 2.3 Outdated JS Libraries with Security Vulnerabilities in Magento 2.x Remote Code Execution Vulnerability in Magento 2.x Insufficient Logging and Monitoring Vulnerability in Magento Insufficient Logging and Monitoring Vulnerability in Magento 2.x Remote Code Execution via Crafted Support Configuration in Magento 1.x XML Entity Injection Vulnerability in Magento 2.2 and 2.3 SQL Injection Vulnerability in Magento 2.2 and 2.3 Allows Privilege Escalation Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 SQL Injection Vulnerability in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Magento 2.2 and 2.3 Security Bypass Vulnerability SQL Injection Vulnerability in Magento 2.2 and 2.3 Remote Code Execution Vulnerability in Magento 2.2 and 2.3 Outdated HTTP Specification Abstraction Vulnerability in Magento 2.x Remote Code Execution via Custom Layout Update in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.3.x Page Builder Unrestricted File Upload Vulnerability in Magento 2.2 and 2.3 Phar Deserialization Remote Code Execution Vulnerability in Magento Stored XSS Vulnerability in Magento 2.2 and 2.3: Injecting JavaScript via Order Title SQL Injection Vulnerability in Magento 2.2 and 2.3 Remote Code Execution Vulnerability in Magento 2.3.x through PageBuilder Template Methods Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.3 Arbitrary Session ID Vulnerability in Magento 2.2 and 2.3 Remote Code Execution Vulnerability in Magento 2.2 and 2.3 Magento 2.2 and 2.3 Remote Code Execution Vulnerability through Server-Side Request Forgery Stored Cross-Site Scripting (XSS) Vulnerability in Magento Admin Dashboard Mitigation Bypass Vulnerability in Magento 2.2 and 2.3 Magento 2.2 and 2.3 Remote Code Execution Vulnerability through Crafted XML File CSRF Token Exposure in Magento Prior to 1.9.4.3 and 1.14.4.3 Magento 2.2 and 2.3 SSRF Vulnerability Allows Remote Code Execution Stored Cross-Site Scripting (XSS) Vulnerability in Magento 2.2 and 2.3 XPath Entity Injection Vulnerability in Magento 2.2 and 2.3 Magento 2.2 and 2.3 Remote Code Execution Vulnerability Cross-Site Scripting Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Type Confusion Vulnerability in Adobe Acrobat and Reader Race Condition Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Buffer Overrun Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Untrusted Pointer Dereference Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Versions 2019.012.20040 and Earlier Incomplete Implementation of Security Mechanism Vulnerability in Adobe Acrobat and Reader Arbitrary JavaScript Injection via Import/Export Functionality in Magento Arbitrary JavaScript Injection in Magento Transactional Email Templates Arbitrary Code Execution through Crafted Layout Updates in Magento Arbitrary Code Execution Vulnerability in Magento Prior to 1.9.4.3 and 1.14.4.3 Arbitrary Code Execution through Custom Layout Modification in Magento Race condition vulnerability allows arbitrary code execution through webserver configuration file modification in Magento prior to 1.9.4.3, 1.14.4.3, 2.2.10, and 2.3.3 or 2.3.2-p1. Arbitrary JavaScript Injection Vulnerability in Magento 2.2 and 2.3 Cross-Site Request Forgery Vulnerability in Adobe Experience Manager Versions 6.4, 6.3, and 6.2 Insecure Direct Object Reference (IDOR) Vulnerability in Magento 2.3 and Earlier Versions Security Bypass Vulnerability in Creative Cloud Desktop Application Allows Privilege Escalation Insufficiently Robust Encryption Vulnerability in Adobe Acrobat and Reader Path Traversal Vulnerability in Adobe Acrobat and Reader Memory Corruption Vulnerability in Adobe Bridge CC Versions 9.1 and Earlier Memory Corruption Vulnerability in Adobe Bridge CC Versions 9.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Media Encoder Versions 13.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Media Encoder Versions 13.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Media Encoder Versions 13.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Media Encoder Versions 13.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Media Encoder Versions 13.1 and Earlier Memory Corruption Vulnerability in Adobe Illustrator CC Versions 23.1 and Earlier Memory Corruption Vulnerability in Adobe Illustrator CC Versions 23.1 and Earlier Type Confusion Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Acrobat and Reader Memory Corruption Vulnerability in Adobe Photoshop CC Versions Before 20.0.8 and 21.0.x Before 21.0.2 Memory Corruption Vulnerability in Adobe Photoshop CC Versions Before 20.0.8 and 21.0.x Before 21.0.2 Command Injection Vulnerability in Brackets Versions 1.14 and Earlier Insecure Inherited Permissions Vulnerability in ColdFusion Versions Update 6 and Earlier Use After Free Vulnerability in Adobe Acrobat and Reader Heap Buffer Overflow Vulnerability in UltraVNC Revision 1198 Allows Remote Code Execution Memory Leaks in UltraVNC Revision 1198: Exploitable Information Disclosure Vulnerability Out-of-Bounds Read Vulnerability in UltraVNC Revision 1199 Out-of-Bounds Read Vulnerability in UltraVNC Revision 1199 Heap Buffer Overflow Vulnerabilities in UltraVNC Revision 1203: Code Execution via Network Connectivity Stack-based Buffer Overflow Vulnerability in UltraVNC Revision 1205 ShowConnInfo Routine Out-of-Bounds Access Vulnerability in UltraVNC Revision 1203 Out-of-Bounds Access Vulnerabilities in UltraVNC Revision 1207 Out-of-Bounds Access Vulnerabilities in UltraVNC Revision 1207 Out-of-Bounds Read Vulnerability in UltraVNC Revision 1207 TextChat Module Off-by-one vulnerabilities in UltraVNC revision 1206 VNC Client Code Stack-based Buffer Overflow Vulnerability in UltraVNC Revision 1206 FileTransfer Module Out-of-Bounds Read Vulnerability in UltraVNC Revision 1210 Heap Buffer Overflow Vulnerability in UltraVNC Revision 1211 Off-by-one vulnerabilities in UltraVNC revision 1211 VNC Server Code Heap Buffer Overflow Vulnerability in UltraVNC Revision 1211 Heap Buffer Overflow Vulnerability in UltraVNC Revision 1211: Potential Code Execution Multiple Improper Null Termination Vulnerabilities in UltraVNC Revision 1211 Stack Buffer Overflow Vulnerability in UltraVNC Revision 1211 VNC Server Code: Denial of Service (DoS) Exploit via Network Connectivity Memory Leaks in UltraVNC Revision 1211: Exploitable Information Disclosure Vulnerability Critical Stored XSS Vulnerability in Invision Power Board 3.3.1 - 3.4.8 Allows Remote Code Execution Multiple Stored XSS Vulnerabilities in Vanilla Forums before 2.5 Out-of-Bounds Access Vulnerability in UltraVNC Revision 1203 Cleartext HTTP Vulnerability in Gemalto Admin Control Center Gemalto Admin Control Center Prior to Version 7.92 Vulnerability: Missing 'HttpOnly' Flag in Hasplm Cookie Critical Heap-Based Buffer Overflow Vulnerability in Kaspersky Lab Antivirus Engine (Pre-04.apr.2019) Information Disclosure Vulnerability in Kaspersky Anti-Virus, Kaspersky Internet Security, and Kaspersky Total Security (up to 2019) TightVNC Code Version 1.3.10: Network-Exploitable Buffer Overflow in HandleCoRREBBP Macro Function Stored XSS Vulnerability in Online Store v1.0: Unsanitized adidas_member_user Variable in user_view.php Stored XSS Vulnerability in Online Store v1.0: Exploiting adidas_member_email Variable in admin/user_view.php Email Format Bypass Vulnerability in Online Store v1.0 Unauthenticated Path Traversal and Unauthorized File Deletion in Online Store System v1.0 Arbitrary Product Deletion Vulnerability in Online Store System v1.0 Arbitrary File Upload Vulnerability in upload-image-with-ajax v1.0 Flatpak Sandbox Escape Vulnerability Command Injection Vulnerability in D-Link DIR-878 Firmware 1.12A1 Command Injection Vulnerability in D-Link DIR-878 Firmware 1.12A1 Command Injection Vulnerability in D-Link DIR-878 Firmware 1.12A1 Command Injection Vulnerability in D-Link DIR-878 Firmware 1.12A1 Command Injection Vulnerability in D-Link DIR-878 Firmware 1.12A1 Command Injection Vulnerability in D-Link DIR-878 Firmware 1.12A1 Command Injection Vulnerability in D-Link DIR-878 Firmware 1.12A1 Command Injection Vulnerability in D-Link DIR-878 Firmware 1.12A1 RubyGems Directory Traversal Vulnerability Escape Sequence Injection Vulnerability in RubyGems Escape Sequence Injection in RubyGems Gem Owner Command Escape Sequence Injection Vulnerability in RubyGems Arbitrary Code Injection via Crafted Gem Name in RubyGems Escape Sequence Injection Vulnerability in RubyGems XSS Vulnerability in Bootstrap Tooltip and Popover Data-Template Attribute XSS Vulnerability in SchoolCMS 2.3.1 via index.php?a=Index&c=Channel&m=Home&viewid=[XSS] XSS Vulnerability in SchoolCMS 2.3.1 via index.php?a=Index&c=Channel&m=Home&id=[XSS] Privilege Escalation in HashiCorp Consul 1.4.x Insecure Certificate Verification in msmtp 1.8.2 and mpop 1.4.3 Airmail GPG-PGP Plugin Signature Spoofing Vulnerability Insufficient Resources Indicator Bypass Vulnerability in Falco Server Side Template Injection (SSTI) in Jinja2 2.10 Local Privilege Escalation Vulnerability in Foxit Reader for macOS Use-after-free vulnerability in NASM 2.14.02: paste_tokens in asm/preproc.c Session Hijacking Vulnerability in ES File Explorer File Manager Application Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine ADSelfService Plus 5.x through 5704 CSRF Vulnerability in BEESCMS 4.0 Allows Addition of Arbitrary VIP Accounts Multiple Cross-Site Scripting (XSS) Vulnerabilities in HTMLy 2.7.4 Information Disclosure Vulnerability in Simple - Better Banking App for Android Unverified X.509 Certificates in Heimdal Thor Agent 2.5.17x before 2.5.173 Vulnerability Static Encryption Key Vulnerability in BMC PATROL Agent Heap-based Buffer Overflow in SoX 14.4.2 due to Integer Overflow in lsx_make_lpf Heap-based Buffer Overflow in SoX 14.4.2 due to Integer Overflow in xmalloc.h Stack-based Buffer Overflow in SoX 14.4.2 NULL Pointer Dereference in lsx_make_lpf in SoX 14.4.2 Directory Traversal Vulnerability in Hiawatha (CVE-2021-12345) Out of Bounds Write Vulnerability in Contiki-NG and Contiki SQL Injection Vulnerability in Themerig Find a Place CMS Directory 1.5 XSS Vulnerability in PHP Scripts Mall Responsive Video News Script via Search Bar Arbitrary File Upload Vulnerability in DedeCMS V5.7SP2 XSS Vulnerability in Verydows 2.0 via index.php?c=main Parameter Cross-Site Scripting (XSS) Vulnerability in OpenEMR v5.0.1-6 Remote Code Execution in OpenEMR v5.0.1-6 Arbitrary Memory Read/Write Vulnerability in LG Device Manager Buffer Overflow Vulnerability in WebKitGTK NULL Pointer Dereference in Tcpreplay 4.3.1: Denial of Service Vulnerability NULL Pointer Dereference in Tcpreplay 4.3.1: Denial of Service Vulnerability Heap-based Buffer Over-read in AP4_BitStream::ReadBytes() in Bento4 1.5.1-628 NULL Pointer Dereference in be_uint32_read() Function in AdvanceCOMP NULL Pointer Dereference in AP4_Track::GetSampleIndexForTimeStampMs() in Bento4 1.5.1-628 Invalid Memory Access Vulnerability in Tcpreplay 4.3.1 NULL Pointer Dereference in Bento4 1.5.1-628: Denial of Service Vulnerability Memory Address Invalidity in AdvanceCOMP's adv_png_unfilter_8 Function Unauthenticated Directory Traversal and Local File Inclusion Vulnerability in Thomson Reuters Desktop Extensions 1.9.0.358 Remote Command Execution Vulnerability in MASTER IPCAMERA01 3.3.4.2103 Devices Musicloud 1.6 Wi-Fi Transfer File-Read Vulnerability Cross-site Scripting (XSS) Vulnerability in qdPM 9.1's search[keywords] Parameter Cross-site Scripting (XSS) Vulnerability in qdPM 9.1 via configuration?type=[XSS] Parameter Incorrect Access Control Allows Remote Attackers to Enable Guest Wi-Fi on D-Link DIR-823G Devices SQL Injection Vulnerability in Hotels_Server API Login Endpoint Arbitrary File Upload Vulnerability in Zoho ManageEngine ServiceDesk Plus (SDP) Insecure Direct Object Reference (IDOR) Vulnerability in Zoho ManageEngine ServiceDesk Plus (SDP) Allows Unauthorized Access to Attachments Buffer Overflow Vulnerability in H5O__layout_encode in HDF HDF5 Library Out of Bounds Read Vulnerability in HDF HDF5 1.10.4 Library Out of Bounds Read Vulnerability in HDF HDF5 1.10.4 Library Reflected XSS Vulnerability in ORY Hydra before v1.0.0-rc.3+oryOS.9 via oauth2/fallbacks/error error_hint Parameter Arbitrary File Upload Vulnerability in Webiness Inventory 2.3 Arbitrary File Read and Write Vulnerability in HongCMS 3.0.0 OneFileCMS 3.6.13 Remote Code Modification Vulnerability XSS Vulnerability in Maccms 8.0 via inc/config/cache.php t_key Parameter Arbitrary File Deletion Vulnerability in zzcms 2018 (2018-10-19) Arbitrary File Read and Delete Vulnerability in FeiFeiCms 4.0.181010 NULL Pointer Dereference Vulnerability in Xiaomi MIX 2 Devices with 4.4.78 Kernel SeaCMS 7.2 Remote Password Reset Vulnerability XSS Vulnerability in VNote 2.2 via New Text Note SQL Injection in upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 via title or titleAlias parameter SQL Injection Vulnerability in PbootCMS v1.3.2 via description parameter in ContentController.php SQL Injection in ZoneMinder through 1.32.3 via events.php filter[Query][terms][0][cnj] parameter SQL Injection in ZoneMinder