Vulnerability Index: Year 2020

Isolated App Privilege Escalation Vulnerability in Android Use-after-free vulnerability in ih264d_init_decoder in ih264d_api.c allows remote attackers to execute arbitrary code via a crafted video file in Android 8.0, 8.1, 9, and 10. Time-of-Check Time-of-Use Vulnerability in InstallStart.java Allows Package Validation Bypass Local Denial of Service Vulnerability in WallpaperManagerService's generateCrop Method Out-of-bounds Write Vulnerability in btm_read_remote_ext_features_complete of Android Uninitialized Data Information Disclosure in rw_i93_send_cmd_write_single_block of rw_i93.cc Heap Memory Information Disclosure in flattenString8 of Sensor.cpp Race condition in LowEnergyClient::MtuChangedCallback in low_energy_client.cc leads to out-of-bounds read vulnerability in Android Arbitrary Write Permissions Bypass in ashmem.c (Android Kernel) Out-of-bounds Write Vulnerability in fpc_ta_get_build_info of fpc_ta_kpi.c Out of Bounds Write Vulnerability in get_auth_result of fpc_ta_hw_auth.c Out of Bounds Write Vulnerability in fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c Clickable TYPE_TOAST Window Vulnerability Overlay Vulnerability in CertInstaller: Local Privilege Escalation in Android Insecure Default Password Vulnerability in Broadcom Nexus Firmware Local Information Disclosure Vulnerability in Android's User Dictionary Possible Log Information Disclosure in MotionEntry::appendDescription of InputDispatcher.cpp Insecure Default Password Vulnerability in Broadcom Nexus Firmware ExifInterface.java: Location Information Redaction Failure Possible Permanent Denial-of-Service Vulnerability in removeUnusedPackagesLPw of PackageManagerService.java Out of Bounds Write Vulnerability in reassemble_and_dispatch of packet_fragmenter.cc Missing Permission Check in setPhonebookAccessPermission of AdapterService.java Allows Disclosure of User Contacts over Bluetooth Possible Unauthorized Setting Modification Vulnerability in SettingsBaseActivity.java Screen Pinning Permissions Bypass in deletePackageVersionedInternal of PackageManagerService.java Use-after-free vulnerability in Parcel::continueWrite in Parcel.cpp Out of Bounds Write Vulnerability in HidRawSensor::batch of HidRawSensor.cpp Possible Bypass of Private DNS Settings in NetworkMonitor.java Location History Storage Vulnerability in WifiConfigManager Race condition vulnerability in binder_thread_release in binder.c allows for local privilege escalation without additional execution privileges needed Sensitive Information Disclosure in Augmented Autofill of Android-10 Heap Buffer Overflow in ih264d_release_display_bufs of ih264d_utils.c Stale Pointer Out-of-Bounds Write Vulnerability in CryptoPlugin::decrypt of CryptoPlugin.cpp Out-of-bounds Read Vulnerability in vp8_decode_frame of decodeframe.c Missing Permission Check in TelephonyProvider.java Allows Unauthorized Access to SIM Card Info Possible Permissions Bypass Vulnerability in hasPermissions of PermissionMonitor.java Out of Bounds Read Vulnerability in rw_i93_sm_set_read_only of Android NFC Uninitialized Data Read Vulnerability in rw_i93_sm_update_ndef of rw_i93.cc Uninitialized Data Read Vulnerability in rw_i93_sm_update_ndef of rw_i93.cc Out-of-Bounds Write Vulnerability in binder_transaction of Android Kernel Possible Out of Bounds Read in fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c Out of Bounds Read Vulnerability in authorize_enrol of fpc_ta_hw_auth.c Out of Bounds Read Vulnerability in set_nonce of fpc_ta_qc_auth.c Race condition vulnerability in StatsService::command of StatsService.cpp allows for local escalation of privilege with System execution privileges needed (Android-10). Heap Buffer Overflow in DrmPlugin::releaseSecureStops of DrmPlugin.cpp Allows Local Privilege Escalation Missing Permission Check in setMasterMute of AudioService.java Allows Local Silencing of Audio Possible Stack Information Leak in onTransact of IAudioFlinger.cpp Possible Information Disclosure in onReadBuffer() of StreamingSource.cpp in Android-10 (A-140177694) Out-of-bounds Write Vulnerability in nfa_hciu_send_msg of nfa_hci_utils.cc Possible Tapjacking Vulnerability in SettingsHomepageActivity's onCreate Method Lock Screen SMS Permissions Bypass Vulnerability Out-of-bounds Write Vulnerability in convertHidlNanDataPathInitiatorRequestToLegacy and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp Possible Permission Revocation in WifiNetworkSuggestionsManager Out of Bounds Read Vulnerability in l2c_link_process_num_completed_pkts of l2c_link.cc Out of Bounds Read Vulnerability in btu_hcif_connection_comp_evt of btu_hcif.cc Out of Bounds Read Vulnerability in btm_process_inq_results of btm_inq.cc Out of Bounds Read Vulnerability in l2c_rcv_acl_data of l2c_main.cc Out-of-bounds Read Vulnerability in btm_ble_batchscan_filter_track_adv_vse_cback of Android-10 Possible SQL Injection Vulnerability in SmsProvider.java and MmsSmsProvider.java Allows Permission Bypass and Local Information Disclosure Possible Permissions Bypass in Pixel Recorder Allows Arbitrary Audio Recording Euicc Information Disclosure Vulnerability: Remote Exploitation without User Interaction Local Privilege Escalation Vulnerability in SurfaceFlinger with TEE Bypass Improper Authorization Vulnerability in Android SoC Provisioning Data Processing Improper Authorization in Android Suite Daemon Receiver Component Race condition vulnerability in netlink driver allows for local privilege escalation Out of Bounds Read Vulnerability in f2fs_xattr_generic_list of xattr.c Integer Overflow Vulnerability in crus_afe_get_param of msm-cirrus-playback.c Out-of-Bounds Write Vulnerability in Mediatek Command Queue Driver Out of Bounds Write Vulnerability in rw_t2t_update_lock_attributes of rw_t2t_ndef.cc Out of Bounds Write Vulnerability in rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc Out-of-bounds Write Vulnerability in rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc Out-of-bounds Write Vulnerability in rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc Potential Settings Bypass Vulnerability Allowing Arbitrary Domain Default Handler in PackageManagerService Out of Bounds Read Vulnerability in FPC IRIS TrustZone App's set_shared_key Function Out of Bounds Write Vulnerability in FPC IRIS TrustZone App Out of Bounds Read Vulnerability in FPC IRIS TrustZone App Allows Local Information Disclosure Out of Bounds Write Vulnerability in DrmPlugin.cpp Out-of-bounds Write Vulnerability in CryptoPlugin.cpp (CVE-2020-XXXX) Possible Local Privilege Escalation Vulnerability in AppOpsControllerImpl.java Double Free Vulnerability in AssetManager.java Allows for Local Privilege Escalation Unsafe Deserialization Vulnerability in ExternalVibration.java Allows Arbitrary Intent Activation Improper Default Value Handling in setRequirePmfInternal of sta_network.cpp in Android-10 (A-142797954) Missing Permission Checks in NotificationManagerService.java Allows Local Privilege Escalation Possible Permission Bypass in setBluetoothTethering of PanService.java Possible Out of Bounds Write Vulnerability in readCString of Parcel.cpp Possible Side Channel Information Disclosure in getProcessPss of ActivityManagerService.java Possible Resource Exhaustion Vulnerability in parseTrackFragmentRun of MPEG4Extractor.cpp Missing Permission Check in Audio Server Allows Local Privilege Escalation in Android-11 (A-137015603) Improper Authorization in Android Email Receiver Component (A-149813048) Incorrect Configuration in mnld Driver_cfg for Meta Factory Mode Vulnerability Possible Disclosure of Sensitive Notification Content in setHideSensitive of NotificationStackScrollLayout.java Out-of-bounds Read Vulnerability in exif_data_save_data_entry of exif-data.c Out of Bounds Write Vulnerability in ExifUtils.cpp Possible Privilege Escalation Vulnerability in ActivityStartController.java Permission Bypass Vulnerability in PackageManagerService.java Permission Bypass Vulnerability in navigateUpToLocked of ActivityStack.java Insecure Default Value in addWindow of WindowManagerService.java Allows for Tapjacking and Privilege Escalation Out-of-bounds Read Vulnerability in onTransact of IHDCP.cpp Uninitialized Data Information Disclosure in BnCrypto::onTransact of ICrypto.cpp Out-of-Bounds Write Vulnerability in GattServer::SendResponse of gatt_server.cc Possible Remote Code Execution Vulnerability in a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc Inappropriate Read Vulnerability in KeyguardStateMonitor.java Missing Permission Check in onKeyguardVisibilityChanged in key_store_service.cpp Allows Local Escalation of Privilege in Android Possible Permission Bypass in getCellLocation of PhoneInterfaceManager.java Possible Permissions Bypass and Local Information Disclosure in getUiccCardsInfo of PhoneInterfaceManager.java Possible bypass of foreground process restrictions in postNotification of ServiceRecord.java Missing Permission Check in simulatePackageSuspendBroadcast of NotificationManagerService.java Allows Local Privilege Escalation Out of Bounds Write Vulnerability in psi_write of psi.c Out-of-Bounds Read Vulnerability in sendCaptureResult of Camera3OutputUtils.cpp Local Privilege Escalation Vulnerability in KeyguardSliceProvider Potential settings bypass vulnerability in PackageManagerService.java allows arbitrary domain takeover Possible Bypass of User Profile Isolation in checkSystemLocationAccess of LocationAccessPolicy.java Integer Overflow Vulnerability in aes_cmac.cc Allows Remote Code Execution in Bluetooth Server Out-of-bounds Write Vulnerability in addListener of RegionSamplingThread.cpp Improper Certificate Validation in WifiConfigManager.java Allows Man-in-the-Middle Attack Heap Buffer Overflow in notifyErrorForPendingRequests of QCamera3HWI.cpp Possible Permission Bypass in updateUidProcState of AppOpsService.java Leading to Local Information Disclosure Possible Permissions Bypass in com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml Possible Out of Bounds Write Vulnerability in Android SoC (A-149871374) Out of Bounds Write Vulnerability in markBootComplete of InstalldNativeService.cpp Out of Bounds Read Vulnerability in mediadrm: Local Information Disclosure Race condition vulnerability in DrmPlugin.cpp allows for local code execution Out of Bounds Read Vulnerability in AudioStream::decode of AudioGroup.cpp Integer Overflow Vulnerability in AMPEG4ElementaryAssembler's addPacket Method Out-of-Bound Write Vulnerability in SetData of btm_ble_multi_adv.cc Possible Command Injection Vulnerability in Android-11 (Android ID: A-123230379) Allows Local Privilege Escalation Out-of-bounds Write Vulnerability in MPEG4Extractor.cpp Possible Out of Bounds Read in BnAAudioService::onTransact of IAAudioService.cpp GPS Location Spoofing Vulnerability in MockLocationAppPreferenceController Possible Information Disclosure in BnDrm::onTransact of IDrm.cpp Possible Backup Metadata Exposure in RollbackManagerServiceImpl.java Integer Overflow Vulnerability in Parcel.cpp Allows for Local Privilege Escalation Missing Permission Check in setIPv6AddrGenMode of NetworkManagementService.java Allows Local Privilege Escalation Out of Bounds Write Vulnerability in get_element_attr_rsp of btif_rc.cc Integer Overflow Vulnerability in NDEF_MsgValidate of ndef_utils.c Information Disclosure in rw_i93_sm_detect_ndef of rw_i93.c Heap Disclosure Vulnerability in OutputBuffersArray::realloc of CCodecBuffers.cpp Information Disclosure in rw_i93_sm_format of rw_i93.c in Android-10 Out of Bounds Read Vulnerability in nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c Out-of-bounds Read Vulnerability in btm_proc_sp_req_evt of btm_sec.cc Out of Bounds Read Vulnerability in btm_simple_pair_complete of btm_sec.cc Out of Bounds Read Vulnerability in btu_hcif_hardware_error_evt of btu_hcif.cc Out-of-bounds Read Vulnerability in btu_hcif_esco_connection_chg_evt of btu_hcif.cc Out of Bounds Read Vulnerability in btu_hcif.cc Out-of-bounds Read Vulnerability in btu_hcif_mode_change_evt of btu_hcif.cc Out-of-bounds Write Vulnerability in rw_t3t_message_set_block_list of Android-10 Out-of-bounds Read Vulnerability in avb_vbmeta_image_verify of avb_vbmeta_image.c Out of Bounds Read Vulnerability in avb_vbmeta_image_verify of avb_vbmeta_image.c Out of Bounds Write Vulnerability in phNxpNciHal_write_ext of phNxpNciHal_ext.cc Out of Bounds Read Vulnerability in nci_proc_core_rsp of nci_hrcv.cc Out of Bounds Write Vulnerability in phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc Possible Out of Bounds Read in NxpNfc::ioctl of NxpNfc.cpp Leading to Local Information Disclosure Out of Bounds Read Vulnerability in nfa_hci_conn_cback of nfa_hci_main.cc Out of Bounds Read Vulnerability in NFC T3T Polling Notification Handling Out of Bounds Read Vulnerability in rw_mfc_writeBlock of rw_mfc.cc Resource Exhaustion Vulnerability in setSyncSampleParams of SampleTable.cpp in Android-10 (A-124771364) Possible Resource Exhaustion Vulnerability in parseChunk of MPEG4Extractor.cpp Possible Resource Exhaustion Vulnerability in parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp Possible Resource Exhaustion Vulnerability in parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp Out of Bounds Read Vulnerability in phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc Out of Bounds Write Vulnerability in phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc Missing Validation in Parceling of URI Information in Android-10: Local Privilege Escalation Vulnerability Integer Overflow Vulnerability in ResourceTypes.cpp Out-of-bounds Write Vulnerability in impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c Resource Exhaustion Vulnerability in RTTTL_Event of eas_rtttl.c in Android-10 (A-123700383) Missing Bounds Check in IMY_Event of eas_imelody.c Allows for Remote Denial of Service in Android-10 Resource Exhaustion Vulnerability in Parse_lart of eas_mdls.c Resource Exhaustion Vulnerability in Parse_art of eas_mdls.c Improper Input Validation in Parse_lins of eas_mdls.c Leads to Remote Denial of Service in Android-10 Resource Exhaustion Vulnerability in Parse_ptbl of eas_mdls.c Resource Exhaustion Vulnerability in XMF_ReadNode of eas_xmf.c Out-of-Bounds Read Vulnerability in avdt_msg_prs_rej of avdt_msg.cc Possible Permissions Bypass in connect() of PanService.java Allows Local Privilege Escalation Missing Permission Check in getAllConfigFlags of SettingsProvider.cpp Allows Local Information Disclosure Insufficient Input Validation in doSendObjectInfo of MtpServer.cpp Allows Path Traversal Attack Possible Out of Bounds Read in GetOpusHeaderBuffers() of OpusHeader.cpp in Android-10 (A-142861738) Integer Overflow Vulnerability in exif_data_load_data_thumbnail of exif-data.c Out of Bounds Read Vulnerability in exif_entry_get_value of Android-10 Incomplete Reset Vulnerability in BluetoothManagerService Allows Local Privilege Escalation Potential Infinite Loop Vulnerability in ihevcd_ref_list() of ihevcd_ref_list.c Out-of-bounds Read Vulnerability in avrc_pars_browsing_cmd of avrc_pars_tg.cc Out of Bounds Write Vulnerability in hal_fd_init of hal_fd.cc Incorrect Cryptographic Algorithm Selection in engineSetMode of BaseBlockCipher.java Possible Permissions Bypass in SettingsSliceProvider.java's onCreatePermissionRequest Method Resource Exhaustion Vulnerability in ihevcd_decode() of Android-10 Heap Buffer Overflow in ideint_weave_blk of ideint_utils.c Out-of-bounds Read Vulnerability in ih264d_update_default_index_list() of ih264d_dpb_mgr.c Out-of-bounds Read Vulnerability in ih264d_decode_slice_thread of ih264d_thread_parse_decode.c Heap Buffer Overflow in ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s Integer Overflow Vulnerability in ihevcd_parse_slice_header.c Allows for Remote Code Execution Uninitialized Data Information Disclosure Vulnerability in ihevcd_iquant_itrans_recon_ctb Possible Remote Denial of Service Vulnerability in RegisterNotificationResponse::GetEvent Out of Bounds Read Vulnerability in InitDataParser::parsePssh of InitDataParser.cpp Integer Overflow Vulnerability in exif_data_load_data_content of exif-data.c Possible Use-After-Free Vulnerability in TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp Out of Bounds Read Vulnerability in ReadLittleEndian of raw_bit_reader.cc Possible Credential Leak in showSecurityFields of WifiConfigController.java Possible Bypass of Developer Settings Requirements for Capturing System Traces in TraceService.java Possible UID Reuse Vulnerability in freeIsolatedUidLocked of ProcessList.java Bypassing Signature Check in InstallPackage of package.cpp in Android-10 (A-136498130) Out-of-bounds Read Vulnerability in DaalaBitReader Constructor of entropy_decoder.cc Improper Input Validation in Android Settings App Leads to Local Denial of Service Out-of-Bounds Read Vulnerability in jdmarker.c of Android-10 (A-135532289) Possible Permissions Bypass in AccountManager.java Allows Local Privilege Escalation Possible Permissions Bypass in AccountManager.java Allows Local Privilege Escalation Possible Permissions Bypass and Privilege Escalation in removeSharedAccountAsUser of AccountManager.java Out of Bounds Read Vulnerability in SumCompoundHorizontalTaps of convolve_neon.cc Use-after-free vulnerability in _onBufferDestroyed of InputBufferManager.cpp allows for remote information disclosure in Android Heap Buffer Overflow in hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s Out of Bounds Read Vulnerability in ce_t4t_process_select_file_cmd of ce_t4t.cc Bluetooth Information Leak Vulnerability in ConfirmConnectActivity Integer Overflow Vulnerability in phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp Out of Bounds Write Vulnerability in RW_T4tPresenceCheck of Android-10 (A-141331405) Race condition vulnerability in loadSoundModel and related functions of SoundTriggerHwService.cpp allows for local privilege escalation without additional execution privileges needed Possible Insecure Intent in SliceDeepLinkSpringBoard.java Allows Local Elevation of Privilege Out of Bounds Write Vulnerability in msm-cirrus-playback.c Numeric Overflow Vulnerability in Airbrush FW's Scratch Memory Allocator Unbounded Write Vulnerability in Android Kernel Out-of-bounds Write Vulnerability in FastKeyAccumulator::GetKeysSlow Out-of-Bounds Write Vulnerability in a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc Out of Bounds Write Vulnerability in createWithSurfaceParent of Client.cpp Missing Permission Check in onCommand of CompanionDeviceManagerService.java Improper Configuration of Recorder Service in Android SoC (A-156333723) Possible Out of Bounds Write Vulnerability in Android SoC (A-156333725) Possible Out of Bounds Write Vulnerability in Android SoC (A-156337262) Android Out of Bounds Write Vulnerability (A-156333727) Use-After-Free Vulnerability in abc_pcie_issue_dma_xfer_sync Use After Free Vulnerability in Android Kernel Allows Local Privilege Escalation Out of Bounds Write Vulnerability in crus_afe_get_param of msm-cirrus-playback.c Memory Corruption Vulnerability in crus_sp_shared_ioctl Out-of-Bounds Read Vulnerability in A2DP_GetCodecType of a2dp_codec_config Race condition vulnerability in updatePreferenceIntents of AccountTypePreferenceLoader allows for local escalation of privilege and launching privileged activities without additional execution privileges needed Location Metadata Disclosure Vulnerability in getDocumentMetadata of DocumentsContract.java Integer Overflow Vulnerability in NewFixedDoubleArray of factory.cc Double Free Vulnerability in NuPlayerStreamListener of Android Use-after-free vulnerability in NuPlayerDriver.cpp allows local privilege escalation Use-after-free vulnerability in clearPropValue of MediaAnalyticsItem.cpp Out-of-bounds Read Vulnerability in writeBurstBufferBytes of SPDIFEncoder.cpp Heap Buffer Overflow in DecodeFrameCombinedMode of combined_decode.cpp Missing Permission Check in getCarrierPrivilegeStatus of UiccAccessRule.java Allows Local Information Disclosure of EID Data Possible Crash Loop in Threshold::getHistogram of ImageProcessHelper.java Possible Permission Bypass and Local Information Disclosure in postInstantAppNotif of InstantAppNotifier.java Possible Permission Bypass and Local Information Disclosure in postInstantAppNotif of InstantAppNotifier.java Missing Permission Check in requestCellInfoUpdateInternal of PhoneInterfaceManager.java Allows Local Information Disclosure of Location Data Possible Out of Bounds Read Vulnerability in Android SoC (A-152647626) Possible Memory Corruption Vulnerability in Android SoC (A-152236803) Possible Memory Corruption Vulnerability in Android SoC (A-152647365) Possible Out of Bounds Read Vulnerability in Android SoC (A-152647751) Out of Bounds Write Vulnerability in LoadPartitionTable of gpt.cc Incomplete Cleanup in SpecializeCommon of com_android_internal_os_Zygote.cpp Allows Local Privilege Escalation in Android-10 Insufficient Cleanup in stopZygoteLocked of AppZygote.java Allows Local Information Disclosure Improper Crypto Usage in dm-verity Allows for Local Privilege Escalation in Android Android SoC Vulnerability: Out of Bounds Read Exploit Missing Seccomp Configuration File Vulnerability in C2 Flame Devices Android WiFi Tethering Vulnerability: Attacker-Controlled Intent Exploitation Potential Permission Bypass in Accessibility Service via Unsafe PendingIntent Libstagefright Integer Overflow Vulnerability Allows Remote Code Execution on Android Android Telephony Vulnerability: Local Information Disclosure without User Interaction Android Factory Reset Protection Vulnerability Allows Local Privilege Escalation Confused Deputy Vulnerability in WindowManager Allows Unexpected App Launch Race Condition Vulnerability in NFC Could Lead to Local Privilege Escalation Android Auto Settings Unsafe PendingIntent Permission Bypass Vulnerability Out of Bounds Read Vulnerability in Tremolo Library on Android-11 (Android ID: A-145790628) Insecure Default Value in Android Settings App: Local Privilege Escalation and Tapjacking Vulnerability Uninitialized Data Vulnerability in libhwbinder Allows Local Information Disclosure Out of Bounds Write Vulnerability in hwservicemanager Possible Information Disclosure in OMX Parser: Local Data Exposure in Android-11 (A-120781925) Permission Bypass Vulnerability in MediaProvider Allows Unauthorized Access to ContentResolver and MediaStore Entries Telephony Vulnerability: Local Information Disclosure via Permission Bypass in Android-11 Missing Permission Check in NetworkPolicyManagerService Allows Local Privilege Escalation Possible Out of Bounds Write Vulnerability in Android SoC (A-160812574) Out of Bounds Read Vulnerability in AAC Parser Allows Remote Information Disclosure Out-of-Bounds Read Vulnerability in nci_proc_ee_management_rsp of nci_hrcv.cc NFC Out of Bounds Read Vulnerability in Android-11 (A-137857778) NFC Out of Bounds Read Vulnerability in Android-11 (A-144506224) Potential Out of Bounds Write Vulnerability in Android SoC (A-163008257) Telephony Vulnerability: Local Information Disclosure via Permission Bypass in Android-11 Telephony Vulnerability: Local Information Disclosure via Permission Bypass in Android-11 Bluetooth AVRCP Audio Metadata Leak Vulnerability in Android-11 Resource Exhaustion Vulnerability in libmkvextractor Leads to Remote Denial of Service in Android Missing Permission Check in PackageManager Allows Local Information Disclosure Missing Permission Check in PackageManager Allows for Local Information Disclosure Missing Permission Check in PackageManager Allows Local Information Disclosure Android Bluetooth Vulnerability: Out of Bounds Read Leading to Local Information Disclosure Android Bluetooth Vulnerability: Out of Bounds Read Leading to Local Information Disclosure Missing Permission Check in Java Network APIs Allows Local Information Disclosure Potential Permission Bypass Vulnerability in bindWallpaperComponentLocked of WallpaperManagerService.java Title: Android Telecom Vulnerability: Permission Bypass via Unsafe PendingIntent Unsafe PendingIntent in ADB and USB Servers Allows Permission Bypass and Local Information Disclosure Permission Bypass Vulnerability in DevicePolicy Service with Unsafe PendingIntent Android Bluetooth Vulnerability: Local Privilege Escalation via Missing Permission Check Bluetooth Metadata Spoofing Vulnerability in Android-11 (A-145130119) Uninitialized Data in NFC Allows Remote Information Disclosure in Android Libstagefright Vulnerability: Remote Denial of Service Exploitation in Android-11 Title: Android Settings Permission Bypass via Unsafe PendingIntent Use-after-free vulnerability in Android Media Extractor allows for remote code execution Title: Android Settings Permission Bypass via Unsafe PendingIntent Race condition leading to use-after-free vulnerability in cdev_get of char_dev.c Ineffective Stack Cookie Placement in LLVM: Local Privilege Escalation in Android-11 (A-139666480) Title: Android Settings Permission Bypass via Unsafe PendingIntent Unsafe PendingIntent in Window Manager Allows Permission Bypass and Local Information Disclosure Android Bluetooth Server Integer Overflow Vulnerability Title: Android Settings Permission Bypass via Unsafe PendingIntent Permission Bypass Vulnerability in InputManagerService with Unsafe PendingIntent Battery Saver Permission Bypass Vulnerability in Android-11 Potential Permission Bypass in NotificationManagerService via Unsafe PendingIntent Missing Permission Checks in AudioService: Local Information Disclosure Vulnerability Zen Mode Vulnerability: Permission Bypass and Local Information Disclosure in Android-11 Telephony Vulnerability: Local Information Disclosure of Radio Data in Android-11 Missing Permission Check in UsageStatsManager Allows Local Information Disclosure Uncaught Exception in System UI Leads to Local Denial of Service in Android-11 Android NFC Out of Bounds Write Vulnerability: Local Privilege Escalation and Firmware Compromise Libstagefright Resource Exhaustion Vulnerability: Remote Denial of Service in Android-11 Uninitialized Data Out-of-Bounds Write Vulnerability in Android MP3 Extractor Possible Out of Bounds Read Vulnerability in apexd with Local Information Disclosure Out of Bounds Read Vulnerability in libavb Allows Local Information Disclosure Out of Bounds Read Vulnerability in libsonivox in Android-11 (A-136660304) NFC Vulnerability: Local Information Disclosure with System Execution Privileges Uninitialized Data Out of Bounds Write Vulnerability in NFC on Android-11 (A-146453119) Missing Permission Check in Core Networking: Local Information Disclosure Vulnerability Integer Overflow Vulnerability in Android Camera Allows Local Information Disclosure OMX Encoder Out-of-Bounds Read Vulnerability in Android-11 (CVE-2021-12345) Possible Memory Corruption Vulnerability in iorap: Local Privilege Escalation and Code Execution Possible Permissions Bypass Vulnerability in Android-11 Allows Local Information Disclosure Remote Denial of Service Vulnerability in libstagefright on Android-11 (A-124783982) Improper Input Validation in UrlQuerySanitizer Allows Remote Code Execution NFC Out of Bounds Write Vulnerability in Android-11 (A-147995915) NFC Out of Bounds Write Vulnerability in Android-11 (A-122361504) Type Confusion Vulnerability in SurfaceFlinger Allows Local Privilege Escalation Bypass of Permissions Check in MediaProvider: Local Information Disclosure Vulnerability Possible Permission Bypass in checkKeyIntent of AccountManagerService.java Possible Out of Bounds Read Vulnerability in Android SoC (A-162980705) Uninitialized Data Vulnerability in libcodec2_soft_mp3dec Permission Bypass Vulnerability in DisplayManager Allows Local Privilege Escalation Android SoC Vulnerability: Out of Bounds Write Exploit Missing Permission Check in NetworkStatsService Allows for Local Information Disclosure Possible Permissions Bypass and Local Information Disclosure in MediaProvider via SQL Injection Permission Bypass Vulnerability in DocumentsUI Allows Local Privilege Escalation Integer Overflow Vulnerability in Mediaserver Allows Local Privilege Escalation Out of Bounds Write Vulnerability in iptables Allows Local Privilege Escalation NFC Out of Bounds Read Vulnerability in Android-11 (A-139188582) NFC Out of Bounds Read Vulnerability in Android-11 (A-139188779) NFC Out of Bounds Write Vulnerability in Android-11 (A-139424089) Libstagefright Vulnerability: Remote Denial of Service in Android-11 (CVE-2021-1234) Possible Permissions Bypass and Local Information Disclosure in MediaProvider via SQL Injection Resource Exhaustion Vulnerability in libmp4extractor: Remote Denial of Service in Android Critical Out of Bounds Write Vulnerability in Bluetooth on Android-11 (A-143604331) Out of Bounds Read Vulnerability in libFraunhoferAAC Out of Bounds Write Vulnerability in Android Audio HAL Use-after-free vulnerability in SurfaceFlinger allows for local privilege escalation Race Condition Use After Free Vulnerability in SurfaceFlinger Allows for Local Privilege Escalation Buffer Overflow Vulnerability in GLESRenderEngine Allows for Local Information Disclosure Uninformed Consent Vulnerability in Android Notification Access Confirmation Uninitialized Data in libDRCdec: Remote Information Disclosure Vulnerability Remote Denial of Service Vulnerability in libstagefright on Android-11 (A-123237930) Resource Exhaustion Vulnerability in libmedia Out of Bounds Read Vulnerability in libDRCdec of Android-11 (A-137282770) Out of Bounds Read Vulnerability in netd Allows Remote Denial of Service Tapjacking Vulnerability in PackageInstaller Allows Permissions Bypass Android SoC Vulnerability: Out of Bounds Write Exploit Possible Permission Bypass in CallLogProvider.java Allows Local Information Disclosure of Voicemail Metadata Integer Overflow Vulnerability in libavb Allows for Local Privilege Escalation Out of Bounds Read Vulnerability in libAACdec of Android-11 (A-112051700) Missing Bounds Check Vulnerability in Android SoC Leads to Out of Bounds Read Missing Permission Check in ActivityManager Allows Local Information Disclosure Race condition vulnerability in SoundTriggerHwService allows for local information disclosure Unsafe PendingIntent in NFC Allows Permission Bypass and Privilege Escalation in Android-11 Telephony Vulnerability: Local Privilege Escalation and EUICC Country Setting Bypass Missing Bounds Check Vulnerability in Android SoC Leads to Out of Bounds Read Out-of-bounds Read Vulnerability in GATT Process Read by Type Response in Android Bluetooth Server Missing Permission Check in onWnmFrameReceived of PasspointManager.java Bluetooth Spoofing Vulnerability in Android Devices Out-of-bounds Write Vulnerability in allocExcessBits of bitalloc.c Integer Overflow Vulnerability in Parse_wave of eas_mdls.c Possible User Consent Bypass Vulnerability in RunInternal of dumpstate.cpp Out-of-Bounds Write Vulnerability in Parse_ins of eas_mdls.c Out-of-Bounds Write Vulnerability in Parse_art of eas_mdls.c Out-of-Bounds Write Vulnerability in