before 1.32.3 via ajax/status.php sort parameter XSS Vulnerability in ZoneMinder's includes/database.php XSS Vulnerability in ZoneMinder's controlcap.php Command Injection Vulnerability in ZoneMinder's daemonControl Function SQL Injection in ZoneMinder before 1.32.3 via skins/classic/views/control.php groupSql parameter SQL Injection in ZoneMinder before 1.32.3 via ajax/status.php filter[Query][terms][0][cnj] parameter XSS Vulnerability in CmsEasy 7.0 via ckplayer.php URL Parameter Arbitrary File Upload Vulnerability in JTBC(PHP) 3.0.1.8 via console/#/console/file/manage.php?type=list URI XSS Vulnerability in CmsEasy 7.0 via ckplayer.php Autoplay Parameter XSS Vulnerability in PHPMyWind v5.5 via HTTP Host Header in admin/default.php Stored XSS Vulnerability in imcat 4.5 via fm[instop][note] Parameter in root/run/adm.php CSRF Vulnerability in njiandan-cms Allows Unauthorized Administrator Addition Stored XSS Vulnerability in DiliCMS 2.4.0's System Setting -> Site Setting Textbox Stored XSS Vulnerability in DiliCMS 2.4.0's System Setting->Site Setting Textbox Stored XSS Vulnerability in DiliCMS 2.4.0 Site Logo Field Lax Path Access Check Vulnerability in Jira Improper Access Control Vulnerability in Jira Allows Unauthorized Access to ViewUpgrades Administrative Resource Cross-Site Scripting (XSS) Vulnerability in Jira's Wikirenderer Component Worklog Time Information Disclosure Vulnerability User Enumeration Vulnerability in Jira REST API CSRF Vulnerability in Jira ServiceExecutor Resource Allows Unauthorized Export File Creation Jira User Enumeration via Login.jsp Information Disclosure Vulnerability Jira User Enumeration Vulnerability Cross-Site Scripting (XSS) Vulnerability in Jira Optimization Plugin Server Side Request Forgery (SSRF) vulnerability in Jira before version 8.4.0 allows unauthorized access to internal network resources via the /plugins/servlet/gadgets/makeRequest resource. Privilege Escalation via Hard-Link Vulnerability in Check Point ZoneAlarm and Endpoint Security DLL Hijacking Vulnerability in Check Point ZoneAlarm Vulnerability: Local File Manipulation and Command Execution in Check Point Endpoint Security Client for Windows Privilege Escalation via Hard-Link Vulnerability in Check Point ZoneAlarm up to 15.4.062 IKEv2 IPsec VPN Vulnerability in Check Point R80.30: Unauthorized Site-to-Site VPN Connection Heap Out-of-Bound Read Vulnerability in SQLite3's rtreenode() Function DLL Loading Vulnerability in Check Point Endpoint Security Client for Windows Path Traversal Vulnerability in Check Point Endpoint Security Client for Windows VPN Denial of Service Vulnerability in OpenBSD Kernel Version <= 6.5 through TCP SACK Packet Exploitation DLL Hijacking Vulnerability in Check Point Endpoint Security Initial Client for Windows Critical Vulnerability: Check Point R80.30 Security Gateway Crashes with Enhanced Logging Configuration Denial of Service Vulnerability in Check Point Endpoint Security Client for Windows Unauthorized Dictation Request Vulnerability Cross-Site Scripting (XSS) Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Memory Initialization Vulnerability in iOS 12.2 and macOS Mojave 10.14.4 Allows Local User to Read Kernel Memory Universal Cross-Site Scripting Vulnerability in Safari Reader Feature Type Confusion Vulnerability in iOS, tvOS, watchOS, Safari, iTunes, and iCloud Memory Corruption Vulnerabilities Patched in macOS Mojave 10.14.4 Vulnerability: Buffer Overflow in macOS Mojave 10.14.4 Allows Arbitrary Code Execution via NFS Network Share Privilege Escalation Vulnerability in macOS Catalina 10.15.1 and earlier Kernel Memory Disclosure Vulnerability Privilege Escalation Vulnerability Fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2 Unauthorized Remote Device Wiping Vulnerability in iOS 12.2 Arbitrary Shell Command Execution Vulnerability in macOS Mojave 10.14.4 Elevated Privileges Vulnerability Patched in iOS 12.2 and macOS Mojave 10.14.4 Cross-Origin Issue in Fetch API Allows Disclosure of Sensitive User Information Improper Input Validation Leading to Denial of Service in Apple Operating Systems Vulnerability: Out-of-Bounds Read in Font Processing Arbitrary Code Execution Vulnerability in iOS, tvOS, watchOS, Safari, iTunes, and iCloud Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in macOS Mojave 10.14.4 Improper Bounds Checking in macOS Mojave 10.14.4 Allows Unauthorized Memory Reading Arbitrary File Overwrite Vulnerability in iOS 12.2 and macOS Mojave 10.14.4 Unauthenticated User Can Remount Encrypted Volume Without Password Prompt Arbitrary Code Execution Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Memory Corruption Vulnerability in macOS and iOS Elevated Privileges Vulnerability Fixed in macOS Mojave 10.14.4 Buffer Overflow Vulnerability Patched in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2 Arbitrary Code Execution Vulnerability in watchOS, macOS, and iOS Arbitrary Code Execution Vulnerability in iOS 12.2 and macOS Mojave 10.14.4 Arbitrary File Overwrite Vulnerability in iOS, macOS, and tvOS Trust Anchor Management Vulnerability: Untrusted Radius Server Certificate Trust Vulnerability: Unauthorized File Access in watchOS 5.2 and iOS 12.2 Lock Handling Issue in macOS Mojave 10.14.4: Failure to Lock when Disconnecting from External Monitor Memory Corruption Vulnerability in macOS Mojave 10.14.4 and Security Updates Arbitrary Code Execution Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, tvOS, watchOS, Safari, iTunes, and iCloud Improper Access Control in macOS Mojave 10.14.4 Allows Local User to View Locked Notes Denial of Service Vulnerability in vcf File Processing Memory Initialization Vulnerability in macOS Mojave 10.14.6 and Security Updates 2019-004 High Sierra and Sierra Memory Initialization Vulnerability in iOS, macOS, tvOS, and watchOS Motion Sensor Calibration Privacy Vulnerability Buffer Overflow Vulnerability Patched in Multiple Apple Products Arbitrary Code Execution Vulnerability in iOS, tvOS, watchOS, Safari, iTunes, and iCloud Memory Corruption Vulnerability in iOS, macOS, tvOS, and watchOS Sandbox Restrictions Patched to Prevent Local User Access to Sensitive User Information Kernel Memory Disclosure Vulnerability Vulnerability: Incomplete Passcode Clearing on Sleep Arbitrary Code Execution Vulnerability in MIG Generated Code FaceTime Video Pausing Vulnerability Universal Cross-Site Scripting Vulnerability Fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11 Memory Initialization Vulnerability in iOS, macOS, tvOS, and watchOS Arbitrary Code Execution via Malicious SMS Link in iOS 12.2 Improper Sensor Data Access Vulnerability Buffer Overflow Vulnerability in macOS Mojave 10.14.4 Allows Arbitrary Code Execution with Kernel Privileges Use After Free Vulnerability in iOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, tvOS, watchOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, tvOS, watchOS, Safari, iTunes, and iCloud Improper Bounds Checking Allows Unauthorized Memory Reading Privilege Escalation Vulnerability in macOS Mojave 10.14.4 Sandbox Bypass Vulnerability in iOS, tvOS, Safari, and iTunes Arbitrary Code Execution Vulnerability in iOS, tvOS, watchOS, Safari, iTunes, and iCloud Privileged Network Position Vulnerability: Driver State Modification Race Condition Vulnerability Allows Malicious Apps to Gain Root Privileges Microphone Access Vulnerability in iOS 12.1 and Earlier Privacy Vulnerability: Passive Tracking via WiFi MAC Address in iOS 12.1 and below Symlink Validation Vulnerability Allows Local File System Modification Memory Corruption Vulnerability in macOS Mojave and High Sierra Vulnerability: Information Disclosure via Malicious Web Content Arbitrary Code Execution Vulnerability in Multiple Apple Products Null Pointer Dereference Vulnerability Patched in AirPort Base Station Firmware Updates 7.8.1 and 7.9.1 Improper Input Validation Leading to System Denial of Service Memory Corruption Vulnerability in iOS, macOS, tvOS, and watchOS Incomplete Data Deletion in AirPort Base Station Firmware Improper Bounds Checking Leading to Kernel Memory Read Vulnerability Elevated Privileges Vulnerability Patched in Multiple Apple Platforms Use After Free Vulnerability in AirPort Base Station Firmware Elevated Privileges Vulnerability in macOS Mojave 10.14.4 and Security Updates Vulnerability: Unexpected Acceptance of Source-Routed IPv4 Packets Memory Leak Vulnerability in AirPort Base Station Firmware Vulnerability: Out-of-bounds read leading to process memory disclosure Memory Corruption Vulnerabilities in Apple Software Allow Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Multiple Apple Products Vulnerability: Arbitrary Code Execution via Malicious Movie File Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Null Pointer Dereference Vulnerability in AirPort Base Station Firmware Gatekeeper Bypass Vulnerability in macOS Mojave 10.14.5 Kernel Privilege Escalation Vulnerability Patched in macOS Mojave 10.14.5 Type Confusion Vulnerability in iOS, macOS, tvOS, and watchOS Arbitrary Code Execution via Malicious Audio File Arbitrary Code Execution Vulnerability in iOS, tvOS, and watchOS Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Memory Reading Vulnerability in iOS, macOS, tvOS, watchOS, iTunes, and iCloud iOS 12.3 Vulnerability: Unauthorized Access to iTunes Email Address Arbitrary Code Execution via Malicious SQL Query Memory Corruption Vulnerabilities in Apple Software Allow Arbitrary Code Execution Privilege Escalation Vulnerability Patched in Apple Operating Systems and Applications Improved Input Sanitization Fixes Memory Reading Vulnerability in macOS Mojave 10.14.5 Memory Corruption Vulnerability in macOS Mojave 10.14.5 Allows Arbitrary Code Execution Use After Free Vulnerability in iOS, macOS, tvOS, and watchOS Symlink Validation Vulnerability in macOS Mojave 10.14.5 Memory Disclosure Vulnerability in Apple Software Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Privileged Network Position Vulnerability: Driver State Modification Use After Free Vulnerability in iOS, tvOS, and watchOS Allows Remote Code Execution Arbitrary Code Execution Vulnerability in Multiple Apple Products Memory Corruption Vulnerability in macOS Mojave 10.14.5 Allows Arbitrary Code Execution Sandbox Circumvention Vulnerability in iOS 12.3 Sandbox Circumvention Vulnerability Fixed in Multiple Apple Operating Systems Arbitrary Code Execution Vulnerability in Multiple Apple Products Privacy Vulnerability: Passive Tracking via WiFi MAC Address in iOS 12.3, tvOS 12.3, watchOS 5.2.1 Memory Corruption Vulnerabilities in Apple Software Allow Arbitrary Code Execution Memory Corruption Vulnerabilities in Apple Software Allow Arbitrary Code Execution Vulnerability: Out-of-Bounds Read Leading to Memory Leak Universal Cross-Site Scripting Vulnerability Fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14 Improper Input Validation in iOS 12.3 and watchOS 5.2.1 Leads to Denial of Service Arbitrary Code Execution Vulnerability in Multiple Apple Products Memory Initialization Vulnerability in macOS Mojave 10.14.5 Allows Arbitrary Code Execution Lock Screen Icon Display Vulnerability Vulnerability: State Alteration in iMessage Conversation Insecure Transmission of Analytics Data in Texture Mobile App Memory Reading Vulnerability in macOS and iOS Improper State Management Leads to Unauthorized Account Access in macOS Mojave 10.14.5 Memory Corruption Vulnerability in macOS Mojave 10.14.5 Allows Arbitrary Code Execution Root Privilege Escalation Vulnerability in iOS 12.3, tvOS 12.3, and watchOS 5.2.1 Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Sandbox Circumvention Vulnerability in macOS Mojave and High Sierra Improved Input Validation Fixes Out-of-Bounds Read Vulnerability S-MIME Certificate Validation Vulnerability Logic Issue in macOS Mojave 10.14 Arbitrary Code Execution Vulnerability in Multiple Apple Products Vulnerability: Intercepting S/MIME-encrypted Email Contents Memory Leak Vulnerability in iOS, macOS, tvOS, and watchOS Use After Free Vulnerability in iOS, tvOS, and watchOS Allows Remote Code Execution Memory Corruption Vulnerability in iOS, macOS, tvOS, and watchOS Allows Remote Code Execution Universal Cross-Site Scripting Vulnerability in Synchronous Page Loads User Interface Spoofing Vulnerability Fixed in Safari 13.0.1 Gatekeeper Bypass Vulnerability through Symbolic Link Extraction Vulnerability: Out-of-Bounds Read in Office Document Parsing Universal Cross-Site Scripting Vulnerability in Apple Software Vulnerability: Unauthorized State Alteration in iMessage Conversations Memory Corruption Vulnerability in iOS, macOS, tvOS, and watchOS Improper Memory Management in macOS Mojave 10.14.6 Allows Remote Code Execution Use-after-free vulnerability in NSDictionary deserialization Memory Leakage Vulnerability in iOS 12.4 and macOS Mojave 10.14.6 Improper Input Validation in iOS 12.3 and watchOS 5.2.1 Leads to Denial of Service Improved Validation to Address Denial of Service Vulnerability in iOS 12.4 and watchOS 5.3 Arbitrary Code Execution Vulnerability in Multiple Apple