Parse_insh of eas_mdls.c Insecure Default Value in RequestPermissionActivity.java Allows Tapjacking Vulnerability Tapjacking Vulnerability in SmartSpace Package Manifest Files Possible Permissions Bypass in createEmergencyLocationUserNotification of GnssVisibilityControl.java Potential Permission Bypass in createSaveNotification of RecordingService.java Possible Permissions Bypass in Zygote SE Policy: Local Information Disclosure Vulnerability Unenforced Protected-Broadcast Vulnerability in PackageManagerService.java Allows Arbitrary Command Execution as System Double Free Vulnerability in getLayerDebugInfo of SurfaceFlinger.cpp Out-of-bounds Read Vulnerability in CryptoPlugin.cpp's Decrypt Functions Insecure Default Value in BluetoothPairingDialog.java Allows Tapjacking and Privilege Escalation Potential Permission Bypass in showNotification of EmergencyCallbackModeService.java Unsafe PendingIntent Allows Permission Bypass in Telephony Potential Permission Bypass and Local Information Disclosure in getNotificationBuilder of CarrierServiceStateTracker.java Possible Permission Bypass and Local Information Disclosure in updateMwi of NotificationMgr.java Unsafe PendingIntent in showLimitedSimFunctionWarningNotification of NotificationMgr.java allows for permission bypass and local information disclosure Unsafe PendingIntent in showDataRoamingNotification of NotificationMgr.java allows for local information disclosure Missing Permission Check in setInstallerPackageName of PackageManagerService.java Possible Local Privilege Escalation Vulnerability in FPC TrustZone Fingerprint App Possible linked list corruption in uvc_scan_chain_forward leading to local privilege escalation in Android kernel Potential Permissions Bypass in NetworkStackNotifier via Unsafe Implicit PendingIntent Out of Bounds Write Vulnerability in libmpeg2dec in Android-11 (A-137794014) Weak Disk Encryption due to Truncated IVs in f2fs Encryption Implementation Integer Overflow Vulnerability in String16.cpp Allows for Local Privilege Escalation Integer Overflow Vulnerability in FileMap.cpp Allows for Local Privilege Escalation Permission Bypass in setNotification of SapServer.java Allows Local Information Disclosure Uninitialized Data Out-of-Bounds Write Vulnerability in AACExtractor Missing Permission Check in setProcessMemoryTrimLevel of ActivityManagerService.java Out of Bounds Read Vulnerability in GATT Process Read by Type Response Non-silenced Audio Buffer Permissions Bypass Vulnerability in AudioFlinger::RecordThread::threadLoop Unsafe PendingIntent in SystemUI Allows Permission Bypass and Contact Data Disclosure Insecure Default Value in Android Settings Screens Allows Tapjacking Attacks Possible Permissions Bypass in setNiNotification of GpsNetInitiatedHandler.java Local Privilege Escalation Vulnerability in getPermissionInfosForGroup of Utils.java Cross-Profile URI Data Leak in PackageInstallerSession.java Memory Corruption Vulnerability in setUpdatableDriverPath of GpuService.cpp Out-of-bounds Write Vulnerability in appendFormatV of String8.cpp Unsafe PendingIntent in constructImportFailureNotification of NotificationImportExportListener.java allows for local information disclosure of contact data Use-after-free vulnerability in binder_release_work in binder.c allows local attackers to escalate privileges in the Android kernel. Out-of-bounds Read Vulnerability in send_vc of res_send.cpp Android Lockdown Bypass: Unauthorized Notification Viewing Vulnerability Unsafe PendingIntent in SyncManager allows for local information disclosure without user interaction Out of Bounds Read Vulnerability in create_pinctrl of core.c Race Condition Use After Free Vulnerability in CamX Code Use-after-free vulnerability in l2tp_session_delete function in l2tp_core.c allows for local privilege escalation Out of Bounds Read Vulnerability in skb_headlen of Android Kernel Out of Bounds Write Vulnerability in kbd_keycode of keyboard.c in Android Kernel Integer Overflow in skb_to_mamac of networking.c Allows for Local Privilege Escalation Use-after-free vulnerability in blk_mq_queue_tag_busy_iter in blk-mq-tag.c allows for local privilege escalation in Android kernel (CVE-2021-xxxxx) Possible Local Privilege Escalation Vulnerability in Pixel's Catpipe Library Missing Permission Check in CellBroadcastReceiver's Intent Handlers: Local Denial of Service of Emergency Alerts Uninitialized Data Vulnerability in AIBinder_Class Constructor of ibinder.cpp Incorrect Permission Check in generatePackageInfo of PackageManagerService.java Allows Permissions Bypass and Local Privilege Escalation Missing Permission Check in createVirtualDisplay of DisplayManagerService.java Allows for Local Privilege Escalation Resource Exhaustion Vulnerability in Notification.java Improper Input Validation in Notification.java Could Lead to UI Slowdown or Crash Uncaught Exception in LocaleList.java Leads to Forced Reboot Vulnerability Potential Local Privilege Escalation Vulnerability in Android Kernel Potential Out of Bounds Write Vulnerability in Android SoC (Android ID: A-168264527) Potential Out of Bounds Write Vulnerability in Android SoC (Android ID: A-168264528) Potential Out of Bounds Write Vulnerability in Android SoC (Android ID: A-168251617) Missing Permission Check in getPhoneAccountsForPackage Allows for Local Information Disclosure Use-after-free vulnerability in btm_sec_disconnected function allows remote code execution in Bluetooth server Uninitialized Data Out-of-Bounds Read in rw_i93_sm_format of Android NFC Heap Buffer Overflow in sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp Integer Overflow Vulnerability in exif_entry_get_value of exif-entry.c Unsafe PendingIntent in updateNotification of BeamTransferManager.java allows for permission bypass and local information disclosure Possible permission bypass in callCallbackForRequest of ConnectivityService.java leading to local information disclosure of current SSID Potential Out of Bounds Write Vulnerability in Android SoC (A-170372514) Potential Out of Bounds Write Vulnerability in Android SoC (A-170378843) Android SoC Vulnerability: Out of Bounds Write Exploit Integer Overflow Vulnerability in SPDIFEncoder::writeBurstBufferBytes in Android Potential Local Information Disclosure of WiFi Network Names in Android Improperly Installed Certificates Vulnerability in CertInstaller.java Out-of-bounds Read Vulnerability in sdp_server_handle_client_req of sdp_server.cc Possible side channel information disclosure in resolv_cache_lookup of res_cache.cpp Out of Bounds Write Vulnerability in hid-multitouch.c Possible Use After Free Vulnerability in do_epoll_ctl and ep_loop_check_proc of eventpoll.c Potential Local Information Disclosure Vulnerability in Vpn.java Missing Permission Check in listen() Function of TelephonyRegistry.java Allows Location Permissions Bypass Possible loss of synthetic password leading to local denial of service in addEscrowToken of LockSettingsService.java Heap Buffer Overflow in extend_frame_highbd of restoration.c Improper Input Validation in Bluetooth Connection Reassembly and Dispatch (CVE-2021-12345) Possible Permissions Bypass in BluetoothOppNotification.java Allows Unauthorized File Transfer via Bluetooth Race condition in HalCamera::requestNewFrame of HalCamera.cpp leading to use-after-free vulnerability in Android-11 (A-169282240) Missing Permission Check in createInputConsumer of WindowManagerService.java Allows for Local Privilege Escalation Potential Information Disclosure in onNotificationRemoved of Assistant.java Missing Permission Check in sendLinkConfigurationChangedBroadcast in ClientModeImpl.java Allows Local Information Disclosure Out-of-bounds Write Vulnerability in extend_frame_lowbd of restoration.c Possible Permissions Bypass in DocumentsProvider.java: Local Privilege Escalation Vulnerability Possible Permissions Bypass in DocumentsProvider.java Allows Unauthorized File Operations Possible Permissions Bypass in AndroidManifest.xml Allows Unauthorized Broadcasts Out-of-Bounds Read Vulnerability in IncidentService.cpp Possible Use After Free Vulnerability in DrmManagerService::~DrmManagerService() of Android Use-after-free vulnerability in destroyResources of ComposerClient.h allows for local privilege escalation Potential Local Privilege Escalation in UsbBackend.java Insecure Default Value in openAssetFileListener of ContactsProvider2.java Allows Local Privilege Escalation Uninitialized Data Information Disclosure in ihevc_inter_pred_chroma_copy_ssse3 Out-of-Bounds Write Vulnerability in Parse_data of eas_mdls.c Out of Bounds Read Vulnerability in floor1_info_unpack of floor1.c Possible Denial of Service Vulnerability in readBlock of MatroskaExtractor.cpp Heap Buffer Overflow in BitstreamFillCache of bitstream.cpp in Android-11 (A-154058264) Out-of-bounds Read Vulnerability in CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp Heap Buffer Overflow in ih264d_parse_ave of ih264d_sei.c Possible out of bounds write vulnerability in decode_Huffman of JBig2_SddProc.cpp Use-after-free vulnerability in CPDF_RenderStatus::LoadSMask in cpdf_renderstatus.cpp allows for local information disclosure without additional execution privileges. Missing Permission Check in canUseBiometric of BiometricServiceBase Allows Local Information Disclosure Heap Buffer Overflow in decode_packed_entry_number of codebook.c Heap Buffer Overflow in FLAC__bitreader_read_rice_signed_block of bitreader.c Potential Permission Bypass Vulnerability in InputMethodManager.java Buffer Overflow Vulnerability in Intel Graphics Drivers: Local Denial of Service Exploit Intel Graphics Drivers: Local Access Privilege Escalation Vulnerability Intel Graphics Drivers Vulnerability: Unauthorized Information Disclosure via Local Access Buffer Overflow Vulnerability in Intel Graphics Drivers Vulnerability in Intel(R) Graphics Drivers allowing information disclosure and denial of service Denial of Service Vulnerability in Intel(R) Graphics Drivers Unquoted service path vulnerability in Intel(R) Graphics Drivers Privilege Escalation Vulnerability in Intel(R) Graphics Drivers Installer Intel Graphics Drivers Out of Bounds Read Vulnerability Uncaught Exception Vulnerability in Intel(R) Graphics Drivers Uncaught Exception Vulnerability in Intel Graphics Drivers Escalation of Privilege Vulnerability in Intel Graphics Drivers Default Permissions Vulnerability in Intel Graphics Drivers Uncontrolled Search Path Element Vulnerability in Intel Graphics Drivers Installer Improper Access Control in Intel Graphics Drivers: Local Denial of Service Vulnerability Out-of-bounds Write Vulnerability in Intel Graphics Drivers: Potential Privilege Escalation and Denial of Service Denial of Service Vulnerability in Intel(R) HD Graphics Control Panel Improper Access Control in Intel Graphics Drivers: Potential Privilege Escalation and Denial of Service Path Traversal Vulnerability in Intel(R) Graphics Drivers Privilege Escalation Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel(R) Ethernet I210 Controller Firmware Denial of Service Vulnerability in Intel Ethernet I210 Controller Firmware Default Permissions Vulnerability in Intel(R) Ethernet I210 Controller Firmware Denial of Service Vulnerability in Intel Ethernet I210 Controller Firmware Intel NUC Firmware Vulnerability: Local Privilege Escalation via Improper Input Validation Intel Data Center SSDs Firmware Vulnerability: Privileged User Information Disclosure via Local Access Buffer Overflow Vulnerability in Intel Core Processor BIOS Firmware BIOS Firmware Vulnerability in Intel Core Processor Families: Potential Privilege Escalation via Local Access Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows Privilege Escalation via Local Access Information Disclosure Vulnerability in Intel(R) AMT Versions Before 11.8.77, 11.12.77, 11.22.77, and 12.0.64 Improper Input Validation in Intel(R) AMT Subsystem: Potential Denial of Service and Information Disclosure Reversible One-Way Hash Vulnerability in Intel(R) CSME Versions before 11.8.76, 11.12.77, and 11.22.77 Denial of Service Vulnerability in Intel(R) CSME Versions Before 12.0.64, 13.0.32, 14.0.33, and 14.5.12 Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77, and 12.0.64 Vulnerability: Unauthenticated Information Disclosure via Network Access Improper Input Validation in Intel(R) CSME and TXE Subsystems: Potential Information Disclosure via Network Access Denial of Service Vulnerability in Intel(R) AMT Subsystem Denial of Service Vulnerability in Intel(R) AMT Subsystem Path Traversal Vulnerability in Intel(R) DAL and Intel(R) TXE Software Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77, and 12.0.64 Vulnerability: Unauthenticated Information Disclosure via Network Access Escalation of Privilege Vulnerability in Intel(R) CSME Subsystem Buffer Overflow Vulnerability in Intel(R) CSME Subsystem Intel Processor Vulnerability: Incomplete Cleanup of Special Register Read Operations Kernel Mode Driver Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel CSME, TXE, and SPS Unquoted Service Path Vulnerability in Intel(R) Optane(TM) DC Persistent Memory Module Management Software Privilege Escalation Vulnerability in Intel(R) Data Migration Software Installer Intel(R) Processor Cleanup Errors: Authenticated User Information Disclosure Vulnerability Data Cache Eviction Information Disclosure Vulnerability Intel(R) Processors Data Cache Information Disclosure Vulnerability Intel(R) Processors Speculative Execution Information Disclosure Vulnerability Intel Wireless Bluetooth Driver Vulnerability: Local Information Disclosure via Out-of-Bounds Read Race Condition Vulnerability in Intel(R) Wireless Bluetooth(R) Software Installer on Windows* 7, 8.1, and 10 Vulnerability: Privilege Escalation via Improper Input Validation in Intel(R) Wireless Bluetooth(R) Products BlueZ Subsystem Vulnerability: Unauthenticated Access Control Exploit for Privilege Escalation and Denial of Service Insecure Inherited Permissions in Intel(R) PROSet/Wireless WiFi Products: Potential Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Intel(R) PROSet/Wireless WiFi Driver for Windows 10 Insecure Inherited Permissions in Intel(R) PROSet/Wireless WiFi Products: Privilege Escalation Vulnerability Privilege Escalation Vulnerability in Intel(R) Renesas Electronics(R) USB 3.0 Driver Installer Improper Initialization in Intel(R) SGX SDK: Potential Privilege Escalation via Local Access Privilege Escalation Vulnerability in Intel(R) RWC2 Installer Privilege Escalation Vulnerability in Intel(R) MPSS Installer Privilege Escalation Vulnerability in Intel(R) RWC3 Installer Uncontrolled Search Path Vulnerability in Intel Graphics Drivers Improper Access Control in Intel(R) TXE Subsystem: Physical Access Privilege Escalation Vulnerability Denial of Service Vulnerability in Intel(R) Graphics Drivers Race condition vulnerability in Intel(R) Driver and Support Assistant (before version 20.1.5) enables local denial of service. Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products on Windows 10 Uncontrolled Search Path Vulnerability in QT Library BIOS Firmware Vulnerability in 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series: Local Access Information Disclosure Privilege Escalation Vulnerability in Intel(R) Server Board S2600ST and S2600WF Firmware Intel CSI2 Host Controller Driver Out of Bounds Read Vulnerability Block Design Vulnerability in Intel(R) MAX(R) 10 FPGA: Escalation of Privilege and Information Disclosure via Physical Access Buffer Overflow Vulnerability in Intel(R) Unite Client for Windows* Buffer Overflow Vulnerability in Intel(R) Modular Server MFS2600KISPP Compute Module Escalation of Privilege Vulnerability in Intel(R) Modular Server MFS2600KISPP Compute Module Privilege Escalation Vulnerability in Intel(R) Modular Server MFS2600KISPP Compute Module Vulnerability: Improper Access Control in Intel(R) Smart Sound Technology Subsystem Firmware Buffer Overflow Vulnerability in Intel SSD and Optane SSD Series Improper Initialization Vulnerability in Intel(R) SPS Subsystem BIOS Firmware Vulnerability: Privilege Escalation via Improper Conditions Check in Intel(R) Processors BIOS Firmware Vulnerability: Privilege Escalation via Improper Conditions Check in Intel(R) Processors BIOS Firmware Vulnerability: Local Privilege Escalation in Intel(R) Processors Buffer Overflow Vulnerability in Intel(R) Processor BIOS Firmware Vulnerability in Intel(R) Processors BIOS Firmware Allows Local Privilege Escalation and Denial of Service Buffer Overflow Vulnerability in Intel(R) Processor BIOS Firmware IPv6 Subsystem Out-of-Bounds Read Vulnerability in Intel(R) AMT and Intel(R) ISM IPv6 Subsystem Use After Free Vulnerability in Intel(R) AMT and Intel(R) ISM Information Disclosure Vulnerability in Intel(R) AMT and Intel(R) ISM DHCPv6 Subsystem IPv6 Subsystem Out-of-Bounds Read Vulnerability in Intel(R) AMT and Intel(R) ISM Versions before 14.0.33 Uncontrolled Search Path Vulnerability in Intel(R) Binary Configuration Tool Installer Privilege Escalation Vulnerability in Intel(R) Processors' PMC Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows Privilege Escalation Windows CryptoAPI Spoofing Vulnerability ASP.NET Core Denial of Service Vulnerability ASP.NET Core Remote Code Execution Vulnerability Visual Studio Code Remote Code Execution via Environment Variables .NET Markup Remote Code Execution Vulnerability .NET Markup Remote Code Execution Vulnerability Memory Object Disclosure Vulnerability in Microsoft Graphics Components Kernel Information Disclosure Vulnerability in Win32k Component Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Windows Remote Desktop Client Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Common Log File System Driver Memory Object Disclosure Vulnerability Windows Hard Link Handling Vulnerability Hyper-V Denial of Service Vulnerability SQL Server Reporting Services Remote Code Execution Vulnerability Cryptographic Services Elevation of Privilege Vulnerability Third Party Filter Bypass Vulnerability in Windows 10 Password Update Windows Graphics Component Information Disclosure Vulnerability Windows Search Indexer Memory Object Handling Elevation of Privilege Vulnerability Win32k Object Handling Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Symbolic Link Elevation of Privilege Vulnerability Windows Subsystem for Linux File Handling Elevation of Privilege Vulnerability Remote Desktop Web Access Credential Information Disclosure Vulnerability Update Notification Manager Elevation of Privilege Vulnerability Windows Common Log File System Driver Memory Object Disclosure Vulnerability Internet Explorer Remote Code Execution Vulnerability Windows Media Service Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Windows GDI+ Information Disclosure Vulnerability Predictable Memory Section Names Vulnerability in Microsoft Windows Header Tampering Vulnerability in Microsoft IIS Server .NET Framework Remote Code Execution Vulnerability Cross-Origin Communication Validation Vulnerability in Microsoft Office Online Windows RSoP Service Application Memory Handling Elevation of Privilege Vulnerability Microsoft Excel Remote Code Execution Vulnerability Microsoft Excel Remote Code Execution Vulnerability Memory Corruption Vulnerability in Microsoft Office Software Microsoft Excel Remote Code Execution Vulnerability OneDrive for Android Passcode Bypass Vulnerability Clipboard Redirection Remote Code Execution Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Memory Object Disclosure Vulnerability Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Windows Hyper-V Privileged User Input Validation Vulnerability Memory Object Handling Vulnerability in Windows: Remote Code Execution Cross-Domain Policy Enforcement Bypass in Microsoft Edge Active Directory Integrated DNS Information Disclosure Vulnerability Active Directory Forest Trust Elevation of Privilege Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Search Indexer Memory Handling Elevation of Privilege Vulnerability Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Scripting Engine Memory Corruption Vulnerability in Internet Explorer Scripting Engine Memory Corruption Vulnerability in Internet Explorer Windows Key Isolation Service Information Disclosure Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Hard Link Elevation of Privilege Vulnerability in Windows Error Reporting Manager Windows Function Discovery Service Elevation of Privilege Vulnerability Windows Function Discovery Service Elevation of Privilege Vulnerability Windows Remote Desktop Client Remote Code Execution Vulnerability Windows Function Discovery Service Elevation of Privilege Vulnerability Windows Installer Symbolic Link Elevation of Privilege Vulnerability LNK Remote Code Execution Vulnerability in Microsoft Windows Windows COM Server Elevation of Privilege Vulnerability Windows Installer Symbolic Link Elevation of Privilege Vulnerability Windows Font Library Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Software Secure Boot Security Feature Bypass Vulnerability DirectX Memory Object Handling Vulnerability Win32k Elevation of Privilege Vulnerability Critical Elevation of Privilege Vulnerability in Microsoft Exchange Server Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Cross-Origin Communication Spoofing Vulnerability in Microsoft Office Online Server Outlook URI Parsing Security Bypass Vulnerability Microsoft Office OLicenseHeartbeat Task Elevation of Privilege Vulnerability Telephony Service Memory Disclosure Vulnerability Win32k Kernel Information Disclosure Vulnerability Azure DevOps Server Cross-site Scripting Vulnerability Windows Client License Service Elevation of Privilege Vulnerability Credential Prompt Bypass Vulnerability in Surface Hub Windows Backup Service Elevation of Privilege Vulnerability Windows Wireless Network Manager Memory Handling Vulnerability Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Cross-Origin Information Disclosure Vulnerability in Microsoft Browsers Windows IME Elevation of Privilege Vulnerability Windows Imaging Library Remote Code Execution Vulnerability DirectX Elevation of Privilege Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability Memory Object Handling Vulnerability in DirectX Windows Graphics Component Elevation of Privilege Vulnerability Win32k Kernel Information Disclosure Vulnerability Win32k Kernel Information Disclosure Vulnerability Active Directory Integrated DNS Remote Code Execution Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Windows Modules Installer Service File Information Disclosure Vulnerability LNK Remote Code Execution Vulnerability in Microsoft Windows Symlink Exploitation in Windows User Profile Service: Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Windows Malicious Software Removal Tool Junction Handling Elevation of Privilege Vulnerability Windows Remote Desktop Client Remote Code Execution Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Kernel Memory Object Handling Vulnerability Tapisrv.dll Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Elevation of Privilege Vulnerability in dssvc.dll Connected Devices Platform Service Elevation of Privilege Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Windows GDI Object Memory Information Disclosure Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Memory Object Disclosure Vulnerability in Microsoft Graphics Components Windows Data Sharing Service Elevation of Privilege Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Connected Devices Platform Service Elevation of Privilege Vulnerability Windows Hyper-V Denial of Service Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Windows Key Isolation Service Information Disclosure Vulnerability Windows SSH Elevation of Privilege Vulnerability Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Arbitrary Type Library Loading Vulnerability in Microsoft Office Active Directory Integrated DNS Remote Code Execution Vulnerability Windows Defender Security Center Elevation of Privilege Vulnerability Windows Defender Security Center Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in Windows Storage Services RDCMan XML External Entity (XXE) Information Disclosure Vulnerability Elevation of Privilege Vulnerability in Microsoft Store Runtime ChakraCore Scripting Engine Remote Code Execution Vulnerability Microsoft Browser Scripting Engine Memory Corruption Vulnerability Windows CSC Service Memory Handling Elevation of Privilege Vulnerability Windows ActiveX Installer Service Memory Handling Vulnerability Windows CSC Service Memory Handling Elevation of Privilege Vulnerability Windows Error Reporting Memory Handling Elevation of Privilege Vulnerability Windows ActiveX Installer Service Memory Handling Vulnerability Windows GDI Memory Disclosure Vulnerability Windows Error Reporting File Operations Vulnerability Windows AppX Deployment Server File Operations Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Windows Installer Symbolic Link Processing Elevation of Privilege Vulnerability Windows Network List Service Elevation of Privilege Vulnerability Windows UPnP Service Elevation of Privilege Vulnerability Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability Windows UPnP Service Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Symlink Exploitation in Windows User Profile Service: Elevation of Privilege Vulnerability Windows Tile Object Service Denial of Service Vulnerability BITS Symbolic Link Elevation of Privilege Vulnerability Win32k Memory Object Handling Elevation of Privilege Vulnerability Visual Studio Extension Installer Service Denial of Service Vulnerability Local Elevation of Privilege Vulnerability in splwow64.exe Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability File Operations Elevation of Privilege Vulnerability in Diagnostics Hub Standard Collector Service Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Microsoft SharePoint Server Reflective XSS Vulnerability Windows SMBv3 Remote Code Execution Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Installer Insecure Library Loading Elevation of Privilege Vulnerability Symbolic Link Parsing Elevation of Privilege Vulnerability in Microsoft Windows Windows Work Folder Service Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Windows Projected Filesystem File Redirection Security Bypass Vulnerability Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Provisioning Runtime File Operations Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability in Microsoft Edge Chakra Scripting Engine Information Disclosure Vulnerability Windows Installer Filesystem Operations Elevation of Privilege Vulnerability Azure DevOps Server and Team Foundation Services Pipeline Job Token Elevation of Privilege Vulnerability Microsoft Edge Remote Code Execution Vulnerability Windows Device Setup Manager File Operations Elevation of Privilege Vulnerability Media Foundation Information Disclosure Vulnerability Windows Kernel Object Memory Handling Vulnerability Windows Language Pack Installer Elevation of Privilege Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability Internet Explorer Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability in Microsoft Browsers ChakraCore Scripting Engine Memory Corruption Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Windows ALPC Elevation of Privilege Vulnerability Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability Windows DNS Denial of Service Vulnerability Elevation of Privilege Vulnerability in Active Directory Federation Services (ADFS) Multi-Factor Authentication NTFS Access Control Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in dnsrslvr.dll Windows Hard Link Elevation of Privilege Vulnerability Windows Hard Link Elevation of Privilege Vulnerability Windows Installer Filesystem Operations Elevation of Privilege Vulnerability Windows Installer Filesystem Operations Elevation of Privilege Vulnerability File Operation Vulnerability in Connected User Experiences and Telemetry Service Windows Network Connections Service Elevation of Privilege Vulnerability VBScript Engine Memory Object Handling Remote Code Execution Vulnerability ChakraCore Scripting Engine Memory Corruption Vulnerability Windows Hard Link Elevation of Privilege Vulnerability Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0851) Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0850) Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0850) Windows Imaging Component Memory Object Handling Vulnerability Windows Mobile Device Management Diagnostics Junction Handling Elevation of Privilege Vulnerability Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0850) Active Directory Integrated DNS Information Disclosure Vulnerability Windows Search Indexer Elevation of Privilege Vulnerability Windows Elevation of Privilege Vulnerability in Public Account Pictures Folder Handling Junctions Windows Modules Installer Service File Information Disclosure Vulnerability Windows ActiveX Installer Service Memory Handling Vulnerability Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Windows Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Elevation of Privilege Vulnerability in Shell Infrastructure Component Windows Network Connections Service Information Disclosure Vulnerability Application Inspector v1.0.23 Remote Code Execution Vulnerability Windows GDI Object Memory Information Disclosure Vulnerability Information Disclosure Vulnerability in splwow64.exe Kernel Information Disclosure Vulnerability in Win32k Component Win32k Memory Object Handling Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Microsoft Browsers Windows GDI Object Memory Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability GDI+ Remote Code Execution Vulnerability Windows GDI Memory Disclosure Vulnerability GDI+ Remote Code Execution Vulnerability Insecure Reply URL Vulnerability in Microsoft Visual Studio Windows GDI Memory Disclosure Vulnerability Elevation of Privilege Vulnerability in Windows Storage Services Win32k Memory Object Handling Elevation of Privilege Vulnerability DirectX Elevation of Privilege Vulnerability Jet Database Engine Remote Code Execution Vulnerability Denial of Service Vulnerability in Microsoft Hyper-V Microsoft SharePoint Server Reflective XSS Vulnerability Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0853) Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability VBScript Engine Remote Code Execution Vulnerability Windows Hard Link Elevation of Privilege Vulnerability Windows Work Folder Service Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Visual Studio Updater Service File Permissions Vulnerability Visual Studio Extension Installer Service Elevation of Privilege Vulnerability Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Service Fabric File Store Service Elevation of Privilege Vulnerability Microsoft Exchange Server Spoofing Vulnerability Denial of Service Vulnerability in Microsoft Hyper-V Remote Code Execution Vulnerability in Microsoft Dynamics Business Central Microsoft Excel Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Graphics Components Windows Text Service Module Remote Code Execution Vulnerability Windows Hyper-V Denial of Service Vulnerability Hyper-V Remote Code Execution Vulnerability Elevation of Privilege Vulnerability in Windows Modules Installer Windows Function Discovery SSDP Provider Memory Handling Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Windows State Repository Service Information Disclosure Vulnerability Windows GDI Elevation of Privilege Vulnerability Windows GDI Elevation of Privilege Vulnerability Windows Hyper-V Memory Object Handling Elevation of Privilege Vulnerability Windows Hyper-V Memory Object Handling Elevation of Privilege Vulnerability Remote Desktop App for Mac Unsigned Binary Loading Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Graphics Component Denial of Service Vulnerability: Exploiting Flaws in Graphics Component to Cause System Crash Remote Code Execution Vulnerability in Microsoft COM for Windows Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Windows Kernel Information Disclosure Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Office SharePoint XSS Vulnerability Windows WpcDesktopMonSvc Memory Management Elevation of Privilege Vulnerability OneDrive for Windows Elevation of Privilege Vulnerability Windows Scheduled Task File Redirection Elevation of Privilege Vulnerability Media Foundation Information Disclosure Vulnerability Adobe Font Manager Library Remote Code Execution Vulnerability Media Foundation Information Disclosure Vulnerability Windows Push Notification Service Elevation of Privilege Vulnerability Win32k Information Disclosure Vulnerability Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Work Profile Notification Authentication Bypass in Microsoft YourPhoneCompanion for Android Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Media Foundation Information Disclosure Vulnerability Media Foundation Information Disclosure Vulnerability Media Foundation Information Disclosure Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability Windows GDI Memory Disclosure Vulnerability Jet Database Engine Remote Code Execution Vulnerability Microsoft Office SharePoint XSS Vulnerability Speculative Memory Access Vulnerability in Windows Kernel Win32k Kernel-Mode Driver Elevation of Privilege Vulnerability Win32k Kernel-Mode Driver Elevation of Privilege Vulnerability Win32k Kernel-Mode Driver Elevation of Privilege Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Access Connectivity Engine Remote Code Execution Vulnerability Win32k Kernel Information Disclosure Vulnerability Windows GDI Memory Disclosure Vulnerability GDI+ Remote Code Execution Vulnerability Windows Codecs Library Remote Code Execution Vulnerability VBScript Object Memory Handling Remote Code Execution Vulnerability VBScript Object Memory Handling Remote Code Execution Vulnerability Internet Explorer Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft SharePoint Remote Code Execution Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint XSS Vulnerability Microsoft Excel Remote Code Execution Vulnerability Memory Object Handling Vulnerability in Microsoft Word Windows Token Security Feature Bypass Vulnerability Microsoft Graphics Component Memory Object Handling Vulnerability Windows Delivery Optimization Service Elevation of Privilege Vulnerability Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Windows Update Stack Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Microsoft Graphics Component Memory Object Handling Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Mobile Device Management (MDM) Diagnostics Information Disclosure Vulnerability Microsoft Office Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows DNS Query Handling Denial of Service Vulnerability Jet Database Engine Remote Code Execution Vulnerability Jet Database Engine Remote Code Execution Vulnerability Windows Update Stack Elevation of Privilege Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability Elevation of Privilege Vulnerability in Windows Graphics Component Jet Database Engine Remote Code Execution Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Memory Handling Vulnerability in macOS Big Sur 11.1 and Earlier Versions Improper File Access Vulnerability in macOS, watchOS, iOS, iPadOS, iCloud, tvOS, and iTunes Privilege Escalation Vulnerability in Path Validation Logic for Symlinks Vulnerability Patched: Logic Issue in File Handling Leading to Application Termination or Code Execution macOS Big Sur 11.0.1 Patch: Privileged Network Position Denial of Service Vulnerability macOS Big Sur 11.0.1 Patch: Enhanced Entitlements to Prevent Unauthorized File Access Improved State Management Addresses Logic Issue in macOS Big Sur 11.0.1, Preventing Kernel Memory Layout Disclosure Privilege Escalation Vulnerability in macOS Big Sur 11.0.1 Sandbox Circumvention Vulnerability in macOS Big Sur 11.0.1 Windows Push Notification Service Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in macOS and iOS Improper Bounds Checking in USD File Processing Leading to Arbitrary Code Execution Improved Access Restrictions in macOS Big Sur 11.0.1 Mitigate Cross-Site Scripting Vulnerability Arbitrary Code Execution Vulnerability in tvOS 14.0, iOS 14.0, and iPadOS 14.0 Directory Path Parsing Vulnerability in macOS Big Sur 11.0.1 Allows Sandbox Escape Arbitrary Code Execution Vulnerability in macOS Big Sur and Catalina Memory Corruption Vulnerability in macOS Big Sur 11.0.1, iOS 14.2, iPadOS 14.2, tvOS 14.2, and watchOS 7.1 Allows Arbitrary Code Execution Vulnerability: Out-of-Bounds Write in Audio File Processing Use-after-free vulnerability in WebKitGTK and WPE WebKit 2.26.4 and earlier versions Potential Buffer Overflow in USB DFU: Exploiting Unchecked wLength Parameter Microsoft Defender Elevation of Privilege: Arbitrary File Deletion Vulnerability USB Mass Storage MemoryWrite Handler Out-of-Bounds Write Vulnerability Memory Corruption Vulnerability in Zephyr OS via Malformed JSON Payload Buffer Overflow Vulnerability in Zephyr Shell Subsystem Privilege Escalation Vulnerability in Zephyr RTOS on ARM Platform Privilege Escalation Vulnerability in Zephyr RTOS Insufficient Argument Validation in Multiple Syscalls: NCC-ZEP-006 Stack Buffer Overflow in GNU C Library's Range Reduction during 80-bit Long Double Function Windows Kernel Object Handling Elevation of Privilege Vulnerability Uninitialized Memory Disclosure and Potential Code Execution in PowerDNS Recursor 4.1.0 - 4.3.0 Memory Disclosure Vulnerability in SICAM MMU, SGU, and T Unauthenticated Remote Command Execution in SICAM MMU, SGU, and T Man-in-the-Middle Attack Vulnerability in SICAM MMU, SGU, and T Windows Graphics Component Elevation of Privilege Vulnerability Clear Text Password Retrieval Vulnerability in SICAM MMU, SGU, and T Stored Cross-Site Scripting (XSS) Vulnerability in SICAM MMU, SGU, and T Buffer Overflow Vulnerability in SICAM MMU, SGU, and T Web Applications Cross-Site Scripting (XSS) Vulnerability in SICAM MMU, SGU, and T Web Servers Firmware Installation Vulnerability in SICAM MMU, SGU, and T Devices Authentication Replay Vulnerability in SICAM MMU, SGU, and T Insecure Password Verification Allows Unauthorized Access to Protected Files in SIMATIC PCS 7 and SIMATIC WinCC Arbitrary Command Execution Vulnerability in SIMATIC RTLS Locating Manager Microsoft Graphics Component Memory Handling Vulnerability Arbitrary Command Execution Vulnerability in SIMATIC RTLS Locating Manager (All versions < V2.10.2) Arbitrary Command Injection Vulnerability in SIMATIC RTLS Locating Manager Sensitive Data Exposure in SIMATIC RTLS Locating Manager (All versions < V2.12) Sensitive Data Exposure in SIMATIC RTLS Locating Manager (All versions < V2.12) Denial-of-Service Vulnerability in SIMATIC RTLS Locating Manager (All versions < V2.12) Remote Code Execution Vulnerability in Desigo CC and Desigo CC Compact Privilege Escalation Vulnerability in License Management Utility (LMU) (All versions < V2.4) User Privilege Escalation in GeniXCMS 1.1.7: Incomplete Fix for CVE-2015-2680 Insufficient Argument Validation in Kscan Subsystem Allows Privilege Escalation Vulnerability: Disabling DTLS Peer Checking in UpdateHub Module Windows Push Notification Service Elevation of Privilege Vulnerability Uninitialized Stack Memory Access Vulnerability in updatehub_probe Memory Corruption Vulnerability in Zephyr Bluetooth Implementation Off-by-one Error in Zephyr Project MQTT Packet Length Decoder Leads to Memory Corruption and Remote Code Execution Denial of Service Vulnerability in Zephyr Project RTOS (Versions 2.2.0 and Later) Stack-based and Heap-based Buffer Overflow Vulnerabilities in ieee802154 Processing in Zephyr versions >= v1.14.2, >= v2.2.0 (CWE-121, CWE-122) Improper Size Checks in Bluetooth HCI over SPI in Zephyr Versions >= v1.14.2, >= v2.2.0 (CWE-130) NULL Pointer Dereference Vulnerability in Bluetooth HCI Core of Zephyr versions >= v1.14.2, >= v2.2.0 (CWE-476) Integer Overflow Vulnerability in Zephyr Project RTOS Denial of Service Vulnerability in Zephyr Project Bluetooth Subsystem Zephyr Bluetooth Unchecked Packet Data Denial of Service Vulnerability Windows Kernel Object Memory Handling Vulnerability Improper Bounds Checking in Zephyr Project MQTT Code Leads to Memory Corruption and Remote Code Execution (NCC-ZEP-031) Buffer Overflow Vulnerability in Zephyr MQTT Parsing Code Allows Remote Code Execution Insufficient Permissions or Privileges Vulnerability in Zephyr GitLab EE 12.4.2 through 12.8.1 Denial of Service Vulnerability GitLab Account Takeover via Expired Link Vulnerability HTML Injection Vulnerability in GitLab 12.5 through 12.8.1 Stored Cross-Site Scripting (XSS) Vulnerability in GitLab 12.1 through 12.8.1 Server Side Request Forgery (SSRF) Vulnerability in GitLab EE 3.0 through 12.8.1 Stored Cross-Site Scripting (XSS) Vulnerability in GitLab 12.1 through 12.8.1 Merge Request Submission Form Incorrect Access Control: Two-Factor Authentication Bypass in GitLab 7.10 through 12.8.1 Jet Database Engine Remote Code Execution Vulnerability Information Disclosure Vulnerability in GitLab 8.3 through 12.8.1 Incorrect Access Control in GitLab LFS Import Process Denial of Service Vulnerability in GitLab 12.2 through 12.8.1: Impacting Public Issue Designs Insecure Permissions Vulnerability in GitLab 12.7 through 12.8.1 Information Disclosure in GitLab EE 11.6 through 12.8.1: Exposure of Private Project Namespace GitLab Merge Request Title Information Disclosure Vulnerability Arbitrary File Read Vulnerability in GitLab 10.4 through 12.8.1 GitLab before 12.8.2: Information Disclosure via Unproxied Badge Images Insecure Permissions in GitLab 12.5 through 12.8.1 Recursive Denial of Service Vulnerability in GitLab 8.11 through 12.8.1 Microsoft Store Install Service File Operations Elevation of Privilege Vulnerability Unintentional Information Disclosure in GitLab 11.7 through 12.8.1 Cross-Site Scripting (XSS) Vulnerability in GitLab 9.3 through 12.8.1 Cross-Site Scripting (XSS) Vulnerability in GitLab Grafana Integration View Cross-Site Scripting (XSS) Vulnerability in Lexmark Pro910 Series and Discontinued Inkjet Printers Cross-Site Scripting (XSS) Vulnerability in Lexmark Printers Browser Cache Information Disclosure Vulnerability in Zammad 3.0 through 3.2 Information Disclosure Vulnerability in Zammad 3.0 through 3.2 Zammad 3.0-3.2 XSS Vulnerability: Execution of Malicious JavaScript via Email Functionality Cross-Site Scripting (XSS) Vulnerability in Zammad 3.0 through 3.2 Allows Execution of Malicious Code Windows Block Level Backup Engine Service (wbengine) File Deletion Elevation of Privilege Vulnerability Improper Access Controls in Zammad 3.0 through 3.2 Allow Unauthorized Viewing of Ticket Customer Details WebSocket Server Crash Vulnerability in Zammad 3.0 through 3.2 User Enumeration and Brute Force Vulnerability in Zammad 3.0-3.2 XSS Vulnerability in Zammad File Upload Functionality Sensitive Information Disclosure in Zammad 3.0-3.2 Information Disclosure Vulnerability in Zammad 3.0 through 3.2 SQL Injection Vulnerability in PHPGurukul Daily Expense Tracker System 1.0 Stored XSS Vulnerability in PHPGurukul Daily Expense Tracker System 1.0 HTTP Request Splitting Vulnerability in Twisted Web HTTP Request Splitting Vulnerability in Twisted Web Windows System Assessment Tool File Operations Elevation of Privilege Vulnerability Non-sensitive Information Exposure Through Caching in Citrix Gateway Inconsistent Interpretation of HTTP Requests in Citrix Gateway 11.1, 12.0, and 12.1 Cache Poisoning Vulnerability in Citrix Gateway 11.1, 12.0, and 12.1 Self XSS vulnerability in cPanel before version 84.0.20 via temporary character-set specification (SEC-515) Stored Self-XSS Vulnerability in cPanel HTML File Editor (SEC-535) Arbitrary Code Execution as Root via dnsadmin in cPanel (SEC-537) Bypassing Feature Restrictions and Demo Accounts in cPanel via WebDisk UAPI Calls (SEC-541) Insecure Demo Check Enforcement in cPanel (SEC-542) cPanel Branding API Vulnerability: Unauthorized File Modification (SEC-543) Remote Code Execution Vulnerability in cPanel (SEC-544) Elevation of Privilege Vulnerability in Wininit.dll Remote Code Execution Vulnerability in cPanel (SEC-545) Code Execution Vulnerability in cPanel (SEC-546) Arbitrary File Deletion Vulnerability in cPanel (SEC-547) Vulnerability: Inadequate Authentication of Session Key Generation in NCR SelfSev ATMs Unencrypted Communication Vulnerability in NCR SelfServ ATMs: Exploiting Deposit Forgery Vulnerability: RSA Certificate Bypass and Arbitrary Code Execution in NCR SelfServ ATMs Vulnerability: Unvalidated Software Updates on NCR SelfServ ATMs Stored Cross-Site Scripting Vulnerability in SearchBlox Products (Versions before 9.2.1) Privileged Escalation: Lower User Access to Admin Functionality in SearchBlox before Version 9.2.1 Elevation of Privilege Vulnerability in Microsoft Windows Group Policy Updates Multiple Super Admin User Creation Vulnerability in SearchBlox before Version 9.1 CSV Macro Injection in Featured Results Parameter in SearchBlox before Version 9.2.1 Cross-Origin Resource Sharing Misconfiguration in SearchBlox before Version 9.1 Vulnerability: Credential Acquisition via Adjacent Access in Bluetooth Pairing Bluetooth BR/EDR Legacy Pairing Vulnerability IP-in-IP Traffic Decapsulation Vulnerability Z-Wave S2 Chipsets Vulnerability: Remote Denial of Service via FIND_NODE_IN_RANGE Injection Arbitrary Code Execution Vulnerability in Acronis Cyber Backup and Cyber Protect Arbitrary Code Execution Vulnerability in Acronis True Image 2021 Windows Update Client Privilege Escalation Vulnerability Arbitrary Code Execution with SYSTEM Privileges in Acronis True Image 2021 Arbitrary Code Execution Vulnerability in Macrium Reflect's OpenSSL Component Privilege Escalation Vulnerability in Adobe ColdFusion Installer Stored Cross-Site Scripting Vulnerability in Microsoft Teams Online Service SolarWinds Orion API Authentication Bypass Vulnerability Windows User-Mode Power Service (UMPS) Object Handling Elevation of Privilege Vulnerability Windows Push Notification Service Memory Object Handling Vulnerability Windows Push Notification Service Elevation of Privilege Vulnerability Multiple Authenticated Command Injection Vulnerabilities in Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m Devices via Ping and Traceroute Diagnostic Pages Race Condition Vulnerability in Timeshift Allows for Privilege Escalation Eval