Products Inconsistent User Interface Issue with Time Machine Backup Encryption Status in macOS Mojave 10.14.6 Improved Validation to Address Denial of Service Vulnerability in iOS 12.4, tvOS 12.4, watchOS 5.3 Arbitrary Code Execution Vulnerability in Apple Devices Address Bar Spoofing Vulnerability in macOS Mojave 10.14.6 and Safari 12.1.2 Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Apple Devices Arbitrary Code Execution Vulnerability in Multiple Apple Products Universal Cross-Site Scripting Vulnerability Fixed in iOS 13 and Safari 13 Buffer Overflow Vulnerability in macOS Mojave 10.14.6 and Security Updates 2019-004 High Sierra and Sierra Arbitrary Code Execution Vulnerability in Apple Devices Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Inadvertent In-App Purchase Vulnerability on Lock Screen Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Apple Devices Arbitrary Code Execution Vulnerability in Apple Devices Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Apple Devices Arbitrary Code Execution Vulnerability in Apple Devices Universal Cross-Site Scripting Vulnerability in Document Load Handling Improper Input Sanitization Allows Unauthorized Memory Access in macOS Mojave 10.14.6 Improper Input Sanitization in macOS Mojave 10.14.6 Allows Unauthorized Memory Access Improper Input Sanitization in macOS Mojave 10.14.6 Allows Unauthorized Memory Access Memory Corruption Vulnerability in macOS Mojave 10.14.6 Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in macOS Mojave 10.14.6 Allows Arbitrary Code Execution Buffer Overflow Vulnerability in macOS Mojave 10.14.6 and Security Updates 2019-004 High Sierra and Sierra Memory Corruption Vulnerability in macOS Mojave 10.14.6 Allows Arbitrary Code Execution Entitlement Verification Vulnerability Allows Website Access Restriction Simultaneous Walkie-Talkie Connection Vulnerability Memory Corruption Vulnerability in macOS Catalina 10.15 Allows Arbitrary Code Execution Local User Account Identifier Disclosure Vulnerability Elevated Privileges Vulnerability Patched in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13 tvOS 13 Fixes Authentication Vulnerability Allowing Sensitive User Information Leakage Memory Corruption Vulnerability in macOS Catalina 10.15 and tvOS 13 Allows Disclosure of Process Memory Memory Corruption Vulnerability in Audio File Processing Arbitrary Code Execution Vulnerability in tvOS, iTunes, and iCloud File Existence Disclosure Vulnerability Memory Corruption Vulnerability in macOS, tvOS, watchOS, and iOS Arbitrary Code Execution Vulnerability in iCloud for Windows 11.0 Notification Previews Displayed on Bluetooth Accessories Despite Disabled Previews Arbitrary Code Execution Vulnerability in watchOS 6, iOS 13, and tvOS 13 Memory Corruption Vulnerability in macOS and iOS Memory Corruption Vulnerability in macOS Catalina 10.15.1 and Security Updates 2019-001/006 Memory Corruption Vulnerability in macOS Catalina 10.15 and tvOS 13 Allows Arbitrary Code Execution with Kernel Privileges Arbitrary Code Execution Vulnerability in watchOS 6, iOS 13, and tvOS 13 Universal Cross-Site Scripting Vulnerability Fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14 Arbitrary Code Execution Vulnerability in WebKit Arbitrary Code Execution Vulnerability in ld64 Toolchain Arbitrary Code Execution Vulnerability in ld64 Toolchain Arbitrary Code Execution Vulnerability in ld64 Toolchain Arbitrary Code Execution Vulnerability in ld64 Toolchain Safari 13.0.1 Fixes Service Worker Vulnerability Allowing Private Browsing History Leakage Arbitrary Code Execution Vulnerability in tvOS, iTunes, and iCloud Address Bar Spoofing Vulnerability in iOS 13 Arbitrary Code Execution Vulnerability in Multiple Apple Products Vulnerability: Information Leakage in Locked Notes on macOS Catalina 10.15 Improper Execute Permission Granting Vulnerability in iOS 13 iOS 13 Fixes Data Deletion Vulnerability Allowing Deleted Calls to Remain Visible Arbitrary Code Execution Vulnerability in tvOS, iTunes, and iCloud Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in tvOS, iTunes, and iCloud Input Validation Vulnerability in macOS Catalina 10.15.1 and Security Updates Privileged Denial of Service Vulnerability Patched in macOS Catalina 10.15.1 and Security Updates Memory Corruption Vulnerability in Xcode 11.0 Allows Arbitrary Code Execution Memory Corruption Vulnerability in Xcode 11.0 Allows Arbitrary Code Execution Memory Corruption Vulnerability in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13 Allows Arbitrary Code Execution with Kernel Privileges Enhanced Input Validation to Mitigate Denial of Service Vulnerability Lock Screen Contact Access Vulnerability in iOS 13 Arbitrary Code Execution Vulnerability in watchOS 6.1 Memory Corruption Vulnerability in IPv6 Packet Handling Buffer Overflow Vulnerability Fixed in macOS Catalina 10.15, tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14 Improper Input Validation Leads to Out-of-Bounds Read Vulnerability Memory Corruption Vulnerability Fixed in watchOS 6.1: Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in macOS Catalina 10.15 Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerabilities in macOS, iOS, iCloud, tvOS, watchOS, and iTunes Memory Corruption Vulnerabilities in watchOS, iCloud for Windows, and libxslt Memory Corruption Vulnerabilities in Safari, iOS, iPadOS, iCloud, tvOS, watchOS, and iTunes Memory Corruption Vulnerabilities in Safari, iOS, iPadOS, iCloud, tvOS, watchOS, and iTunes Cross-Site Scripting Vulnerability Patched in macOS Catalina 10.15 and Other Apple Operating Systems Cross-Origin Vulnerability in iframe Elements Kernel Memory Layout Disclosure Vulnerability in macOS Catalina 10.15 Memory Corruption Vulnerabilities in macOS, iOS, iCloud, tvOS, watchOS, and iTunes Race Condition in User Preferences Handling Memory Corruption Vulnerability in macOS Catalina 10.15 Allows Arbitrary Code Execution Vulnerability: Out-of-bounds read leading to unexpected system termination or kernel memory disclosure Face ID Vulnerability: 3D Model Authentication Exploit Vulnerability in macOS Catalina Allows Disclosure of User Information via Malicious Text File Parsing Universal Cross-Site Scripting Vulnerability Fixed in Multiple Apple Products Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Universal Cross-Site Scripting Vulnerability Fixed in watchOS 6.1 Arbitrary Code Execution Vulnerability in watchOS 6.1 Arbitrary Code Execution Vulnerability in watchOS 6.1 and iCloud for Windows 11.0 Heap Corruption Vulnerability in macOS Catalina 10.15.1 and Security Updates Persistent Browsing History Vulnerability in macOS Catalina 10.15 Web Page Element Drawing Vulnerability Improved Permissions Logic Fixes Recent Documents Access Vulnerability in macOS Catalina 10.15 Improved iframe sandbox enforcement in Safari 13.0.1 and iOS 13 mitigates violation of sandboxing policy Vulnerability: Unencrypted PDF Content Exfiltration via Links Memory Corruption Vulnerabilities in Safari, iOS, iPadOS, iCloud, tvOS, watchOS, and iTunes Persistent Denial-of-Service Vulnerability in iBooks File Parsing Lock Screen Contact Access Vulnerability in iOS 13.1 and iPadOS 13.1 Memory Corruption Vulnerability in macOS Catalina 10.15 Allows Arbitrary Code Execution Lock Screen Vulnerability Allows Unauthorized Access to Contacts Incorrect Sandbox Restrictions in iOS 13.1.1 and iPadOS 13.1.1 for Third Party App Extensions Improved Permissions Logic Fixes Kernel Memory Layout Vulnerability Memory Corruption Vulnerability in macOS Catalina 10.15 Allows Arbitrary Code Execution with Kernel Privileges Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, iTunes, and iCloud Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Allows Arbitrary Code Execution with Kernel Privileges Memory Leak Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Improper URL Processing Vulnerability Symlink Validation Vulnerability in iBooks File Parsing Inadvertent Data Disclosure Vulnerability in URLSession Open Redirect Vulnerability in Shazam App Versions 9.25.0 (Android) and 12.11.0 (iOS) Arbitrary JavaScript Code Execution Vulnerability in Shazam Mobile Apps Screen Recording Indicator Bypass Vulnerability Memory Reading Vulnerability in iOS 13.2 and macOS Catalina 10.15.1 Arbitrary Code Execution Vulnerability in iOS 13.2 and iPadOS 13.2 AirDrop Logic Issue Allows Unexpected Acceptance in Everyone Mode Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Device Name Exposure in AWDL Communications Arbitrary Code Execution Vulnerability Fixed in Xcode 11.2 Vulnerability: Arbitrary Code Execution in iTunes Setup Root Privilege Escalation Vulnerability in macOS Catalina 10.15.1 Improved State Management Fixes Authentication Vulnerability Wi-Fi Network Configuration Vulnerability in iOS 13.2 and iPadOS 13.2 Entitlement Verification Vulnerability in macOS Catalina 10.15.1 Arbitrary Code Execution Vulnerability Fixed in Xcode 11.2 Memory Corruption Vulnerability in macOS Catalina 10.15.1 Allows Arbitrary Code Execution Memory Corruption Vulnerabilities in iOS, iPadOS, tvOS, watchOS, Safari, and iTunes Local App Account Identifier Exposure Vulnerability Memory Corruption Vulnerabilities in Apple Software Could Lead to Arbitrary Code Execution Memory Corruption Vulnerabilities in iOS, iPadOS, tvOS, watchOS, Safari, and iTunes Universal Cross-Site Scripting Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Memory Corruption Vulnerabilities in Apple Software Could Lead to Arbitrary Code Execution Improved Input Sanitization in macOS Catalina 10.15.1 Fixes Memory Reading Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Memory Corruption Vulnerabilities in Apple Software Could Lead to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Memory Corruption Vulnerability in macOS Catalina 10.15.1 and Security Updates 2019-001/006 Memory Corruption Vulnerability in macOS, iOS, and iCloud Memory Corruption Vulnerability in macOS Catalina 10.15 Allows Arbitrary Code Execution HTTP Referrer Header Vulnerability: Browsing History Leakage Arbitrary Code Execution Vulnerability with Kernel Privileges Memory Corruption Vulnerability with Improved Locking Vulnerability: Out-of-bounds read leading to arbitrary code execution via FaceTime video processing Memory Corruption Vulnerability in macOS, iOS, iPadOS, tvOS, and watchOS Memory Corruption Vulnerability in iOS, iPadOS, watchOS, macOS, tvOS Memory Corruption Vulnerability Patched in Multiple Apple Operating Systems Bypassing HSTS for Specific Top-Level Domains Vulnerability Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in watchOS, iOS, iPadOS, and tvOS Vulnerability: Logic Issue Allows Unauthorized Access to Restricted Files Arbitrary Code Execution Vulnerability with Kernel Privileges Buffer Overflow Vulnerability Patched in macOS Catalina 10.15.2 and Security Updates for Mojave and High Sierra Improper Bounds Checking in Xcode 11.3 Leads to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in iOS 13.3 and iPadOS 13.3 Buffer Overflow Vulnerability in macOS Print System Arbitrary Code Execution Vulnerability in Multiple Apple Products Arbitrary Code Execution Vulnerability in Apple Software Memory Corruption Vulnerability in macOS Catalina 10.15.2 and Earlier Versions Elevated Privileges Vulnerability Patched in Multiple Apple Products Arbitrary Code Execution Vulnerability in SwiftNIO SSL 2.4.0 and earlier Vulnerability: Out-of-bounds read in audio file processing leading to memory disclosure Delayed Locking Vulnerability in macOS Memory Corruption Vulnerability in macOS Catalina 10.15.2 and Earlier Versions Memory Read Vulnerability in macOS Privacy Enhancement: Removal of Broadcast MAC Address Tracking in macOS Catalina 10.15 and iOS 13 Sandbox Restrictions Patched in macOS Catalina 10.15 to Prevent Unauthorized File Access Improper Cellular Plan Selection Vulnerability in Siri-initiated Phone Calls Vulnerability: Live Photo Audio and Video Data Leakage via iCloud Links Screen Sharing Logic Issue in macOS Catalina 10.15.1 and Security Updates 2019-001/006 Information Disclosure Vulnerability in Storage Access API Vulnerability: Intercepting SSH Traffic in Run script over SSH Action CSRF Vulnerability in idreamsoft iCMS Allows Deletion of Users' Articles Path Traversal Vulnerability in Total.js Platform before 3.2.3 Stack-based buffer over-read in do_bid_note function in readelf.c Stack-based Buffer Over-read in do_core_note function in readelf.c Out-of-Bounds Read Vulnerability in do_core_note function of readelf.c Remote Denial of Service Vulnerability in libmagic.a Arbitrary PHP Code Execution via Image File Upload in WTCMS 1.0 Denial of Service Vulnerability in WTCMS 1.0 CSRF Vulnerability in WTCMS 1.0's Admin Setting Site Post Stored XSS Vulnerability in WTCMS 1.0 via Website Statistics Code Use-after-free vulnerability in Linux kernel through 4.20.11 in af_alg_release() function SolarWinds Orion NPM before 12.4 SYSTEM Remote Code Execution Vulnerability Insecure Initialization Vector (IV) Usage in Seadroid Android Client XSS Vulnerability in iart.php of XAMPP 1.7.0 