Injection Vulnerability in ASSA ABLOY Yale WIPC-301W Devices Out-of-Bounds Reads in Pillow's FliDecode.c (CVE-2020-5313) Microsoft Dynamics Business Central/NAV Masked Field Information Disclosure Vulnerability Vulnerability: Virus-Detection Bypass via Crafted BZ2 Checksum Field in ESET AV Parsing Engine Arbitrary User Creation with Elevated Privileges in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 SQL Injection Vulnerability in YubiKey Validation Server Replay Attack Vulnerability in YubiKey Validation Server Information Disclosure Vulnerability in Doorkeeper: Unauthorized Access to Client Secret Buffer Overflow Vulnerability in netkit telnetd Utility Remote Code Execution Vulnerability in Zoho ManageEngine Desktop Central Unsigned Binary Loading Vulnerability in Microsoft RMS Sharing App for Mac SQL Injection Vulnerability in MunkiReport before 5.3.0 Authenticated Cross-Site Scripting (XSS) Vulnerability in MunkiReport Unauthenticated Cross-Site Scripting (XSS) in Munkireport before 5.3.0.3923 Virus-Detection Bypass Vulnerability in ESET Archive Support Module Improper Domain Validation in AutoCompleteGal.java in Zimbra zm-mailbox Privilege Escalation and Information Disclosure in Popup-Builder Plugin for WordPress XSS Vulnerability in Popup-Builder Plugin for WordPress JavaEL Injection in Sonatype Nexus Repository (Issue 1 of 2) Adobe Font Manager Library Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Remote Code Execution in Sonatype Nexus Repository before 3.21.2 Hard-coded Password Vulnerability in Amino Communications Devices Allows Unauthorized Video Access Hard-coded Credentials Vulnerability in Amino Communications AK and Aria Series Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, and Kami7B: Remote Code Execution with Root Privileges CWMP Registration Command Injection Vulnerability in Amino Communications AK Series and Aria Series Devices Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Hard-coded SSH Keys in Amino Communications Devices Allow Remote Login Mitel MiVoice Connect UCB Component Remote Code Execution Vulnerability SSRF via URL Parameter in Responsive FileManager 9.13.4 and 9.14.0 Arbitrary Command Execution Vulnerability in D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 Stack-based Buffer Overflow in D-Link DIR-825 Rev.B 2.10 httpd Binary Arbitrary Command Execution Vulnerability in D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 Arbitrary Command Execution Vulnerability in D-Link DIR-825 Rev.B 2.10 and TRENDnet TEW-632BRP 1.010B32 Blind SQL Injection Vulnerability in Sapplica Sentrifugo 3.2 Critical Remote Code Execution Vulnerability in Microsoft Dynamics Business Central SQL Injection Vulnerability in rConfig Web Interface Arbitrary OS Command Execution in rConfig through 3.94 via ajaxAddTemplate.php Heap Corruption Vulnerability in Nitro Pro before 13.13.2.242 via crafted PDF document Heap Corruption Vulnerability in Nitro Pro's npdf.dll Unauthenticated File Upload Vulnerability in PHPGurukul Online Book Store 1.0 Unauthenticated File Upload Vulnerability in PHPGurukul Job Portal 1.0 Arbitrary JavaScript Injection via From Field in vtecrm vtenext 19 CE Messages Module Vulnerability: Remote Code Execution via File Upload in vtecrm vtenext 19 CE CSRF Vulnerability in vtecrm vtenext 19 CE Allows Unauthorized Actions Microsoft SharePoint Remote Code Execution Vulnerability SQL Injection Vulnerability in CentOS Web Panel (CWP) via loader_ajax.php term parameter Remote NULL Pointer Dereference Vulnerability in TP-Link NC Series Devices Stack Buffer Overflow Vulnerability in YAFFS File Timestamp Parsing Logic in The Sleuth Kit (TSK) Heap-Based Buffer Over-Read Vulnerability in The Sleuth Kit (TSK) Version 4.8.0 and Earlier NULL Pointer Dereference Vulnerability in AscRegistryFilter.sys Kernel Driver Arbitrary Code Execution via Unescaped Database Configuration Options in Froxlor Static File Creation Vulnerability in Froxlor Installation Insecure Handling of Sensitive Data in Froxlor Installer Unauthenticated Access Control Vulnerability in Joomla! com_templates Incorrect Access Control in SQL Fieldtype of com_fields in Joomla! before 3.9.16 Microsoft SharePoint Remote Code Execution Vulnerability User duplication vulnerability in Joomla! before 3.9.16 CSRF Vulnerability in Joomla! com_templates Image Actions Cross-Site Scripting (XSS) Vulnerability in Joomla! 3.9.16 and earlier SQL Injection Vulnerability in Joomla! Featured Articles Frontend Menutype Weak Hash Generation in JPaseto v2.local Tokens Buffer Overflow Vulnerability in CODESYS V3 Web Server Reflected XSS Vulnerability in MISP 2.4.122 via unsanitized URL parameters Persistent XSS Vulnerability in MISP 2.4.122 Sighting Popover Tool Password Disclosure Vulnerability in BWA DiREX-Pro 1.2181 Devices Full Path Disclosure Vulnerability in BWA DiREX-Pro 1.2181 Devices Elevation of Privilege Vulnerability in Microsoft SharePoint Server and Skype for Business Server Remote Command Execution in BWA DiREX-Pro 1.2181 Devices via uninstall.php3 Out-of-Bounds Read Vulnerability in ImageMagick's ReadHEICImageByID Function Blind SSRF and Denial of Service Vulnerability in ownCloud Authentication Bypass Vulnerability in ownCloud Image Preview TRRespass: Exploiting Vulnerabilities in Modern DRAM Chips Insecure Random Number Generator in 1Password Command-Line Tool and SCIM Bridge Unrestricted PHP Function Execution in ThemeREX Addons Plugin for WordPress MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability Vulnerability: Unauthorized Access and Control of XIAOMI XIAOAI Speaker Pro LX06 Root Shell Access and Multiple Exploitation Capabilities on XIAOMI XIAOAI Speaker Pro LX06 Authenticated and Unauthenticated Access to RTDE Interface on CB3 SW Version 3.3 and Upwards, e-series SW Version 5.0 and Upwards Unauthenticated Control of Universal Robots Robot Controllers via DashBoard Server Vulnerability: Lack of Integrity Checks in UR+ Components for Universal Robots Unencrypted Intellectual Property Exfiltration in Universal Robots Control Box CB 3.1 Vulnerability: Termination of Critical Services in Windows Task Manager Leads to Operational Halt and Brake Re-Calibration Default Wi-Fi Access Point Credentials Expose MiR Fleet Vehicles to Unauthorized Access Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Default Credentials and Hardcoded IP Address Vulnerability in MiR Fleet Vehicles Vulnerability: Unsecured ROS Computational Graph Exposes MiR Robots to Remote Control Unauthenticated Access Control Vulnerability in MiR Robots Unencrypted Intellectual Property Exfiltration in MiR Controllers Insecure Access Token Generation in REST API Allows Unauthorized Data Exfiltration Default Credentials Used to Generate Access Tokens for REST API Default Password Vulnerability in Safety PLC Allows Manipulated Program Upload and Disabling of Emergency Stop Live OS Boot Vulnerability: Unauthorized Access and Privilege Escalation Unprotected BIOS Allows Unauthorized Modification of Boot Order and Live Image Booting Insecure Defaults and Vulnerabilities in MiR Robot Controllers Running Ubuntu 16.04.2 Windows Media Foundation Memory Corruption Vulnerability Apache Server Vulnerable to DoS Attack via Incomplete HTTP Headers MAVLink Vulnerability: Remote Access to Sensitive Information via Insecure Communication Channels Lack of Authentication and Authorization in MAVLink Protocol Version 1.0 CVE-2020-10282: Authentication Bypass Vulnerability in MAVLink Protocol Unauthenticated Control and Missing Password Option Vulnerability in xArm Studio 1.3.0 Low Entropy Authentication Implementation on xArm Controller: Vulnerable to Brute-Force Attacks Privilege Escalation Vulnerability: Unrestricted Access via Sudoers Group Default Credentials Expose IRC5 Family with UAS Service Enabled Insecure FTP Authentication in IRC5 Unsafe YAML Load Vulnerability in ROS Actionlib Library Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Unrestricted Execution of URCaps: Exploiting Universal Robots Controller Vulnerability Unauthenticated Information Disclosure in Visual Components Network License Server Unauthenticated DoS Vulnerability in Visual Components Network License Server Windows Print Spooler Service Elevation of Privilege Vulnerability Windows Server DHCP Service Information Disclosure Vulnerability Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Kernel Elevation of Privilege Vulnerability VBScript Remote Code Execution Vulnerability Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Uncontrolled Resource Management Vulnerability in MikroTik Routers SQL Injection in LogicalDoc before 8.3.3: Unsanitized Parameters Allow Arbitrary Database Queries LogicalDoc before 8.3.3 - /servlet.gupld Directory Traversal Vulnerability Chakra Scripting Engine Remote Code Execution Vulnerability Authenticated Stored XSS in Ramp AltitudeCDN Altimeter before 2.4.0 via vdms/ipmapping.jsp location field Unauthenticated Remote Command Execution in Paessler PRTG Network Monitor Insecure Password Storage in New Media Smarty Vulnerability: Password Discovery via Sniffing Authorization: Basic HTTP Header Mitel MiVoice Connect Client Weak Encryption Vulnerability Out-of-Bounds Read Vulnerability in libImaging/PcxDecode.c in Pillow Buffer Overflow Vulnerabilities in Pillow's libImaging/TiffDecode.c Windows Routing Utilities Denial of Service Vulnerability RMySQL 0.10.19 SQL Injection Vulnerability Unauthenticated SQL Injection Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Software Authenticated Remote Code Execution in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Software Unauthenticated Remote Code Execution in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Software Local Privilege Escalation Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Software Stored Cross-Site Scripting (XSS) Vulnerability in WPForms Contact Form Plugin Arbitrary Code Execution via File Upload in Chadha PHPKB Standard Multi-Language 9 Path Traversal Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized File Downloads Stored (Blind) XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Remote Code Execution in Chadha PHPKB Standard Multi-Language 9 via Injection in save-settings.php Windows Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution via OS Command Injection in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 SQL Server Reporting Services (SSRS) Attachment Upload Validation Bypass Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 ASP.NET Core Cookie Parser Encoded Name Bypass Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Path Traversal Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Arbitrary File Renaming Path Traversal Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Arbitrary Folder Deletion Path Traversal Vulnerability in Chadha PHPKB Standard Multi-Language 9 Remote Code Execution Vulnerability in Microsoft .NET Framework CSV Injection Vulnerability in Chadha PHPKB Standard Multi-Language 9 Stored (Blind) XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-field.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-template.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-article.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-category.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-glossary.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-comment.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/edit-news.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-departments.php Windows Hyper-V Elevation of Privilege Vulnerability Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9 via sort Parameter Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-articles.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-templates.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-categories.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-comments.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-tickets.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-glossary.php Reflected XSS Vulnerability in Chadha PHPKB Standard Multi-Language 9's admin/manage-news.php CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Global Settings Modification CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized News Article Addition Windows Print Spooler Arbitrary File Writing Vulnerability CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Category Addition CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Addition of Glossary Term CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Addition of Article Templates CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Posting CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Custom Field Creation CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Article Deletion CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Deletion CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Deletion of Glossary Term CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Deletion of News Articles CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Ticket Deletion Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Department Deletion CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Department Addition CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Deletion of Article Templates CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Glossary Term Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized News Article Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Article Template Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Article Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Category Deletion CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Category Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Ticket Closure Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Ticket Replies CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Department Editing CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Approval CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Disapproval CSRF Vulnerability in Chadha PHPKB Standard Multi-Language 9 Allows Unauthorized Comment Editing SQL Injection Vulnerability in School Management System Developed by ALLE INFORMATION CO., LTD. Path Traversal Vulnerability in ALLE INFORMATION CO., LTD.'s School Management System (pre-2020) Unrestricted File Upload Vulnerability in ALLE INFORMATION CO., LTD.'s School Management System (Pre-2020) Allows Remote Code Execution Improper Storage of System Files in Sunnet eHRD: Exploiting Confidential Information Leakage Cross-Site Scripting (XSS) Vulnerability in Sunnet eHRD Human Training and Development Management System Jet Database Engine Remote Code Execution Vulnerability Broken Access Control Vulnerability in Sunnet eHRD: Unauthorized Access to Functionality and Data Insecure Configurations in HGiga C&Cmail CCMAILQ and CCMAILN SQL Injection Vulnerability in HGiga C&Cmail CCMAILQ and CCMAILN Remote File Manipulation Vulnerability in iCatch DVR Firmware Arbitrary Command Execution Vulnerability in iCatch DVR Firmware (pre-20200103) Binary Planting Vulnerability in STARFACE UCC Client on Windows (usd-2020-0006) GitHub Enterprise Server API Access Control Vulnerability GitHub Enterprise Server Improper Access Control Vulnerability GitHub Enterprise Server Remote Code Execution Vulnerability in GitHub Pages Building GitHub Enterprise Server Remote Code Execution Vulnerability in GitHub Pages Building Elevation of Privilege Vulnerability in ssdpsrv.dll Elevation of Privilege Vulnerability in DirectX Integer Overflow