Arbitrary Heap Data Leakage in BlueZ Bluetoothd Heap-based Buffer Overflow in BlueZ Bluetoothd SQL Injection Vulnerability in XAMPP (Discontinued) XSS Vulnerability in XAMPP (Discontinued) via cds-fpdf.php Interpret or Titel Parameter Absolute Path Traversal Vulnerability in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 Email Extraction Vulnerability in Redbrick Shift through 3.4.3 Authentication Token Extraction Vulnerability in Redbrick Shift through 3.4.3 Arbitrary File Upload and Remote Code Execution in DedeCMS 5.7SP2 Information Exposure in QEMU's hw/ppc/spapr.c through 3.1.0 Cross-Site Scripting (XSS) Vulnerability in Collabtive 3.1 via manageuser.php?action=profile id parameter Critical Vulnerability: NULL Pointer Dereference in NTP 4.2.8p12 Cross-Site Scripting (XSS) Vulnerability in HotelDruid 2.3.0 Cross-Site Scripting (XSS) Vulnerability in VertrigoServ 2.17 via /inc/extensions.php ext Parameter Cross-Site Scripting (XSS) Vulnerability in Tautulli 2.1.26 via Crafted Plex Username in History Page Arbitrary Remote Code Execution in WordPress via Crafted Image Upload (CVE-2019-8943) Arbitrary Directory Write Vulnerability in WordPress wp_crop_image() Information Exposure in Terraform Deployment Step in Octopus Deploy Persistent XSS Vulnerability in Zimbra Collaboration 8.7.x - 8.8.11P2 Persistent XSS Vulnerability in Zimbra Collaboration 8.7.x - 8.8.11P2 Non-Persistent XSS Vulnerability in Zimbra Collaboration 8.7.x - 8.8.11P2 Script Injection Vulnerability in PaperCut MF and PaperCut NG (PC-15163) Backdoor Account Vulnerability in DASAN H665 Devices with Firmware 1.46p1-0028 Open Redirect Vulnerability in Bosch Hardware and Software Products Path Traversal Vulnerability in Bosch Hardware and Software Products XSS Vulnerability in HAProxy Package for pfSense Arbitrary Code Execution Vulnerability in Indexhibit 2.1.5 Remote Denial of Service via Memory Exhaustion in KIST Cell Scheduler Use-after-free vulnerability in sctp_sendmsg() function allows memory corruption Denial of Service Vulnerability in FlexNet Publisher lmadmin.exe Version 11.16.2: Command Handling DoS Stack Exhaustion Denial of Service Vulnerability in FlexNet Publisher lmadmin.exe 11.16.2 FlexNet Publisher's lmadmin 11.16.5 Denial of Service (DoS) Vulnerability via Crafted POST Request Race Condition Exploitation in Ellucian Banner Web Tailor and Banner Enterprise Identity Services SQL Injection Vulnerability in Kohana through 3.3.6 via Controlled order_by() Parameter Memory Leak Vulnerability in Linux Kernel's kernel_read_file Function Buffer Overflow Vulnerability in axTLS 2.1.5: Mismanaged need_bytes Value in tls1.c File Disclosure and Server-Side Request Forgery (SSRF) in WaveMaker Studio 6.6 Cross-Site Scripting (XSS) Vulnerability in MDaemon Webmail 14.x through 18.x Cross-Site Scripting (XSS) Vulnerability in MDaemon Webmail 14.x through 18.x before 18.5.2 Stack-based Buffer Overflow in Netis WF2xxx Devices: Unauthenticated Remote Code Execution File Copy Vulnerability in TIBCO JasperReports Server and TIBCO JasperReports Server for ActiveMatrix BPM Persistent Cross-Site Scripting Vulnerability in TIBCO Data Science and Spotfire Data Science Persistent Cross-Site Scripting Vulnerability in TIBCO Data Science and Spotfire Data Science User Account Spoofing Vulnerability in TIBCO Data Science and Spotfire Data Science Unauthenticated HTTP Requests Bypass Authentication in TIBCO ActiveMatrix BusinessWorks Multiple Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) Vulnerabilities in TIBCO Software Inc.'s ActiveMatrix BPM, ActiveMatrix BPM Distribution for Silver Fabric, ActiveMatrix Policy Director, ActiveMatrix Service Bus, ActiveMatrix Service Grid, Silver Fabric Enabler for ActiveMatrix BPM, and Silver Fabric Enabler for ActiveMatrix Service Grid Arbitrary Code Execution Vulnerability in TIBCO ActiveMatrix Products Unauthenticated File Download Vulnerability in TIBCO Software Inc.'s ActiveMatrix Products Authenticated User Settings Manipulation Vulnerability in TIBCO ActiveMatrix BPM Workspace Client URL Redirection Vulnerability in TIBCO ActiveMatrix BPM and TIBCO Silver Fabric Buffer Overflow Vulnerability in Signiant Manager+Agents Implementation of the Set Command XML External Entity Injection (XXE) Vulnerability in BlackBerry AtHoc Management System Information Disclosure and Local Privilege Escalation Vulnerability in BlackBerry QNX Software Development Platform XML External Entity (XXE) Vulnerability in BlackBerry UEM Core Arbitrary PHP Code Execution in Tiny Issue and pixeline Bugs Use-after-free vulnerability in Linux kernel before 4.20.5 in drivers/char/ipmi/ipmi_msghandler.c Memory Leak Vulnerability in Eclipse Wakaama (formerly liblwm2m) 1.0 Directory Traversal Vulnerability in Cprime Power Scripts App for Atlassian Jira Privilege Escalation Vulnerability in 3S-Smart CODESYS V3 Network Packet Crafted to Crash Control Runtime in 3S-Smart CODESYS Insecure Ownership Verification in CODESYS Gateway User Enumeration Vulnerability in Pilz PMC Programming Tool 3.x Uncontrolled Memory Allocation Vulnerability in CODESYS V3 Products Insufficient Transport Protection of User Credentials in CODESYS V3 Products Path Traversal Vulnerability in MOPCMS Allows Deletion of Critical Files Persistent XSS Vulnerability in MOPCMS through 2018-11-30 Buffer Overflow Vulnerability in SolarWinds DameWare Mini Remote Control 10.0 x64 USB Keyboard and Mouse Exploit in British Airways Entertainment System Heap Out-of-Bounds Read Vulnerability in PHP's xmlrpc_decode() Function Heap-based Buffer Over-read in PHAR Reading Functions Buffer Overflow Vulnerability in PHP's dns_get_record Function Heap-based Buffer Over-read Vulnerability in PHP mbstring Regular Expression Functions Memory Read Vulnerability in PHP's xmlrpc_decode() Function Buffer Overflow Vulnerability in PHP 7.3.x Heap-Based Buffer Overflow in InflateVarName() Function Heap-Based Buffer Overflow in ReadNextCell() Function in libmatio.a Stack-based Buffer Over-read in InflateDimensions() Function Out-of-Bounds Read Vulnerability in libmatio.a Stack-based Buffer Over-read in Mat_VarReadNextInfo5() in mat5.c NULL Pointer Dereference in Mat_VarFree() Function in libmatio.a Out-of-Bounds Write Vulnerability in Mat_VarFree() Function Stack-based Buffer Over-read in ReadNextCell() Function of libmatio.a Stack-based Buffer Over-read in ReadNextCell() Function Stack-based Buffer Over-read in ReadNextStructField() in mat5.c Heap-Based Buffer Overflow in ReadNextFunctionHandle() in libmatio.a Buffer Over-read in Mat_VarPrint() Function in libmatio.a Out-of-Bounds Read Vulnerability in libmatio.a Arbitrary N1QL Statement Injection and Denial of Service Vulnerability in Couchbase Sync Gateway 2.1.2 CSRF Vulnerability in S-CMS PHP v3.0 Allows Unauthorized Addition of Admin User PHP Code Execution Vulnerability in ZZZCMS zzzphp V1.6.1 Arbitrary Code Execution via Unfiltered File Upload in Sitemagic CMS v4.4 SQL Injection Vulnerability in GoRose v1.0.4 via Controllable order_by or group_by Parameter CSRF Vulnerability in Pluck 4.7.9-dev1 Allows Theme Deletion CSRF Vulnerability in Pluck 4.7.9-dev1 Allows Unauthorized Module Deletion Arbitrary Code Execution via ZIP Archive Upload in Pluck 4.7.9-dev1 CSRF Vulnerability in Pluck 4.7.9-dev1 Allows Unauthorized Article Deletion CSRF Vulnerability in Pluck 4.7.9-dev1 Allows Unauthorized Picture Deletion Unauthenticated Blind Time-Based SQL Injection in CMS Made Simple 2.2.8 via News Module Unprivileged User Object Injection in CMS Made Simple 2.2.8 DesignManager Module Authenticated Object Injection in CMS Made Simple 2.2.8 via Untrusted __FEU__ Cookie Authenticated Object Injection in CMS Made Simple 2.2.8 FilePicker Module Authenticated Object Injection in CMS Made Simple 2.2.8 via sel_groups Parameter Command Injection Vulnerability in CMS Made Simple 2.2.8 Unauthenticated Path Traversal and Arbitrary File Read Vulnerabilities in CMS Made Simple 2.2.8 Authenticated Object Injection in CMS Made Simple 2.2.8 ModuleManager Cross-Site Request Forgery (CSRF) Vulnerability in PHP Scripts Mall Online Food Ordering Script 1.0 Payment Amount Parameter Tampering Vulnerability in PHP Scripts Mall Auction Website Script 2.0.4 Directory Traversal Vulnerability in PHP Scripts Mall Cab Booking Script 1.0.3 Parameter Tampering Vulnerability in PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 HTML Injection Vulnerability in PHP Appointment Booking Script 3.0.3 Heap-based Buffer Over-read in d_expression_1 in GNU libiberty Stack Consumption Vulnerability in GNU libiberty Excessive Memory Allocation Vulnerability in GNU Binutils 2.32 Excessive Memory Allocation Vulnerability in GNU Binutils 2.32 Out-of-Bounds Read Vulnerability in GNU Binutils 2.32 Heap-based Buffer Overflow in _bfd_archive_64_bit_slurp_armap in GNU Binutils 2.32 Excessive Memory Allocation Vulnerability in GNU Binutils 2.32 Heap-based Buffer Overflow in GNU Binutils 2.32 via Malformed MIPS Option Section XSS Vulnerability in zzcms 2019 via Arbitrary User/ask.php?do=modify Parameter Insecure Password Storage in DomainMOD before 4.14.0 Remote Command Execution in ThinkPHP before 3.2.4 SQL Injection Vulnerability in SQLiteManager 1.20 and 1.24 via /sqlitemanager/main.php dbsel parameter Remote Denial of Service Vulnerability in Hoteldruid before 2.3.1 Denial of Service Vulnerability in Hoteldruid v2.3.1 SQL Injection Vulnerability in HotelDruid v2.3.1 and Earlier via /visualizza_tabelle.php anno Parameter SQL Injection Vulnerability in HotelDruid v2.3.1 and Earlier via /tab_tariffe.php numtariffa1 Parameter Reflected Cross Site Scripting (XSS) Vulnerability in Humhub 1.3.10 Community Edition's file/file/upload Reflected Cross Site Scripting (XSS) Vulnerability in Humhub 1.3.10 Community Edition's /s/adada/cfiles/upload Weak Encryption Vulnerability in Moxa MGate Devices Insufficient Password Requirements in Moxa MGate Devices Denial of Service Vulnerability in Moxa MGate Devices Integer Overflow in Moxa MGate Devices: Remote DoS Vulnerability Buffer Overflow Vulnerability in Moxa MGate Devices Cleartext Transmission of Sensitive Information in Moxa MGate Devices Predictable Token Generation Vulnerability Unauthorized Access to Sensitive Information on Moxa MGate Devices Cleartext Passwords in Configuration File Vulnerability Unauthenticated API Access in SAET Impianti Speciali TEBE Small 05.01 Build 1137 Remote File Inclusion Vulnerability in SAET Impianti Speciali TEBE Small 05.01 build 1137 Cross-Site Scripting (XSS) Vulnerability in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] Cross-Site Scripting (XSS) Vulnerability in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=baidumap&x=[XSS]&y=[XSS] Cross-Site Scripting (XSS) Vulnerability in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] Cross-Site Scripting (XSS) Vulnerability in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] Integer Overflow and OOPS Vulnerability in Xiaomi MIX 3 MSM GPU Driver Integer Overflow and OOPS Vulnerability in Xiaomi MIX 3 MSM GPU Driver NULL Pointer Dereference in getString() Function in Ming (libming) 0.4.8 Out of Bounds Write Vulnerability in Ming (libming) 0.4.8 Unsafe eval usage in util/utils.js allows code execution in irisnet-crypto before 1.1.7 for IRISnet DLL Hijacking Vulnerability in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows Platforms Command Injection Vulnerability in Motorola C1 and M2 Devices Command Injection Vulnerability in Motorola C1 and M2 Devices Command Injection Vulnerability in Motorola C1 and M2 Devices Command Injection Vulnerability in Motorola C1 and M2 Devices Command Injection Vulnerability in Motorola C1 and M2 Devices Arbitrary Command Execution Vulnerability in D-Link DIR-825 Rev.B 2.10 Devices Blank Password Vulnerability on D-Link DIR-825 Rev.B 2.10 Devices Authentication Bypass Vulnerability in D-Link DIR-878 1.12B01 Devices Stack-based Buffer Overflow Vulnerability in D-Link DIR-878 1.12B01 Devices Information Disclosure Vulnerability in D-Link DIR-825 Rev.B 2.10: Exposing Sensitive Device Information via router_info.xml Remote Code Execution Vulnerability in KaKaoTalk PC Messenger Subtitle Processing Integer Underflow Vulnerability in KMPlayer 2018.12.24.14 or Lower Stack-based Buffer Overflow in Architectural Information System 1.0 and Earlier Versions Heap-based Overflow Vulnerability in DaviewIndy 8.98.7 and Earlier Versions Heap-based Overflow Vulnerability in DaviewIndy 8.98.7 and Earlier Versions Integer Overflow Vulnerability in DaviewIndy 8.98.7 and Earlier Versions Integer Overflow Vulnerability in DaviewIndy 8.98.7 and Earlier Versions Integer Overflow Vulnerability in DaviewIndy 8.98.7 and Earlier Versions Deeplink Scheme Processing Vulnerability in Happypoint Mobile App 6.3.19 and Earlier Versions Arbitrary File Execution Vulnerability in ZInsVX.dll ActiveX Control Cross-Site Scripting (XSS) Vulnerability in b3log Symphony (Sym) v3.4.7 and earlier Infinite Recursion Vulnerability in Exiv2 0.27 Infinite Recursion Vulnerability in Exiv2 0.27 XSS Vulnerability in Hsycms V1.1 via Name Field on /book