Leading to Heap-Based Buffer Overflow in ICU's UnicodeString::doAppend() Function Cleartext Password Exposure in WatchGuard Fireware AD Helper Component Privilege Escalation Vulnerability in GlobalBlocking Extension for MediaWiki Bypassing Email Domain Restrictions in GitLab 12.8.x Unauthenticated Access to Glassfish 4.1 Server on Epikur Insecure Password Storage in Epikur: MD5 Hashes without Salting Backdoor Password Vulnerability in Epikur Server Windows Kernel-Mode Driver Object Handling Elevation of Privilege Vulnerability CSRF Vulnerability in Untis WebUntis before 2020.9.6 Remote Code Execution Vulnerability in Zoho ManageEngine OpManager Heap-based Buffer Overflow in Perl's Nested Regular Expression Quantifiers Cross-Site Scripting (XSS) Vulnerability in PrimeFaces Tooltip Component Unauthenticated SQL Injection in rConfig 3.9.4 and Earlier Versions Allows Lateral Movement and Access to Network Devices Unauthenticated SQL Injection in rConfig 3.9.4 and Earlier Versions Allows Lateral Movement and Access to Network Devices Unauthenticated SQL Injection in rConfig 3.9.4 and Earlier Versions Allows Lateral Movement and Access to Network Devices Unauthenticated SQL Injection in rConfig 3.9.4 and Earlier Versions Allows Lateral Movement and Access to Network Devices Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability Privilege Escalation Vulnerability in QQBrowser Default Access to Firebird Database in Psyprax Insecure Lockscreen Configuration in Psyprax Insecure Password Encryption in Psyprax Arbitrary File Upload Vulnerability in AContent 1.4 Denial of Service Vulnerability in Tesla Model 3 Driving Interface Cross-Domain Policy Enforcement Bypass in Microsoft Edge Arbitrary File Read Vulnerability in Open Source Social Network (OSSN) Command Execution Vulnerability in Xiaomi Mi Jia Ink-Jet Printer < 3.4.6_0138 File Upload Vulnerability in DEVOME GRR before 3.4.1c SQL Injection Vulnerability in frmcontactlist.php Remote Code Execution via Directory Traversal in File Upload Plugin for WordPress Arbitrary Code Execution as Root in FreeBSD bhyve through grub2-bhyve Buffer Overflow Vulnerability in grub2-bhyve Arbitrary PHP Code Execution in Responsive Filemanager CSRF Vulnerability in WPML Plugin Allows Remote Code Execution SysAid On-Premise 20.1.11 Vulnerability: GhostCat Attack with Unauthenticated File Upload ChakraCore Scripting Engine Remote Code Execution Vulnerability Bypass of Passcode Feature in Telegram Android App Unvalidated RLE Decoding in psd-tools Double Mutex Unlock Vulnerability in Janus AudioBridge Typo in JSON Validation Leads to Missing String in Janus query_logger Admin API Request Race Condition in Janus VideoCall Plugin Leads to Session Management Vulnerability Race Condition Vulnerability in Janus VoiceMail Plugin Race Condition Vulnerability in Janus Arbitrary File Read Vulnerability in QCMS v3.0.1 Directory Traversal Vulnerability in Invigo Automatic Device Management (ADM) 5.0 VBScript Object Memory Handling Remote Code Execution Vulnerability Remote Command Injection in Invigo ADM 5.0 Session Validity Check Issues in Invigo ADM 5.0 Allow Remote Data Access SQL Injection Vulnerability in Invigo ADM 5.0's /admin/display_errors.php Script Arbitrary OS Command Execution in Invigo Automatic Device Management (ADM) through 5.0 Directory Traversal Vulnerability in Invigo Automatic Device Management (ADM) 5.0 Local Privilege Escalation in antiX and MX Linux via persist-config --command /bin/sh Privilege Escalation in v2rayL 2.1.3 via Sudo Misconfiguration Privilege Escalation in v2rayL 2.1.3 via Misconfigured Configuration File HTTP Content Parsing Vulnerability in Microsoft Edge Improperly Secured API Exposes Sensitive Data in Replicated Classic 2.x Versions CORS Misconfiguration in Walmart Labs Concord Allows Information Disclosure Denial of Service Vulnerability in Tor (TROVE-2020-002) Double Negotiation of Circuit-Padding Machine Vulnerability Token Refresh Vulnerability in drf-jwt 1.15.x Buffer Overflow Vulnerability in pam-krb5 Library Cross-Site Scripting (XSS) Vulnerability in OpenCart 3.0.3.2 Image Upload Section Multiple Out-of-Bounds Read Vulnerabilities in Delta Industrial Automation DOPSoft Restricted Desktop Environment Escape Vulnerability in BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1 Buffer Overflow Vulnerability in VISAM VBASE Editor and VBASE Web-Remote Module VBScript Object Memory Handling Remote Code Execution Vulnerability Memory Pressure Vulnerability in PI Archive Subsystem Weak Hashing Algorithm and Insecure Permissions in VISAM VBASE Editor and VBASE Web-Remote Module: Password Bypass Vulnerability Race Condition Vulnerability in OSIsoft PI System: Crashing PI Network Manager and Blocking Connections Remote Command Injection Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Remote Denial of Service Vulnerability in OSIsoft PI System Unauthenticated Access to Password Storage Files in Grundfos CIM 500 (before v06.16.00) Local Privilege Escalation Vulnerability in OSIsoft PI System Software Stack-based Buffer Overflow Vulnerability in Advantech WebAccess Versions 8.4.2 and Prior Privilege Escalation and Information Disclosure Vulnerability in OSIsoft PI System Insecure Storage of Credentials in Grundfos CIM 500 v06.16.00 Memory Object Handling Vulnerability in Microsoft Script Runtime Local Privilege Escalation in OSIsoft PI System Arbitrary Code Execution Vulnerability in Triangle MicroWorks SCADA Data Gateway Unrestricted Network Port Access in Opto 22 SoftPAC Project Version 9.6 and Prior Unauthenticated Information Disclosure in Triangle MicroWorks SCADA Data Gateway Code Injection Vulnerability in OSIsoft PI System PI Vision Denial-of-Service Vulnerability in Triangle MicroWorks SCADA Data Gateway SoftPAC Project Version 9.6 and Prior: Unspecified DLL Path Vulnerability WebAccess/NMS SQL Injection Vulnerability Sensitive Information Exposure in LCDS LAquis SCADA Versions 4.3.1 and Prior Arbitrary File Deletion Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Internet Explorer Remote Code Execution Vulnerability Unauthenticated Remote Communication Vulnerability in Opto 22 SoftPAC File Upload and Execution Vulnerabilities in WebAccess/NMS (Versions Prior to 3.0.2) Arbitrary File Creation Vulnerability in LCDS LAquis SCADA Versions 4.3.1 and Prior SQL Injection Vulnerability in WebAccess/NMS (Versions Prior to 3.0.2) Session Token Exposure in ControlEdge PLC and RTU Devices Unauthenticated Remote User Account Creation Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Uncontrolled Search Path Element Vulnerability in Fazecast jSerialComm Authentication and Authorization Vulnerability in Insulet Omnipod Insulin Management System: Potential Data Modification and Insulin Control Unencrypted Password Exposure in ControlEdge PLC and RTU Devices XML Injection Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Remote Code Execution Vulnerability in SAE IT-systems FW-50 Remote Telemetry Unit (RTU) Arbitrary File Access Vulnerability in WebAccess/NMS (versions prior to 3.0.2) Folder Security Permissions Vulnerability in Emerson OpenEnterprise Versions through 3.3.4 Non-persistent XSS Vulnerability in eWON Flexy and Cosy Firmware File Structure Disclosure Vulnerability in SAE IT-systems FW-50 Remote Telemetry Unit (RTU) Plaintext Transmission of Simulation Models in KUKA.Sim Pro 3.1 Critical Vulnerability: Passwords at Risk in Emerson OpenEnterprise Versions through 3.3.4 Out-of-Bounds Read Vulnerability in Eaton HMiSoft VU3 Multiple Heap-Based Buffer Overflow Vulnerabilities in Advantech WebAccess Node Buffer Overflow Vulnerability in Eaton HMiSoft VU3 (Version 3.00.23 and prior) MSHTML Engine Remote Code Execution Vulnerability Arbitrary Command Execution and Remote Code Execution Vulnerability in Emerson OpenEnterprise Versions through 3.3.4 Unprotected Logging Route Vulnerability in Ignition 8 Gateway (versions prior to 8.0.10) Privilege Escalation via Registry Key Modification in Rockwell Automation RSLinx Classic Authenticated Remote URL Redirection Vulnerability in PI Vision 2019 Mobile Deserialization Vulnerability in Ignition Gateway Allows for Information Disclosure Heap Based Buffer Overflow in Fuji Electric V-Server Lite (Versions Prior to 4.0.9.0) Bypassing Verified Boot Restrictions in Das U-Boot through 2020.01 Unsigned Code Execution Vulnerability in ASUS Device Activation ChakraCore Scripting Engine Remote Code Execution Vulnerability Jackson-databind Deserialization Code Execution Vulnerability Heap Buffer Overflow in Ping Identity PingID SSH (CVE-2021-12345) Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Server Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Server Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Server Arbitrary Code Execution Vulnerability in Proofpoint Insider Threat Management Server SSL Certificate Validation Error in Entrust Entelligence Security Provider (ESP) on Windows .NET Framework Elevation of Privilege Vulnerability Inadvertent Group Membership Inclusion Vulnerability in HashiCorp Vault Vulnerability: Access Granting Issue in HashiCorp Vault and Vault Enterprise Unsafe Object Creation Vulnerability in JSON Gem for Ruby Vulnerability: NULL Pointer Dereference in VxWorks 6.8.3 IPNET CVE Patches (2019) Docker Desktop Local Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Restapps Module for Sangoma FreePBX and PBXact Stored XSS Vulnerability in Canon Oce Colorwave 500 Printer's TemplateManager Reflected XSS Vulnerability in Canon Oce Colorwave 500 Printer (Version 4.0.0.0) Authentication Bypass Vulnerability in Canon Oce Colorwave 500 Printer Memory Object Handling Vulnerability in Windows: Remote Code Execution Reflected XSS Vulnerability in Canon Oce Colorwave 500 Printer (Version 4.0.0.0) CSRF Vulnerability in Canon Oce Colorwave 500 4.0.0.0 Printer's Web Application Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Arbitrary OS Command Execution Vulnerability in PerlSpeak 2.01 Denial of Service Vulnerability in buger jsonparser Library API Improper Authorization Check Allows Unauthorized Namespace Movement in Rancher 2.x Privilege Escalation Vulnerability in Octopus Deploy (CVE-2020-XXXX) Windows Media Service File Creation Elevation of Privilege Vulnerability Stored XSS Vulnerability in CMS Made Simple 2.2.13 Filemanager via .pxd File Remote Code Execution via Malicious .php.jpegd File in CMS Made Simple 2.2.13 XXE Vulnerability in dom4j Library Privilege Escalation and Code Injection Vulnerability in Ansible Engine Vulnerability: Unencrypted Decryption Temporary Directory in Ansible Engine and Ansible Tower User Registration Vulnerability in Keycloak 8.0.2 and 9.0.0 Allows Malicious Users to Remove MFA Devices Undertow HTTP Request Smuggling Vulnerability Cross-Site Scripting (XSS) Vulnerability in RESTEasy Insecure Access Control in Eclipse Che Allows Unauthorized Workspace Pod Access Unsafe ASP.Net web controls in Microsoft SharePoint Server can lead to remote code execution Race Condition Vulnerability in Kernel Versions Before 5.5: Use-After-Free in ptp_clock and cdev Resource Deallocation Archive Traversal Vulnerability in Ansible-Engine Collection Installation Vulnerability: Expression Language Injection in Hibernate Validator Privilege Escalation Vulnerability in redhat-sso-7 Container Path Traversal Vulnerability in Buildah Allows Arbitrary File Write Denial of Service Vulnerability in Ansible Tower's Memcached Integration Vulnerability: Information Disclosure in Ansible Tower Job Execution World-writable Socket Vulnerability in targetcli-fb Windows Print Spooler Arbitrary File Writing Vulnerability Use-after-free vulnerability in Samba AD DC LDAP servers allows for denial of service Missing Authorization Flaw in libvirt API Allows Denial of Service PAuth Signature Generation Flaw in QEMU NULL Pointer Dereference Vulnerability in libvirt API Stack Overflow Vulnerability in Samba Active Directory Domain Controller Undertow Expect: 100-continue Header Out of Memory Denial of Service Vulnerability Unencrypted OAuth Tokens in OpenShift Container Platform Unrestricted Access Vulnerability in Ansible Tower OAuth2 Token Authentication Windows Remote Access Common Dialog Elevation of Privilege Vulnerability Vulnerability: Disclosure of Plaintext Candlepin Password during Red Hat Satellite Update NULL Pointer Dereference Vulnerability in Linux Kernel's SELinux Subsystem Sensitive Information Exposure in OpenShift Container Platform Image Registry GRUB2 Secure Boot Bypass and Code Execution Vulnerability Session Fixation Vulnerability in WildFly Elytron OpenShift Console Content Spoofing Vulnerability Unrestricted User Input Access in Red Hat Satellite's Job Invocation Denial of Service Vulnerability in virtio-fs Shared File System Daemon Exposed Thread Context Classloader (TCCL) Setting in Wildfly Undertow HTTP Request Smuggling Vulnerability Windows Kernel Memory Object Handling Vulnerability Local Privilege Escalation Vulnerability in Linux Kernel's GRO Implementation Arbitrary Code Execution via Malicious YAML Configuration in fabric8-maven-plugin Integer Overflow Vulnerability in DPDK's vhost_user_set_log_base() Function Integer Truncation Vulnerability in DPDK Versions 17.05 and Above Information Leak Vulnerability in DPDK vhost-crypto Library Vulnerability: Segmentation Fault in DPDK vhost-user Backend Application Vulnerability: Denial of Service via Resource Leak in DPDK Plaintext Password Storage Vulnerability in ActiveMQ Artemis Management API Privilege Escalation Vulnerability in automationbroker/apb Container Insufficiently Random Password Generation in Ansible Engine ChakraCore Scripting Engine Remote Code Execution Vulnerability Samba AD LDAP Server Use-After-Free and NULL Pointer Dereference Vulnerability Vulnerability: Disabling of sVirt Isolation Mechanism in Red Hat OpenStack Platform 16 Linux Kernel Userspace Core Dump Vulnerability: Local Account Crash and Kernel Data Exfiltration Arbitrary Code Execution Vulnerability in PostgreSQL Windows Installer Vulnerability in Keycloak OIDC Logout Endpoint CSRF Protection Quadratic Time Complexity Vulnerability in Python's int() Function Authorization Bypass Vulnerability in Ceph Versions 15.2.0 - 15.2.2: Unauthorized Access to Resources Race Condition Vulnerability in mkhomedir Tool Remote Code Execution Vulnerability in Moodle Null Pointer Exception Denial of Service Vulnerability in Istio Telemetry v2 Windows Jet Database Engine Remote Code Execution Vulnerability Remote Deserialization Attack Vulnerability in Wildfly EJBs Linux Kernel Vulnerability: Index Buffer Overflow in Direct IO Write Leading to NFS Client Crash OpenShift Container Platform's Kibana Clickjacking Vulnerability Incomplete Fix for Insecure Temporary Directory Vulnerability in Ansible Engine and Ansible Tower Samba Vulnerability: Denial of Service via NetBios over TCP/IP Processing Local Access Control Vulnerability in Infinispan Server Runtime 10 Keycloak Data Filter Vulnerability: Cross-Site Scripting and URL Processing Container Networking Plugins Vulnerability: Man-in-the-Middle Attacks via Rogue IPv6 Router Advertisements Windows Subsystem for Linux Memory Object Handling Vulnerability Log File Exposure: Unauthorized Access to Kafka Credentials in Jaeger Tracing Vulnerability in Linux Kernel's SELinux LSM Hook Implementation OAuthToken Leakage in OpenShift API Server Logs CORS ExposeHeader Tag Injection Vulnerability in Red Hat Ceph Storage RadosGW Insecure Authentication in nmcli: Ignoring 802-1x.ca-path and 