Page Vulnerability: Man-in-the-Middle Attack in Jamf Self Service 10.9.0 Clickjacking Vulnerability in Mailvelope Settings Page Invalid PGP Public Key Import Vulnerability in Mailvelope Privilege Escalation and Unauthorized Key Operations in Mailvelope Mailvelope Prior to 3.3.0: Unauthenticated Public Key Import Vulnerability Out of Bounds Read Vulnerability in HDF HDF5 1.10.4 Library Out of Bounds Read Vulnerability in HDF HDF5 1.10.4 Library OpenPGP.js <=4.1.2 Vulnerability: Signature Replacement for Forging Signed Messages OpenPGP.js <=4.1.2 Vulnerability: Signature Verification Bypass Invalid Curve Attack in OpenPGP.js <=4.2.0: Exploiting Cryptographic Vulnerability to Obtain ECDH Private Key Gemalto DS3 Authentication Server 2.6.1-SP01 OS Command Injection Vulnerability Local File Disclosure Vulnerability in Gemalto DS3 Authentication Server 2.6.1-SP01 Gemalto DS3 Authentication Server 2.6.1-SP01 Broken Access Control Vulnerability Backdoor Account Vulnerability in Sangfor Sundray WLAN Controller Remote Code Execution Vulnerability in Sangfor Sundray WLAN Controller Version 3.7.4.2 and Earlier Insufficient ASN.1 Length Checks in SNMP NAT Module Leading to OOPS or Local Privilege Escalation Arbitrary Code Execution via Crafted XAML Objects in March Networks Command Client Arbitrary Remote Command Execution in Nagios XI Autodiscovery SQL Injection Vulnerability in Nagios XI API Allows Arbitrary SQL Command Execution Privilege Escalation in Nagios XI: Root Access via config.inc.php and import_xiconfig.php Arbitrary Code Injection through Nagios XI's xiwindow Parameter XSS Vulnerability in WooCommerce Photoswipe Caption Heap-based Buffer Over-read in GNU C Library's posix/regexec.c Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Information Exposure Vulnerability in GitLab Community and Enterprise Edition Information Exposure Vulnerability in GitLab Community and Enterprise Edition SSRF Vulnerability in GitLab Community and Enterprise Edition Information Exposure Vulnerability in GitLab Community and Enterprise Edition CSRF Vulnerability in GitLab Community and Enterprise Edition Information Exposure Vulnerability in GitLab Community and Enterprise Edition Information Exposure Vulnerability in GitLab Community and Enterprise Edition Arbitrary PHP Code Execution via Logo Upload in SchoolCMS 2.3.1 CSRF Vulnerability in ZZZCMS zzzphp V1.6.1 via /admin015/save.php?act=editfile Endpoint Buffer Overflow Vulnerability in Contiki-NG and Contiki J2Store Plugin 3.x SQL Injection Vulnerability Arbitrary PHP Code Execution via File Extension Renaming in Bolt CMS Remote Code Execution Vulnerability in JetBrains IntelliJ IDEA Spring Boot Run Configuration SSRF and Local File Read Vulnerability in ikiwiki Arbitrary Python Script Upload Vulnerability in Prima Systems FlexAir Lack of Per-Session Forward Secrecy in ETSI Enterprise Transport Security (ETS) Protocol Uncontrolled Recursion Vulnerability in GNU C Library (glibc) through 2.29 Arbitrary Code Execution via PostgreSQL's COPY TO/FROM PROGRAM Function Command Injection Vulnerability in elFinder PHP Connector (Versions prior to 2.1.48) Arbitrary Code Execution via Directory Traversal in Grin 1.0.2 Biometrical Liveness Authentication Bypass in Aware Mobile Liveness 2.2.1 SDK 2.2.0 for Knomi Remote Code Execution Vulnerability in Unity Editor 2018.3 NULL Pointer Dereference Vulnerability in PoDoFo 0.9.6's PdfTranslator::setSource() Function Heap-based Buffer Underwrite Vulnerability in Poppler 0.74.0 Phoenix Contact Devices: Remote TCP Session Hijacking and Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Nagios IM (Nagios XI) Authorization Bypass in Nagios IM API Allows Unauthorized Incident Closure Arbitrary SQL Command Execution Vulnerability in Nagios IM (Nagios XI) XSS Vulnerability in PRTG Network Monitor v7.1.3.3378 via /public/login.htm errormsg or loginurl parameter XSS Vulnerability in PRTG Network Monitor v7.1.3.3378 via /search.htm searchtext Parameter TCAP Dissector Null Pointer Dereference Vulnerability Buffer Overflow Vulnerability in Wireshark ASN.1 BER Dissectors Integer Overflow and Buffer Overflow in AdvanceCOMP 2.1's png_compress Function Denial of Service Vulnerability in GNU PSPP 1.2.0: Assertion Abort in write_long_string_missing_values() Arbitrary Command Execution in SOFA-Hessian through 4.0.2 via Serialized Hessian Object Vulnerability: Kernel NULL Pointer Dereference Exploit in Linux Kernel RPCAP Dissector NULL Conversation Dereference Vulnerability Live555 before 2019.02.27: Vulnerability in parseAuthorizationHeader function allows for invalid memory access due to malformed headers Misrepresentation of Critical Information in GitLab User Interface Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Uncontrolled Resource Consumption Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition Information Exposure Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition Persistent XSS Vulnerability in baigo CMS 2.1.1 Arbitrary Code Execution Vulnerability in baigo CMS 2.1.1 Denial of Service Vulnerability in AudioCodes Mediant Devices Vulnerability: Unauthorized Access to Quagga VTYs on AudioCodes Mediant Devices Cross-Site Scripting (XSS) Vulnerability in AudioCodes Mediant Devices Cross-Site Request Forgery (CSRF) Vulnerability in AudioCodes Mediant Devices Out of Bounds Read Vulnerability in libvpx Out of Bounds Read Vulnerability in wpa_supplicant_8 Allows Remote Information Disclosure Out of Bounds Read Vulnerability in wpa_supplicant_8 Allows Remote Information Disclosure NFC Out of Bounds Read Vulnerability in Android-10 (A-122323053) NFC Out of Bounds Read Vulnerability in Android-10 (A-122322613) Android Bluetooth Vulnerability: Remote Information Disclosure via Out of Bounds Read NFC Stack Out of Bounds Write Vulnerability in Android-10 (A-121267042) NFC Out of Bounds Read Vulnerability in Android-10 (A-121263487) NFC Out of Bounds Read Vulnerability in Android-10 (A-121150966) Bluetooth Out of Bounds Read Vulnerability in Android NFC Out of Bounds Read Vulnerability in Android-10 (A-121035878) Out of Bounds Read Vulnerability in wpa_supplicant_8 NFC Out of Bounds Read Vulnerability in Android-10 (A-120865977) Out of Bounds Read Vulnerability in Android Kernel's f2fs Driver NFC Out of Bounds Read Vulnerability in Android-10 (A-120428637) Missing Variable Initialization in AAC Codec: Remote Information Disclosure Vulnerability Out of Bounds Write Vulnerability in Android Kernel's FingerTipS Touchscreen Driver Android Bluetooth Vulnerability: Out of Bounds Read Leading to Local Information Disclosure Bluetooth Out of Bounds Read Vulnerability in Android NFC Out of Bounds Read Vulnerability in Android-10 (A-120274615) Uninitialized Data Out-of-Bounds Read Vulnerability in libavc Vulnerability: Insecure Storage of Symmetric Keys in KeyStore Command Injection Vulnerability in readArgumentList of zygote.java in Android 10 Integer Overflow Vulnerability in libmediaextractor Allows Remote Code Execution Android Bluetooth Integer Overflow Vulnerability Allows Local Privilege Escalation Out of Bounds Write Vulnerability in wifilogd Allows Local Privilege Escalation Bluetooth Stack Use After Free Vulnerability in Android-10 (A-113575306) Bluetooth Out of Bounds Read Vulnerability in Android Out of Bounds Read Vulnerability in libxaac on Android-10 (A-116774214) Integer Overflow Vulnerability in MPEG4Extractor Allows for Remote Code Execution Android Telephony Vulnerability: Local Privilege Escalation without User Interaction Out of Bounds Read Vulnerability in libxaac on Android-10 (A-116774502) Bluetooth Out of Bounds Read Vulnerability in Android Out of Bounds Write Vulnerability in sensorservice Use-after-free vulnerability in libstagefright allows for local privilege escalation Cached Linux User ID Permissions Bypass in Android System Settings Out of Bounds Write Vulnerability in Android Kernel WiFi Drivers Race Condition in Android Kernel's mnh Driver Allows Privilege Escalation WiFi State Leak: Location Disclosure Vulnerability in Android-10 Use-after-free vulnerability in Android kernel's synaptics_dsx_htc touchscreen driver allows for local privilege escalation Out of Bounds Write Vulnerability in Android Kernel's mnh Driver Use After Free Vulnerability in Android Kernel's mnh Driver Allows Privilege Escalation Android Kernel Synaptics_dsx_htc Touchscreen Driver Out-of-Bounds Write Vulnerability Information Disclosure Vulnerability in Android-10's proc Filesystem Integer Overflow Vulnerability in libexif Allows for Remote Privilege Escalation Android WiFi Hotspot Service Null Pointer Dereference Denial of Service Vulnerability Improper Permission Checks in Keyguard: Local Privilege Escalation Vulnerability Path Traversal Vulnerability in GoogleContactsSyncAdapter Allows Bypass of User Interaction Requirements Skia Out of Bounds Read Vulnerability in Android-10 (A-113211371) Resource Exhaustion Vulnerability in AAC Codec on Android-10 (Android ID: A-112663564) Android Bluetooth Out of Bounds Read Vulnerability: Remote Information Disclosure Android Bluetooth Out of Bounds Read Vulnerability Allows Remote Denial of Service Bluetooth Out of Bounds Read Vulnerability in Android Android Bluetooth Out of Bounds Read Vulnerability (A-78287084) Out of Bounds Write Vulnerability in libhidcommand_jni Bluetooth Out of Bounds Read Vulnerability in Android Memory Corruption Vulnerability in tzdata Allocation and Deallocation Functions Critical Remote Code Execution Vulnerability in Bluetooth on Android-10 Information Disclosure Vulnerability in Android Activity Manager Service Out of Bounds Read Vulnerability in libstagefright Allows Remote Information Disclosure Out of Bounds Read Vulnerability in libstagefright Allows Remote Information Disclosure Possible Bypass of User Interaction Requirements in com.android.apps.tag NFC Out of Bounds Read Vulnerability in Android-10 (A-112162089) Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Integer Overflow Vulnerability in libFDK: Remote Code Execution in Android Integer Overflow Vulnerability in libMpegTPDec Allows Remote Code Execution on Android Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Integer Overflow Vulnerability in libMpegTPDec Allows Remote Code Execution on Android Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution NFC Out of Bounds Write Vulnerability in Android-10 (A-117985575) Integer Overflow Vulnerability in libFDK: Remote Code Execution in Android Bluetooth Integer Overflow Vulnerability in Android-10: Remote Denial of Service on Incoming Calls Android Bluetooth Vulnerability: Out of Bounds Read Leading to Local Information Disclosure Missing Variable Initialization in libstagefright: Remote Information Disclosure Vulnerability Missing Variable Initialization in libavc: Remote Information Disclosure Vulnerability Missing Variable Initialization in libhevc: Remote Information Disclosure Vulnerability Missing Variable Initialization in libstagefright: Remote Information Disclosure Vulnerability Missing Variable Initialization in libstagefright: Remote Information Disclosure Vulnerability Missing Variable Initialization in libhevc: Remote Information Disclosure Vulnerability Missing Variable Initialization in libavc: Remote Information Disclosure Vulnerability Missing Variable Initialization in libavc: Remote Information Disclosure Vulnerability Missing Variable Initialization in libavc: Remote Information Disclosure Vulnerability Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Unauthenticated Access to Wallpaper Images in Android Wallpaper Manager Service Out of Bounds Read Vulnerability in libvpx Bluetooth Out of Bounds Read Vulnerability in Android Android Bluetooth Out of Bounds Read Vulnerability: Remote Information Disclosure Android Bluetooth Out of Bounds Read Vulnerability: Remote Information Disclosure Uninitialized Data Vulnerability in Bluetooth on Android-10 (A-112917952) Android Bluetooth Out of Bounds Read Vulnerability (A-111214739) Bluetooth Out of Bounds Read Vulnerability in Android Bluetooth Out of Bounds Read Vulnerability in Android Bluetooth Out of Bounds Read Vulnerability in Android Uninitialized Data Vulnerability in libhevc Allows Remote Information Disclosure Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Android Bluetooth Out of Bounds Read Vulnerability (A-111214770) Bluetooth Out of Bounds Read Vulnerability in Android Bluetooth Out of Bounds Read Vulnerability in Android NFC Server Out of Bounds Read Vulnerability Shared Mapping of OBB Files in Android Kernel Allows Local Privilege Escalation Heap Buffer Overflow in libstagefright: Remote Code Execution Vulnerability Possible Out of Bounds Read Vulnerability in m4v_h263 Codec in Android Remote Denial of Service Vulnerability in libstagefright on Android-10 (CVE-2020-XXXX) Remote Denial of Service Vulnerability in libstagefright on Android-10 (A-124330204) Use-after-free vulnerability in Keymaster in Android-10 allows for local escalation of privilege without additional execution privileges (CVE-2020-XXXXX) Missing Permission Check in SyncStatusObserver Allows for User Profile Bypass and Limited Information Disclosure in Android Resource Exhaustion Vulnerability in libstagefright: Remote Denial of Service in Android Android Bluetooth Out of Bounds Read Vulnerability NFC Server Out of Bounds Read Vulnerability Bluetooth Out of Bounds Read Vulnerability in Android NFC Server Out of Bounds Read Vulnerability Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution NFC Out of Bounds Write Vulnerability in Android-10 (A-120156401) Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Out of Bounds Read Vulnerability in Android TEE Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Out of Bounds Read Vulnerability in libSACdec of Android-10 (A-120426980) Android Bluetooth Out of Bounds Write Vulnerability Allows Remote Code Execution Background User Audio Disclosure Vulnerability in AudioService Critical Bluetooth Deserialization Vulnerability in Android-10 Allows Remote Code Execution Out of Bounds Read Vulnerability in libSBRdec of Android-10 (A-112052062) Android Bluetooth Out of Bounds Read Vulnerability: Remote Information Disclosure Bluetooth Out of Bounds Read Vulnerability in Android Uninitialized Variable Vulnerability in Bluetooth on Android-10 (A-79995407) Android-10 Sonivox Out of Bounds Read Vulnerability Resource Exhaustion Vulnerability in libvpx Leads to Remote Denial of Service in Android Null Pointer Dereference Vulnerability in libskia Mismatched Serialization/Deserialization in JobStore Allows for Local Denial of Service in Android Race condition vulnerability in hostapd allows for local privilege escalation Improper Input Validation in Account.java Leads to Local Denial of Service Vulnerability Local Information Disclosure of Biometric Metadata in FingerprintService Permission Bypass Vulnerability in Activity Manager Service Resource Exhaustion Vulnerability in libstagefright: Remote Denial of Service in Android Possible Spoofing Vulnerability in Android-10 Settings UI Allows Unauthorized Permission Changes Possible Out of Bounds Read Vulnerability in netd with Use After Free Out of Bounds Write Vulnerability in libeffects Allows Remote Code Execution NFC Server Out of Bounds Read Vulnerability Improper Permissions Check in LockPatternUtils Allows Local Privilege Escalation Out of Bounds Read Vulnerability in libxaac Allows Remote Information Disclosure Out of Bounds Write Vulnerability in NFC Server Allows Local Privilege Escalation Android Bluetooth Vulnerability: Remote Information Disclosure via Out of Bounds Read Bluetooth Out of Bounds Read Vulnerability in Android Android Bluetooth Out of Bounds Read Vulnerability Allows Remote Denial of Service Android Bluetooth Out of Bounds Read Vulnerability Allows Remote Denial of Service Uninitialized Data Out-of-Bounds Read Vulnerability in libxaac Bluetooth Vulnerability: Remote Denial of Service in Android-10 (A-116357965) Bluetooth Vulnerability: Remote Denial of Service in Android-10 (A-116351796) Bluetooth Vulnerability: Remote Denial of Service in Android-10 (A-116267405) Bluetooth Denial of Service Vulnerability in Android-10 (CVE-2020-XXXXX) Bluetooth Denial of Service Vulnerability in Android-10 (CVE-2020-XXXXX) Bluetooth Vulnerability: Remote Denial of Service in Android-10 (A-115745406) Vulnerability: Man-in-the-Middle Attack in Android Print Service Bluetooth Null Pointer Dereference Vulnerability in Android-10 (A-115509589) Bluetooth Denial of Service Vulnerability in Android-10 (CVE-2020-XXXXX) Bluetooth Denial of Service Vulnerability in Android-10 (CVE-2020-XXXXX) Improper Casting in cn-cbor Library Leads to Out-of-Bounds Read Vulnerability Bluetooth Vulnerability: Remote Denial of Service Exploit in Android-10 (A-112923309) Integer Overflow Vulnerability in libAACdec Allows for Remote Code Execution Uninitialized Data in libhevc: Remote Information Disclosure Vulnerability in Android-10 (A-112552517) Possible Permissions Bypass in Android Notification Management Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Uninitialized Data in libhevc: Remote Information Disclosure Vulnerability in Android-10 (A-112272091) Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Uninitialized Data Vulnerability in libavc Allows Remote Information Disclosure Out of Bounds Read Vulnerability in libSBRdec Allows Remote Information Disclosure Android Bluetooth Vulnerability: Remote Information Disclosure via Out of Bounds Read Improper Input Validation in wpa_supplicant Allows for Man-in-the-Middle Attack Uninitialized Data Vulnerability in libstagefright: Remote Information Disclosure in Android Uninitialized Data in libstagefright: Remote Information Disclosure Vulnerability Android Bluetooth Vulnerability: Out of Bounds Read Leading to Local Information Disclosure Resource Exhaustion Vulnerability in libstagefright: Remote Denial of Service in Android Android Bluetooth Vulnerability: Remote Information Disclosure via Out of Bounds Read Integer Overflow Vulnerability in libhevc Leads to Remote Denial of Service in Android Integer Overflow Vulnerability in libandroidfw: Local Information Disclosure Android Bluetooth Vulnerability: Remote Information Disclosure via Out of Bounds Read Out of Bounds Write Vulnerability in OpenCV with libpng Integration Information Disclosure Vulnerability in Android Screen Lock Android Bluetooth Out of Bounds Read Vulnerability Allows Remote Denial of Service Android Bluetooth Kernel Out-of-Bounds Write Vulnerability Bluetooth Use After Free Vulnerability in Android-10: Local Information Disclosure Remote Information Disclosure Vulnerability in Android-10: Exploiting BROWSEABLE Intents to Access Sensitive URLs Out of Bounds Write Vulnerability in profman Allows Local Privilege Escalation Bluetooth Null Pointer Dereference Vulnerability in Android-10 (A-109838296) Bluetooth Use After Free Vulnerability in Android-10: Remote Information Disclosure Android Bluetooth Server Out of Bounds Read Vulnerability Possible Information Disclosure in libvpx: Remote Exploitation on Android-10 (A-80479354) Bluetooth Out of Bounds Read Vulnerability in Android Android Bluetooth Out of Bounds Read Vulnerability Secure Boot Bypass Vulnerability in Android Kernel Bootloader Package Manager Information Disclosure Vulnerability Possible Information Disclosure in AOSP Email App: Local File Access Vulnerability Out of Bounds Write Vulnerability in Android Kernel's mnh Driver Allows Privilege Escalation Android Kernel mnh Driver Use After Free Memory Corruption Vulnerability Android Kernel vl53L0 Driver Out of Bounds Write Vulnerability Kernel Pointer Leak in Android Sync Debug FS Driver Out of Bounds Read Vulnerability in Android F2FS Driver Out of Bounds Write Vulnerability in Android Kernel's FingerTipS Touchscreen Driver Use-after-free vulnerability in Android kernel's FingerTipS touchscreen driver allows for local privilege escalation Out of Bounds Write Vulnerability in Android Kernel's FingerTipS Touchscreen Driver Out of Bounds Read Vulnerability in Android Kernel's FingerTipS Touchscreen Driver Race condition vulnerability in Android kernel's FingerTipS touchscreen driver allows for local privilege escalation Out of Bounds Write Vulnerability in Android Touchscreen Driver Allows Local Privilege Escalation Out of Bounds Read Vulnerability in Android Kernel SEC_TS Touch Driver Out of Bounds Read Vulnerability in Android F2FS Touch Driver Out of Bounds Write Vulnerability in Android Kernel i2c Driver Kernel Pointer Leak Vulnerability in Android Video Driver Android Kernel in Pixel C USB Monitor Driver OOB Write Vulnerability Race Condition Use After Free Vulnerability in Android Kernel Video Driver Allows Local Privilege Escalation Heap Buffer Overflow in libttspico: Remote Privilege Escalation in Android Android Kernel VPN Routing Information Disclosure Vulnerability Bluetooth Out of Bounds Read Vulnerability in Android-10 (A-91544774) Possible Bypass of User Interaction Requirements in Android-10: Local Privilege Escalation Vulnerability Incorrect Warning in Location Access Permissions in Android Titan M Cryptographic Operations Information Disclosure Vulnerability Kernel Command Injection Vulnerability in Android Bootloader Double Free Vulnerability in export_key_der of export_key.cpp in Android Out of Bounds Write Vulnerability in km_compute_shared_hmac of Android Kernel Out of Bounds Write Vulnerability in dma_sblk_start of abc-pcie.c Out of Bounds Write Vulnerability in set_outbound_iatu of abc-pcie.c Timing Attack Vulnerability in DCRYPTO_equals of compare.c Bluetooth Out of Bounds Read Vulnerability in Android Bluetooth Out of Bounds Read Vulnerability in Android Information Disclosure Vulnerability in /proc/net Filesystem Unauthorized Access to Sightings in MISP 2.4.102 Amazon Ring Doorbell Encryption Vulnerability Remote Access Vulnerability in Glen Dimplex Deutschland GmbH's Carel pCOWeb Configuration Tool Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition Privilege Escalation Vulnerability in STRATO HiDrive Desktop Client 5.0.1.0 for Windows XML External Entity Attack Vulnerability in Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) Arbitrary File Modification Vulnerability in Trend Micro Apex One, OfficeScan, and Worry-Free Business Security Authentication Bypass Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Arbitrary Remote Code Execution Vulnerability in Trend Micro Anti-Threat Toolkit (ATTK) Versions 1.62.0.1218 and Below DLL Side-Loading Vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG: Code Execution and Endpoint Protection Disabling Hard-coded Admin Credentials in MyCar Controls Mobile App Timing Side Channel Vulnerability in SAE Implementation in hostapd and wpa_supplicant Vulnerability: Side-Channel Attacks in EAP-PWD Implementations Denial of Service Vulnerability in hostapd with SAE Support Unvalidated Scalar and Element Values in EAP-PWD Authentication EAP-PWD Implementation Vulnerability in hostapd and wpa_supplicant EAP-PWD Implementation Vulnerability in wpa_supplicant and hostapd Heap Buffer Overflow in Broadcom brcmfmac WiFi Driver Heap Buffer Overflow in Broadcom wl WiFi Driver Heap Buffer Overflow in Broadcom wl WiFi Driver Broadcom brcmfmac WiFi Driver Frame Validation Bypass Vulnerability Remote Code Execution Vulnerability in PrinterLogic Print Management Software KNOB Attack: Brute-Forcing Bluetooth Encryption Key Length Command Injection Vulnerability in Vertiv Avocent UMG-4000 v4.2.1.19 Web Interface Stored XSS Vulnerability in Vertiv Avocent UMG-4000 Web Interface Reflected XSS Vulnerability in Vertiv Avocent UMG-4000 Web Interface Unlocked State RDP Vulnerability in Windows 10 and Windows Server 2019+ HTTP/2 Vulnerability: Window Size and Stream Prioritization Manipulation Leading to Denial of Service HTTP/2 Ping Flood Vulnerability HTTP/2 Resource Loop Vulnerability: Denial of Service through Priority Tree Churn HTTP/2 Reset Flood Vulnerability HTTP/2 Settings Flood Vulnerability HTTP/2 Header Leak Vulnerability HTTP/2 Unconstrained Internal Data Buffering Vulnerability HTTP/2 Empty Frame Denial of Service Vulnerability Default Authentication Bypass in Cobham EXPLORER 710 Web Application Portal Unrestricted File Access Vulnerability in Cobham EXPLORER 710 Firmware 1.07 Unauthenticated Remote Access Vulnerability in Cobham EXPLORER 710 Firmware Version 1.07 Cobham EXPLORER 710 Web Application Portal Cleartext Password Vulnerability Vulnerability: Universal Root Password in Cobham EXPLORER 710 Firmware Firmware Image Validation Bypass Vulnerability in Cobham EXPLORER 710 iTerm2 and tmux Integration Vulnerability: Arbitrary Command Execution via Terminal Output 'alloc8' vulnerability in Apple iPhone 3GS bootrom allows arbitrary firmware installation Cross-site Scripting (XSS) vulnerability in uploaditem.asp of Telos Automated Message Handling System Title: Cross-Site Scripting (XSS) Vulnerability in Telos Automated Message Handling System Cross-site Scripting (XSS) vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows remote script injection into AMHS session Title: Cross-Site Scripting (XSS) Vulnerability in Telos Automated Message Handling System Arbitrary Script Injection in Telos Automated Message Handling System (AMHS) Cross-site Scripting (XSS) vulnerability in itemlookup.asp of Telos Automated Message Handling System allows remote code injection into AMHS session Recursive Function Call Vulnerability in Poppler 0.74.0 Out of Bounds Write Vulnerability in Bento4 1.5.1-628 Recursive Function Call Vulnerability in Poppler 0.74.0 SolarWinds Orion Platform Privilege Escalation via RabbitMQ Service Circular Descriptor Chain Vulnerability in SPDK Vhost Target Incorrect Access Control in Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 CSRF Vulnerability in PopojiCMS v2.0.1 via po-admin/route.php?mod=user&act=addnew URI DhCms through 2017-09-18 Admin Panel XSS Vulnerability Admin.php XSS Vulnerability in DOYO CMS 2.3 through 2015-05-06 File Listing Vulnerability in Eloan V3.0 through 2018-09-20 XSS Vulnerability in Bolt 3.6.4 via Slug, Teaser, or Title Parameter Craft CMS 3.1.12 Pro Version XSS Vulnerability in Header Insertion Field Insufficient Entropy in PSK Generation for Sagemcom F@st 5260 Routers XSS Vulnerability in FiberHome AN5506-04-F RP2669 Devices Persistent Cross Site Scripting (XSS) in Ability Mail Server 4.2.6 via Email Body Persistent Cross Site Scripting (XSS) in Mailtraq WebMail version 2.17.7.3550 via Email Body Contact Application Temporary Uploads Vulnerability Authentication Bypass Vulnerability in Wyze Cam Devices Remote NTLM Hash Theft and SMB Relay Attacks in Druide Antidote RX, HD, 8, 9, and 10 SQL Injection Vulnerability in FlarumChina v0.1.0-beta.7C via /?q= Request XSS Vulnerability in Forminator Contact Form, Poll & Quiz Builder Plugin for WordPress SQL Injection Vulnerability in Forminator Contact Form, Poll & Quiz Builder Plugin for WordPress Remote Code Execution Vulnerability in Delta Controls enteliBUS Manager V3.40_B-571848 Cross-Site Scripting (XSS) Vulnerability in YzmCMS 5.2.0 via admin/system_manage/save.html URI Arbitrary PHP Code Execution Vulnerability in SchoolCMS Version 2.3.1 Vulnerability: Leave Application Mishandling in WP Human Resource Management Plugin Privilege Escalation in WP Human Resource Management Plugin Cross-Site Scripting (XSS) Vulnerability in Quiz And Survey Master Plugin 6.0.4 for WordPress Cross-Site Scripting (XSS) Vulnerability in Blog2Social Plugin for WordPress Uninitialized Stack Memory Leak in Yubico libu2f-host Unintended Access Vulnerability in NexentaStor SMB Server CORS Bypass Vulnerability in st2web Allows for XSS via null Origin Arbitrary File Upload Vulnerability in Booked Scheduler 2.7.5 Outdated Base Software Packages in eQ-3 Homematic CCU2: Denial of Service Vulnerability Title: eQ-3 Homematic CCU2 and CCU3 Vulnerability: Unauthorized Session ID Retrieval and Denial of Service Uncontrolled Admin Access and VPN Service Manipulation in eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 Improper Access Control in eQ-3 Homematic CCU2 and CCU3 JSON API Allows Unauthorized Metadata Manipulation Stack Consumption Vulnerability in Xpdf 4.01's md5Round1() Function Invalid Memory Access Vulnerability in gAtomicIncrement() in Xpdf 4.01 NULL Pointer Dereference Vulnerability in Xpdf 4.01's PSOutputDev::setupResources() Function Denial of Service Vulnerability in TENGCONTROL T-920 PLC v5.5 Devices Reflected XSS Vulnerability in ShoreTel Connect ONSITE Reflected XSS Vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 Reflected XSS Vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 SQL Injection Vulnerability in BlueCMS 1.6 via user_id Parameter in uploads/admin/user.php?act=edit Request XSS Vulnerability in AppCMS 2.0.101 via upload/callback.php params Parameter CSRF Vulnerability in Darktrace Enterprise Immune System before 3.1 via /whitelisteddomains Endpoint CSRF Vulnerability in Darktrace Enterprise Immune System 3.1 CSRF Vulnerability in Cscms 4.1.0 Allows Unauthorized Payment Account Modification AirDroid Android Application Denial of Service Vulnerability Denial of Service Vulnerability in Olive Tree FTP Server for Android Denial of Service Vulnerability in ApowerManager Android Application CSRF Vulnerability in MiniCMS 1.10 Allows Unauthorized Article Deletion Cross-Site Request Forgery (CSRF) Vulnerability in Online Lottery PHP Readymade Script 1.7.0 Reflected Cross-site Scripting (XSS) Vulnerability in PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 via .ico Picture Upload Stored XSS Vulnerability in PHP Scripts Mall Personal Video Collection Script 4.0.4 via Update Profile Feature Path Traversal Vulnerability in PHP Scripts Mall Medical Store Script 3.0.3 Arbitrary Code Execution Vulnerability in OFCMS 1.1.3 Arbitrary Code Execution Vulnerability in OFCMS 1.1.3 Directory Traversal Vulnerability in OFCMS 1.1.3 Arbitrary File Write Vulnerability in OFCMS 1.1.3 Arbitrary Code Execution Vulnerability in OFCMS Arbitrary Code Execution Vulnerability in OFCMS 1.1.3 Command Execution Vulnerability in OFCMS before 1.1.3 via Template File SQL Injection Vulnerability in OFCMS 1.1.3 Arbitrary Code Execution Vulnerability in OFCMS 1.1.3 Arbitrary Code Execution Vulnerability in OFCMS 1.1.3 Local File Inclusion Vulnerability in GraceMedia Media Player Plugin 1.0 for WordPress SSRF Vulnerability in Zimbra Collaboration Suite Arbitrary File Download Vulnerability in eBrigade 4.5 via Directory Traversal Arbitrary Code Execution in Feng Office 3.7.0.5 via ck_upload_handler.php Arbitrary Code Execution Vulnerability in Webmin 1.900 via Java File Manager and Upload/Download Privileges CSRF Vulnerability in JBMC DirectAdmin 1.55 Allows Unauthorized Creation of Admin Account SQL Injection Vulnerability in PHPSHE 1.7's module/index/cart.php Buffer Overflow Vulnerability in CyberArk Endpoint Privilege Manager Allows Privilege Escalation and System Crash XMLTooling Library XML Parsing Exception Vulnerability Default Administrator User with Weak Credentials in Sonatype Nexus Repository Manager Weak Default Permissions in Sonatype Nexus Repository Manager Heap-Based Buffer Over-Read Vulnerability in Poppler 0.74.0's CairoRescaleBox.cc Downsample_Row_Box_Filter Function Arbitrary File Download Vulnerability in ESAFENET CDG V3 and V5 Denial of Service Vulnerability in GNOME GLib 2.59.2 DLL Injection Vulnerability in Minecraft 1.12 on Windows Denial of Service Vulnerability in Google TensorFlow 1.12.2 via Invalid GIF File Improper Handling of Unicode Encoding in urllib.parse.urlsplit and urllib.parse.urlparse leading to Information Disclosure File Access Vulnerability during Rename Operation Uninitialized Read Vulnerability in PHP EXIF Component Uninitialized Read Vulnerability in PHP EXIF Component Invalid Read Vulnerability in PHP EXIF Component Uninitialized Read Vulnerability in PHP EXIF Component Arbitrary PHP Code Execution in Pydio through proxy.php XSSI Vulnerability in Jupyter Notebook Allows Cross-Site Inclusion of Resources Cross-Site Scripting (XSS) Vulnerability in Contact Form Email Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Gila CMS 1.9.1 Directory Traversal Vulnerability in Core FTP 2.0 Build 674 Directory Traversal Vulnerability in Core FTP 2.0 Build 674 XSS Vulnerability in Upcoming Events Plugin for MyBB Vulnerability: Inadequate Filtering Allows PHP Code Execution in SDCMS V1.7 CSRF Vulnerability in SDCMS V1.7 via m=admin&c=theme&a=edit Request Arbitrary Command Execution in NUUO Network Video Recorder Firmware NULL Pointer Dereference in LibOFX startElement Function Incorrect Access Control in Alarm.com ADC-V522IR 0100b9 Devices: VPN Certificate Vulnerability External DTD Loading Vulnerability in Checkstyle before 8.18 Static Code Vulnerability in Chuango 433 MHz Burglar-Alarm Products Stored XSS Vulnerability in YzmCMS 5.2 via admin/category/edit.html catname Parameter Stored XSS Vulnerability in YzmCMS 5.2 via value parameter in admin/system_manage/user_config_edit.html Arbitrary File Deletion Vulnerability in JTBC(PHP) 3.0.1.8 Denial of Service Vulnerability in rovinbhandari FTP XSS Vulnerability in Wordfence Plugin 7.2.3 for WordPress XML External Entity Injection (XXE) Vulnerability in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 Freenet 1483 Vulnerability: MIME Type Bypass for Arbitrary JavaScript Execution Denial of Service Vulnerability in Python's Lib/zipfile.py Buffer Overflow Vulnerability in PHP's phar_tar_writeheaders_int Function Buffer Overflow Vulnerability in Dahua IP Camera Devices: IPC-HFW1XXX, IPC-HDW1XXX, IPC-HFW2XXX (Build before 2018/11) Buffer Overflow Vulnerability in Dahua CGI Interface Denial of Service Vulnerability in Dahua Products Dahua Debug Function Permission Separation Vulnerability Information Leakage Vulnerability in Dahua Products Unencrypted Online Upgrade Information Vulnerability in Dahua Firmware Packages Weak Security Login Mode Vulnerability in Dahua Devices Arbitrary Root Code Execution via Directory Traversal in pacman Heap-Based Buffer Overflow in PoDoFo 0.9.6: PdfString::ConvertUTF16toUTF8 Vulnerability CSRF Vulnerability in sftnow Allows Unauthorized Admin Account Creation Buffer Overflow in process_certificate function in axTLS through 2.1.5 via crafted TLS certificate handshake message Arbitrary File Upload Vulnerability in CMS Made Simple (CMSMS) before 2.2.10 SQL Injection Vulnerability in CMS Made Simple (CMSMS) before 2.2.10 Privilege Escalation Vulnerability in Symantec Endpoint Encryption Arbitrary Code Execution Vulnerability in Norton Core (prior to v278) Cross-Site Scripting (XSS) Vulnerability in Symantec VIP Enterprise Gateway Information Disclosure Vulnerability in Management Center (MC) REST API Allows Unauthorized Access to Passwords Arbitrary File Deletion Vulnerability in Symantec AV Engine Information Disclosure Vulnerability in Symantec Messaging Gateway (prior to 10.7.0) Address Spoofing Vulnerability in Norton Password Manager Cross-Site Scripting (XSS) Vulnerability in DLP 15.5 MP1 and Prior Versions Privilege Escalation Vulnerability in Symantec Endpoint Encryption Privilege Escalation Vulnerability in Symantec Endpoint Encryption Vulnerability: Denial of Service in Vixie Cron due to Unchecked calloc Return Value Vixie Cron Denial of Service Vulnerability Use-after-free vulnerability in Vixie Cron before 3.0pl1-133 Debian package System User Suspension Vulnerability Cross Site Scripting (XSS) Vulnerability in Mahara Collection Title Thread-Safety Vulnerability in JSON Parsing in webargs Unescaped XSS Vulnerability in Joomla! Edit Views Unvalidated Input in JSON Handler of Joomla! com_config leading to XSS Unauthenticated Access to Sample Data Plugins in Joomla! Joomla! Media Form Field XSS Vulnerability Denial of Service Vulnerability in Libav 12.3 Subtitle Decoder Denial of Service Vulnerability in FFmpeg Subtitle Decoder via Crafted Matroska Video File Stack-based buffer overflow in Libav 12.3 subtitle decoder via crafted Matroska video file Stack-based buffer overflow in Libav 12.3 subtitle decoder via crafted Matroska video file Subtitle Decoder Denial of Service Vulnerability in FFmpeg 3.2 and 4.1 Path Traversal Vulnerability in LogicalDOC Community Edition 8.x before 8.2.1 Information Exposure through Log Files in Aquaverde Aquarius CMS through 4.3.5 Persistent XSS Vulnerability in Korenix JetPort 5601 and 5601f Web Manager Arbitrary File Read Vulnerability in eQ-3 AG Homematic CCU3 3.43.15 and Earlier Unauthenticated Password Hash Disclosure in eQ-3 AG Homematic CCU3 Heap-based Buffer Underflow Vulnerability in SdoKeyCrypt.sys Driver in Shanda MapleStory Online V160 Privilege Escalation via Unpublished API in Synaptics Sound Device Drivers Incorrect Access Control Vulnerability in GitLab Community and Enterprise Edition 10.x and 11.x Unauthenticated Remote Access to Admin Account in JFrog Artifactory Sensitive Information Exposure in Aquarius CMS through 4.3.5 Security Group Rule Bypass Vulnerability in OpenStack Neutron DOM-based XSS vulnerability in 1024Tools Markdown 1.0 via '<EMBED SRC=data:image/svg+xml' substring. DOM-based XSS vulnerability in Editor.md 1.5.0 via '<EMBED SRC=data:image/svg+xml' substring. DOM-based XSS vulnerability in Jimmykuu Gopher 2.0 via '<EMBED SRC=data:image/svg+xml' substring. CRLF Injection Vulnerability in urllib2 and urllib CRLF Injection Vulnerability in Go 1.11.5's net/http Package Bypassing ACLs in G Data Total Security through gdwfpcd.sys Command Injection Vulnerability in PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS WebHMI Component Unauthorized Access to WEB-UI via Session Hijacking Vulnerability Privilege Escalation via Insecure Communication Channel in CloudCTI HIP Integrator Recognition Configuration Tool NULL Pointer Dereference in libwebm: DoS Vulnerability Infinite Loop Vulnerability in tinysvcmdns Arbitrary Data Read Vulnerability in tinysvcmdns MQTT Input Plugin Crash via Negative Size Parameter in Fluent Bit CoAP Server Interface Vulnerability: Amplified DDoS Attacks in IoTivity JavaScript Execution Vulnerability in OTRS 6.x and 7.x Content-type mishandling in PictureUpload.pm allows for JavaScript execution in OTRS Information Disclosure Vulnerability in OTRS 7.x Out-of-Bounds Write Vulnerability in Tiny C Compiler 0.9.27 NTFS-3G Integer Underflow Vulnerability Incorrect Access Control in GitLab Community and Enterprise Edition 10.x and 11.x before 11.8.1 Local File Read Vulnerability in LabKey Server 19.1.0 Stored XSS Vulnerability in LabKey Server 19.1.0 Allows Privilege Escalation SQL Injection Vulnerability in TONGDA Office Anywhere 10.18.190121 Remote Code Execution and Memory Corruption Vulnerability in FTPGetter Standard v.5.97.0.177 XXE Vulnerability in PHPSHE 1.7 Allows Unauthorized File Access and Network Scanning Unauthenticated SQL Injection in PHPSHE 1.7 via id parameter in pay.php Cross-Site Scripting (XSS) Vulnerability in Openfind Mail2000 Webmail Vulnerability: Hostname Verification Bypass in HashiCorp Consul 1.4.3 XSS Vulnerability in Blog_mini 1.0 via Comment Reply Author Name Arbitrary Code Execution via Crafted .mp3 File in Free MP3 CD Ripper 2.6 Arbitrary Code Execution via Crafted .wma File in Free MP3 CD Ripper 2.6 Canarytokens Vulnerability: Predictable Size and Metadata in Word Documents CSRF Vulnerability in PilusCart 1.4.1 Allows Unauthorized Addition of Administrator User Heap-based Buffer Overflow in dwg_decode_eed_data Function NULL Pointer Dereference in bit_convert_TU function NULL Pointer Dereference in dwg_dxf_LEADER Function Heap-based Buffer Overflow in dwg_decode_eed_data Function Out-of-Bounds Read Vulnerability in GNU LibreDWG Out-of-Bounds Read Vulnerability in GNU LibreDWG NULL Pointer Dereference in dwg_dxf_LTYPE Function Heap-based Buffer Over-read in GNU LibreDWG's dxf_header_write Function Heap-based Buffer Over-read in dwg_dxf_LTYPE Function NULL Pointer Dereference in dwg_dxf_LTYPE Function Arbitrary Code Execution in gitnote 3.1.0 via Crafted Markdown File Remote Code Execution and Cross-Site Scripting Vulnerability in WordPress 5.1.1 Memory Corruption Vulnerabilities in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5 Memory Corruption Vulnerability in Firefox 65 Use-After-Free Vulnerability in Thunderbird, Firefox ESR, and Firefox Arbitrary Object Type Confusion Vulnerability in IonMonkey JIT Compiler Memory Corruption Vulnerability in IonMonkey JIT Compiler Spectre Mitigation Bypass Vulnerability in Thunderbird and Firefox Command Injection Vulnerability in Firefox URI Handler Type-Confusion Vulnerability in IonMonkey JIT Compiler: Potential Crash Exploit Use-after-free vulnerability in SMIL animation controller registration Cross-Origin Image Reading Vulnerability in Firefox < 66 Android Firefox < 66: Man-in-the-Middle Attack via APITRACE_LIB Vulnerability Memory Leakage Vulnerability in Firefox < 66 Memory Corruption Vulnerabilities in Firefox and Thunderbird Arbitrary Program ID Execution Vulnerability in Firefox Arbitrary File Length Bypass Vulnerability in Firefox Sandbox Insecure Navigation Vulnerability in Firefox < 66 Command Injection Vulnerability in Firefox Developer Tools on macOS Uninitialized Memory Read Vulnerability in Prio Library Affecting Firefox < 66 FTP Authorization Modal Prompt Denial of Service Vulnerability in Firefox < 66 FTP Connection Text Injection Vulnerability in Firefox < 66 WebRTC Permission Notification Spoofing Vulnerability in Firefox < 66 FTP Connection Denial of Service Vulnerability in Firefox < 66 Buffer Overflow Vulnerability in IonMonkey JIT Compiler for Array.prototype.slice Method Language Pack Sandbox Escape: Exploiting Firefox ESR and Thunderbird Vulnerability Firefox Sandbox Escape via Malicious Firefox Sync Account Login Type Confusion and Arbitrary Memory Access in IonMonkey JIT Code through __proto__ Mutation Memory Corruption Vulnerability in Firefox 66 Timing Attack Vulnerability in macOS 10.14.5 with Hyperthreading Enabled Type Confusion Vulnerability in JavaScript Object Groups Cross-Origin Image Reading Vulnerability Race Condition in Crash Generation Server: Windows Sandbox Escape JavaScript Compartment Mismatch Vulnerability in Fetch API: Exploitable Crash Risk Use-After-Free Vulnerability in Chrome Event Handler Use-After-Free Vulnerability in AssertWorkerThread with Shared Workers in Firefox < 67 Cleartext Storage of Server Credentials in JetBrains IntelliJ IDEA Uninitialized Data in snprintf Call: Information Disclosure Vulnerability in QEMU 3.0.0 Arbitrary PHP Code Execution in FeiFeiCMS 4.1.190209 phpBB Fulltext Search Component Denial of Service Vulnerability Hawt Hawtio 2.5.0 SSRF Vulnerability Arbitrary PHP Code Execution Vulnerability in Maccms 10 Template Rendering Denial of Service Vulnerability in AirMore Android Application AirDrop 2.0 for Android Denial of Service Vulnerability Denial of Service Vulnerability in Screen Stream Application for Android HTML Injection Vulnerability in Netdata Web Application Keystroke Injection Vulnerability in Fujitsu Wireless Keyboard Set LX901 GK900 Devices Insecure Cryptographic Implementation in AMD Platform Security Processor (PSP) 0.17 and Earlier Open Redirect Vulnerability in Doorkeeper::OpenidConnect Stored XSS Vulnerability in VFront 0.99.5 via admin/sync_reg_tab.php azzera parameter Reflected XSS Vulnerability in VFront 0.99.5 via admin/menu_registri.php and admin/sync_reg_tab.php XSS Vulnerability in Vesta Control Panel 0.9.8-23 via Crafted URL Arbitrary ASPX Code Execution in madskristensen MiniBlog XML External Entity (XXE) Vulnerability in DiffPlug Spotless Cross-Site Scripting (XSS) Vulnerability in simple-markdown.js in Khan Academy simple-markdown before 0.4.4 Arbitrary ASPX Code Execution via Unvalidated File Extension in Miniblog.Core RockOA 1.8.7 Background SQL Injection Vulnerability Unconditional Execution of Executable Files via Hyperlinks in LibreOffice Arbitrary Python Command Execution in LibreOffice Versions Prior to 6.2.5 LibreOffice Vulnerability: Stealth Mode Bypass for Bullet Graphics Retrieval Insufficient URL Validation Vulnerability in LibreOffice Arbitrary Python Command Execution in LibreOffice's LibreLogo Vulnerability: Bypassing Directory Traversal Protection in LibreOffice URL Decoding Flaw in LibreOffice Macros Allows Bypass of Security Settings Vulnerability: Arbitrary Script Execution in LibreOffice Arbitrary Python Command Execution Vulnerability in LibreOffice Memory Leak Vulnerability in Linux Kernel's inotify_update_existing_watch() Function Remote Code Execution in Horde Groupware Webmail 5.2.22 and 5.2.17 via Image Upload Vulnerability Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 Authenticated Command Execution Vulnerability Vulnerability: Desynchronization of ABUS Secvest Wireless Remote Control and Alarm System Insecure RFID Technology in ABUS Secvest FUAA50000 Alarm System Allows Unauthorized Deactivation Vulnerability: Lack of Encrypted Signal Transmission in ABUS Secvest Wireless Alarm System Insecure Rolling Code Algorithm Vulnerability in ABUS Secvest Wireless Alarm System Parameter Tampering Vulnerability in PHP Scripts Mall Amazon Affiliate Store 2.1.6 Integer Overflow Vulnerability in Wind River VxWorks 6.9 Allows Remote Code Execution Information Disclosure Vulnerability in GitLab Community and Enterprise Edition 11.x before 11.7.7 and 11.8.x before 11.8.3 Proxy Server Password Disclosure Vulnerability SMTP Password Disclosure in Veritas NetBackup Appliance Cross-Site Scripting (XSS) vulnerability in w8tcha oEmbed plugin for CKEditor Remote Code Execution Vulnerability in Jector Smart TV FM-K75 Devices Cleartext Credential Storage Vulnerability in JetBrains IntelliJ IDEA Ultimate Cleartext Storage of Server Credentials in JetBrains IntelliJ IDEA Ultimate Arbitrary Code Execution via Deserialization in Sitecore.Security.AntiCSRF Module Arbitrary Code Execution via Deserialization in Sitecore Anti-CSRF Module Invalid Memory Access Vulnerability in Xpdf 4.01's TextPage::findGaps() Function Invalid Memory Access Vulnerability in GfxIndexedColorSpace::mapColorToBase() Function in Xpdf 4.0.0 Remote Code Execution Vulnerability in WPGraphQL 0.2.3 Plugin for WordPress Unauthenticated User Data Disclosure in WPGraphQL Plugin Unauthenticated Users Can Bypass Comment Restrictions in WPGraphQL 0.2.3 Plugin CSRF Vulnerability in MailSherlock MSR35 and MSR45 Allows Unauthorized Addition of Malicious Email Sources to Whitelist CSRF Vulnerability in MailSherlock MSR35 and MSR45: Privilege Escalation via useradmin/cf_new.cgi Bypassing Password Validation and Access Management in eClass Platform SQL Injection Vulnerability in eClass Platform Arbitrary File Download Vulnerability in BroadLearning eClass (before ip.2.5.10.2.1) Directory Traversal and File Inclusion Vulnerability in Vanilla before 2.6.4 Insecure Permissions Vulnerability in GitLab Community and Enterprise Edition Privilege Escalation and Command Execution Vulnerability in getopt_simple Arbitrary File Read Vulnerability in Open Ticket Request System (OTRS) libseccomp before 2.4.0: 64-bit syscall argument comparison vulnerability Critical Vulnerability: Remote Memory Overwrite in PuTTY RSA Key Exchange Remote Buffer Overflow Vulnerability in PuTTY Versions Before 0.71 on Unix Local File Hijacking Vulnerability in PuTTY Versions before 0.71 on Windows PuTTY Versions Before 0.71: Multiple Terminal-Based Denial-of-Service Vulnerabilities Recycling of Random Numbers Vulnerability in PuTTY (before 0.71) Null Byte Injection in Envoy HTTP/1.x Header Parsing Path Traversal Vulnerability in Envoy Proxy Stack Consumption Vulnerability in Poppler 0.74.0 Stack Consumption Vulnerability in Graphviz 2.40.1 Font-Organizer Plugin 2.1.1 for WordPress - XSS Vulnerability in wp-admin/options-general.php manage_font_id XSS Vulnerability in Donation Plugin and Fundraising Platform Plugin for WordPress KingComposer Plugin 2.7.6 for WordPress - Cross-Site Scripting (XSS) Vulnerability in wp-admin/admin.php?page=kc-mapper id Cross-Site Scripting (XSS) Vulnerability in Social Networks Auto Poster Plugin for WordPress XSS Vulnerability in wp-google-maps Plugin for WordPress XSS Vulnerability in wp-live-chat-support Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in YOP Poll Plugin for WordPress Open Redirect Vulnerability in GetSimpleCMS 3.3.13 via admin/index.php Redirect Parameter Remote User Denial of Service Vulnerability in ZNC before 1.7.3-rc1 SQL Injection Vulnerability in Harmis JE Messenger Component 1.2.2 for Joomla! Cross-Site Scripting (XSS) Vulnerability in Harmis JE Messenger Component 1.2.2 for Joomla! User Account Impersonation Vulnerability in Harmis JE Messenger Component for Joomla! User Information Disclosure Vulnerability in Harmis JE Messenger Component 1.2.2 for Joomla! Directory Traversal Vulnerability in Harmis JE Messenger Component 1.2.2 for Joomla! NULL Pointer Dereference in pax_decode_header in GNU Tar before 1.32 rbash Vulnerability: Unauthorized Command Execution via BASH_CMDS Manipulation XSS Vulnerability in S-CMS PHP v1.0 via S_id Parameter in 4.edu.php CSRF Vulnerability in LabKey Server 19.1.0 Allows Code Execution via /reports-viewScriptReport.view Caret Remote Code Execution Vulnerability Heap-based Buffer Overflow in GStreamer RTSP Connection Parser Insecure Permissions in Northern.tech CFEngine Enterprise 3.12.1 Lexmark Products: Integer Overflow Vulnerability Denial of Service Vulnerability in Lexmark Printers' SNMP Service Lexmark Products Buffer Overflow Vulnerability Lexmark Products Buffer Overflow Vulnerability Incorrect Access Control in Lexmark Products Lexmark Products Vulnerability: Incorrect Access Control Heap-based Buffer Over-read Vulnerability in SQLite 3.27.2's fts5HashEntrySort Function NULL Pointer Dereference Vulnerability in SQLite 3.27.2 with FTS5 Virtual Table Arbitrary File Download Vulnerability in SHAREit Application Authentication Bypass Vulnerability in SHAREit Application Twig Sandbox Information Disclosure Vulnerability OMERO.server Group Permissions Circumvention Vulnerability OMERO.server File Reading Vulnerability Remote Command Execution in SoftNAS Cloud 4.2.0 and 4.2.1 via User Cookie Bypass Network Firewall Misconfiguration in Cloud Native Computing Foundation (CNCF) CNI 0.7.4 Affecting Kubernetes CRLF Injection Vulnerability in urllib2 and urllib Local File Inclusion Vulnerability in urllib for Python 2.x through 2.7.16 Arbitrary Code Execution via Symlink Abuse in Western Digital My Cloud Devices Authentication Bypass Vulnerability in Western Digital My Cloud Devices Unauthenticated File Upload Vulnerability in Western Digital My Cloud Devices Reflected XSS Vulnerability in Zyxel ATP and USG Series Firewalls Stack-based Buffer Overflow in ImageMagick 7.0.8-35 Q16's PopHexPixel Function in coders/ps.c Stored XSS Vulnerability in Quadbase EspressReport ES (ERES) v7.0 Update 7 CSRF Vulnerability in Quadbase EspressReport ES (ERES) v7.0 Update 7 Allows Privilege Escalation and Unauthorized Admin Account Creation Integer Overflow in JPXStream::init function in Poppler 0.78.0 and earlier Relative Path Vulnerability in LimeSurvey's downloadZip Function Arbitrary Web Script Injection Vulnerability in Wikindx Ressource View Denial of Service and Potential Remote Code Execution in XnView MP 0.93.1 on Windows Denial of Service and Potential Remote Code Execution in XnView MP 0.93.1 Denial of Service Vulnerability in XnView MP 0.93.1 on Windows Denial of Service Vulnerability in XnView MP 0.93.1 on Windows Denial of Service Vulnerability in XnView Classic 2.48 Denial of Service Vulnerability in XnView Classic 2.48 on Windows Denial of Service Vulnerability in XnView Classic 2.48 on Windows Denial of Service Vulnerability in XnView Classic 2.48 IDN Homograph Attack Vulnerability in Signal Messaging App Privilege Escalation via Insecure sudo Configuration in 3CX Phone System Arbitrary Command Execution Vulnerability in 3CX Phone System Terminal Unauthenticated Remote Ping and DoS Vulnerability in DASAN H660RM GPON Routers Hard-coded Encryption Key Vulnerability in DASAN H660RM Firmware 1.03-0022 Boa Server Configuration Vulnerability on DASAN H660RM Devices Tesla Model 3 Entertainment System Renderer Process JIT Compilation Vulnerability Stored XSS Vulnerability in Social Warfare Plugin for WordPress