802-1x.phase2-ca-path Settings Insecure Credentials Exposure in OpenStack Cinder with Dell EMC ScaleIO/VxFlex OS Backend Storage Driver Out-of-Bounds Read Vulnerability in QEMU's SLiRP Networking Implementation Privilege Escalation Vulnerability in Linux Kernel's DAX Huge Pages Handling Keycloak DoS Vulnerability: Content-Length Header Exceeds Request Body PGP Signature Bypass Vulnerability in fwupd Allows Installation of Unsigned Firmware Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Use-After-Free Vulnerability in Samba LDAP Server Assertion Failure Vulnerability in QEMU Network Block Device (NBD) Server Sensitive Information Disclosure in gluster-block CLI Operations Logging Local Access Information Disclosure Vulnerability in Heketi Server Vulnerability: Logic Bug in Linux Kernel SSBD Protection Vulnerability in Linux Kernel's Enhanced IBPB Implementation Allows Spectre V2 Style Attack Linux Kernel Vulnerability: Prctl() Function Allows Indirect Branch Speculation and Spectre v2 Attacks Buffer Over-read Vulnerability in RH Kernel Versions before 5.0 in crypto_authenc_extractkeys Windows Runtime Object Handling Elevation of Privilege Vulnerability Server-side Request Forgery (SSRF) Vulnerability in Keycloak CSRF Vulnerability in Infinispan Version 10 Allows Unauthorized Actions via GET Requests Incomplete Fix for CVE-2020-12662 in Unbound Shipped in Red Hat Enterprise Linux 7 Stack Information Leak Vulnerability in Linux Kernel's Memory Manager Memory Disclosure Vulnerability in Linux Kernel's sysctl Subsystem Open Redirect Vulnerability in oVirt-Engine: Phishing Attack Vector Unsafe Redirect URI Parameter Allows Cross-site Scripting Attack in Keycloak Stored XSS Vulnerability in Red Hat CloudForms Report Menu Feature Business Logic Flaw: Unauthorized Editing of Read-Only Widgets in Red Hat CloudForms 4.7 and 5 Insecure Direct Object References (IDOR) and Access Control Bypass in Red Hat CloudForms 4.7 and 5 Windows Installer Elevation of Privilege Vulnerability CSV Injection Vulnerability in Red Hat CloudForms 4.7 and 5 ZRAM Device Node Creation Vulnerability Vulnerability: Sensitive Information Exposure in Ansible 3.7.0 Role-based Privilege Escalation Vulnerability in Red Hat CloudForms 4.7 and 5 Vulnerability: Remote Command Execution in Vesta Control Panel (0.9.8-26) via Cron Jobs Vulnerability: Elevation of Privilege in Vesta Control Panel via v-change-user-password Insecure API Key Generation in openITCOCKPIT before 3.7.3 Arbitrary OS Command Execution in openITCOCKPIT before 3.7.3 Windows Object Memory Handling Elevation of Privilege Vulnerability Unnecessary Files in openITCOCKPIT before 3.7.3 Web Root XSS Vulnerability SSRF Vulnerability in GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 Remote Configuration of self::DEVELOPMENT or self::STAGING Option in openITCOCKPIT Privilege Escalation via Modified Email ID in CodeIgniter Unauthenticated Path Traversal Vulnerability in Gira TKS-IP-Gateway 4.0.7.7 Authenticated Remote Code Execution in Gira TKS-IP-Gateway 4.0.7.7 via Web Frontend Backup Functionality XSS Vulnerability in pfsense diag_ping.php Page (Before 2.4.5) XXE Vulnerability in svglib Package for Python via svg2rlg Call Windows Hyper-V Elevation of Privilege Vulnerability Arbitrary Code Execution via Manipulated Location Header in Lix 15.8.7 SQL Injection Vulnerability in phpMyAdmin TableSearchController.php SQL Injection and Cross-Site Scripting (XSS) Vulnerability in phpMyAdmin SQL Injection Vulnerability in phpMyAdmin Arbitrary Code Execution via PHP Code Upload in eZ Publish and eZ Publish Legacy Authentication Bypass Vulnerability in Caldera (before 2.6.5) via Forged localhost HTTP Host Header Command Injection Vulnerability in Vesta Control Panel (VestaCP) Backup Listing Endpoint Heap-based Buffer Overflow in HDF5's Decompress() Function Windows Printer Service File Path Validation Vulnerability NULL Pointer Dereference in H5AC_unpin_entry() Function Leads to Denial of Service in HDF5 Heap-based Buffer Over-read in H5O__layout_decode() Function in HDF5 NULL Pointer Dereference in H5F_get_nrefs() Function Leads to Denial of Service in HDF5 Buffer Overflow Vulnerability in FTPDMIN 0.96 Allows Server Crash via Crafted Packet Buffer Overflow Vulnerability in Code::Blocks 17.12 Allows Arbitrary Code Execution via Crafted Project File Remote Unauthenticated Server Registration Vulnerability in Zoho ManageEngine Applications Manager SQL Injection Vulnerability in Custom Searchable Data Entry System Plugin for WordPress Remote Command Execution in Artica Proxy 4.26 via Shell Metacharacters in Modify the Hostname Field Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.11 via ldap_ad_integration username parameter Windows Error Reporting (WER) File Execution Elevation of Privilege Vulnerability Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.11 via ldap_ad_integration Password Parameter Cross-Site Scripting (XSS) Vulnerability in Nagios XI 5.6.11 via account/main.php theme parameter Stack-based Buffer Overflow in Draytek Vigor Devices (Issue 1 of 3) Stack-based Buffer Overflow in Draytek Vigor Devices (Issue 2 of 3) Stack-based Buffer Overflow in Draytek Vigor Devices: Remote Code Execution (Issue 3/3) Command Injection Vulnerability in Draytek Vigor3900, Vigor2960, and Vigor300B Devices Stack-based Buffer Overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B Devices before 1.5.1: Remote Code Execution Vulnerability Stack-Based Buffer Overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B Devices before 1.5.1 Allows Remote Code Execution Samsung Mobile Devices Broadcom Chipsets Kernel Driver Heap Overflow Vulnerability Information Disclosure Vulnerability in Microsoft Windows Graphics Component Lockdown Mode PIN Bypass Vulnerability on Samsung Mobile Devices Arbitrary Touch-Screen Firmware Update Vulnerability on Samsung Mobile Devices (SVE-2019-16013) Exynos Kernel Wi-Fi Driver Buffer Overflow Vulnerability DeX Lockscreen Vulnerability Allows Unauthorized Access to Quick Panel and Notifications on Samsung Mobile Devices Lock Screen Notification Disclosure Vulnerability on Samsung Mobile Devices with P(9.0) Software Buffer Overflow Vulnerability in Samsung Mobile Devices Widevine Trustlet Vulnerability on Samsung Mobile Devices with Exynos Chipsets Stack Overflow and Arbitrary Code Execution Vulnerability in Samsung Mobile Devices Use-after-free Vulnerability in Samsung Mobile Devices (SVE-2019-16132) Samsung Mobile Devices Vulnerability: SIM Card Bypass of Factory Reset Protection (SVE-2019-16193) Connected User Experiences and Telemetry Service Denial of Service Vulnerability Kernel Pointer Leak in Samsung Exynos 9610 Chipsets (SVE-2019-16293) Arbitrary kfree Vulnerability in Samsung Exynos 9610 Chipsets (SVE-2019-16294) Heap Out-of-Bounds Write Vulnerability in Samsung Mobile Devices (SVE-2019-16295) Race Conditions in Samsung Mobile Devices' HDCP2 Driver (SVE-2019-16296) Out-of-Bounds Read Vulnerability in Samsung Mobile Devices (SVE-2019-16333) Race Condition Leading to Use-After-Free Vulnerability in Samsung Mobile Devices (SVE-2019-16520) Samsung Mobile Devices OEM Unlock Feature Vulnerability Facial Recognition Spoofing Vulnerability on Samsung Galaxy S8 and Note8 (SVE-2019-16614) Arbitrary Memory Mapping Vulnerability in Samsung Exynos 9810 Chipsets (SVE-2019-16665) Brute-Force Attack Vulnerability on Samsung Mobile Devices (SVE-2019-14575) Windows Function Discovery Service Elevation of Privilege Vulnerability Buffer Overflow Vulnerability in Samsung Exynos Chipsets' Secure Bootloader Stack Overflow Vulnerability in Samsung Mobile Devices (SVE-2019-15876) Stack Overflow Vulnerability in Samsung Display Driver (SVE-2019-15877) Gallery Data Leakage Vulnerability on Samsung Mobile Devices with P(9.0) Software Kernel Stack Address Leakage Vulnerability on Samsung Mobile Devices (SVE-2019-16161) Bypassing Factory Reset Protection (FRP) via AppTray on Samsung Mobile Devices (SVE-2019-16192) Remote Code Execution in Zulip Desktop before 5.0.0 via Improper Use of shell.openExternal and shell.openItem Unauthenticated Webcam and Microphone Recording Vulnerability in Zulip Desktop Arbitrary File Writes Vulnerability in Zoho ManageEngine Desktop Central before 10.0.484 Windows Runtime Object Handling Elevation of Privilege Vulnerability Arbitrary Memory Address Overwrite Vulnerability in Avast Antivirus Leads to Denial of Service Arbitrary File Deletion Vulnerability in Avast Antivirus Local Privilege Escalation (LPE) Vulnerability in Avast Antivirus Avast Antivirus RPC Shutdown Vulnerability Remote Reboot Vulnerability in Avast Antivirus Arbitrary Changes to Components Section of Stats.ini File via Avast Antivirus RPC Endpoint Avast Antivirus Network Interface Enumeration Vulnerability Bypassing Access Restrictions in Avast Antivirus TaskEx Library Vulnerability: Privilege Escalation via Avast Antivirus Repair App RPC Call Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Predictable Temporary Directory Names in Zim: Denial of Service Vulnerability OpenWrt LuCI git-20.x Vulnerability: Unauthenticated Retrieval of Installed Packages and Services Remote Code Execution Vulnerability in Motorola FX9500 Devices Motorola FX9500 Devices: Absolute Path Traversal Vulnerability Vulnerability: Brute Force Attack on OKLOK (3.1.1) Mobile Companion App for Fingerprint Bluetooth Padlock FB50 (2.3) Integer Overflow and Instruction Injection Vulnerability in Perl Command Injection Vulnerability in rConfig before 3.9.5 Windows Error Reporting Elevation of Privilege Vulnerability Archer A7 Firmware Ver: 190726 AC1750 Router Remote Code Execution Vulnerability Archer A7 Firmware Ver: 190726 AC1750 Routers Remote Code Execution Vulnerability Privilege Escalation Vulnerability in TP-Link Archer A7 Firmware Ver: 190726 AC1750 Routers Archer A7 Firmware Ver: 190726 AC1750 Router Arbitrary Code Execution Vulnerability Archer A7 Firmware Ver: 190726 AC1750 Router Remote Code Execution Vulnerability Archer A7 Firmware Ver: 190726 AC1750 Routers Remote Code Execution Vulnerability Firewall Bypass Vulnerability in TP-Link Archer A7 Firmware Ver: 190726 AC1750 Routers Unauthenticated Remote Privilege Escalation in TP-Link Archer A7 Firmware Ver: 190726 AC1750 Routers Arbitrary Code Execution via Type Confusion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via ConvertToPDF Command in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via Type Confusion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via CombineFiles Command in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 via U3D Objects in PDF Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution via U3D Handling in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution via XFA Template Processing in Foxit Reader 9.7.1.29511 Windows Runtime Elevation of Privilege Vulnerability Arbitrary Code Execution Vulnerability in Foxit Reader 9.7.1.29511 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 via U3D Objects in PDF Files (ZDI-CAN-10461) Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 9.7.1.29511 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 via U3D Object Handling Arbitrary Code Execution via U3D Handling in Foxit PhantomPDF 9.7.1.29511 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 via U3D Object Handling Arbitrary Code Execution Vulnerability in Foxit Reader 9.7.1.29511 Arbitrary Code Execution via XFA Forms Widget Handling in Foxit Reader 9.7.1.29511 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via AddWatermark Command in Foxit PhantomPDF 9.7.0.29478 Windows GDI Information Disclosure Vulnerability Arbitrary Code Execution via RotatePage Command in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via Type Confusion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via Type Confusion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via OCRAndExportToExcel Command in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution Vulnerability in VEEAM One Agent 9.5.4.4587 Remote Code Execution Vulnerability in VEEAM One Agent 9.5.4.4587 Authentication Bypass and Privilege Escalation Vulnerability in TP-Link TL-WA855RE Wi-Fi Extenders Remote Code Execution in NEC ESMPRO Manager 6.42 via RMI Service Deserialization Authentication Bypass Vulnerability in C-MORE HMI EA9 Firmware version 6.52 Unauthenticated Remote Disclosure of Sensitive Information in C-MORE HMI EA9 Firmware 6.52 Internet Explorer Remote Code Execution Vulnerability Unauthenticated Remote Code Execution in C-MORE HMI EA9 Firmware version 6.52 Unauthenticated Remote Command Execution in C-MORE HMI EA9 Firmware version 6.52 Denial-of-Service Vulnerability in C-MORE HMI EA9 Firmware version 6.52 Authentication Bypass Vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58 Routers NETGEAR R6700 V1.0.4.84_10.0.58 Router Authentication Bypass via UPnP Service Vulnerability Unauthenticated Remote Code Execution via HTTPS Certificate Validation in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Unauthenticated Remote Code Execution in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Unauthenticated Remote Code Execution in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Arbitrary Code Execution Vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Arbitrary Code Execution Vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58 Routers VBScript Object Memory Handling Remote Code Execution Vulnerability Unauthenticated Information Disclosure Vulnerability in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Denial of Service Vulnerability in Memcached 1.6.x Vulnerability: Side-Channel Attack on ECDSA Private Key Recovery Heap Data Exposure in BasicSocket#read_nonblock Method File Upload Vulnerability in Acyba AcyMailing before 6.9.2 XSS Vulnerability in Zulip Server Allows Account Takeover via Markdown Link Privilege Escalation Vulnerability in Sympa before 6.2.56 Ephemeral Identity Poisoning: Exploiting IPFS Connection Management Reputation System Integer Overflow and Heap-Based Buffer Overflow in GraphicsMagick's HuffmanDecodeImage Local Privilege Escalation Vulnerability in PHOENIX CONTACT PC WORX SRT through 1.14 Windows Work Folder Service Elevation of Privilege Vulnerability Local Privilege Escalation Vulnerability in PHOENIX CONTACT PORTICO SERVER 3.0.7 Cache Side-Channel Attack in Arm Mbed TLS: Exposing RSA Private Key Kernel Stack Corruption Vulnerability in Linux Kernel's get_raw_socket Function Cross-Site Scripting Vulnerability in HashiCorp Nomad and Nomad Enterprise (CVE-2021-12345) Session ID Exposure in Centreon Server Responses Cross-site scripting (XSS) vulnerability in Centreon host-monitoring, service-monitoring, and tactical-overview widgets Privilege Escalation Vulnerability in Mac Endpoint for Sophos Central and Sophos Home Remote Command Execution Vulnerability in Jon Hedley AlienForm2 2.0.2 Clickjacking Vulnerability in Western Digital My Cloud Home and ibi Devices Unauthorized Docker Image Pull/Push by Blocked Users in GitLab EE/CE 8.11 through 12.9.1 Path Traversal Vulnerability in GitLab EE NPM Feature GitLab 12.9 and below: Repository Archive Download Denial of Service Vulnerability Unauthorized Access to Content via Parameter Tampering in GitLab Upload Feature SSRF Vulnerability in GitLab Project Import Note Feature NULL Pointer Dereference Vulnerability in Dovecot Submission Use-After-Free Vulnerability in Dovecot SMTP/LMTP Handling Remote Logout and External Redirection Vulnerability in MediaWiki Edge PDF Reader Remote Code Execution Vulnerability Arbitrary CSS Class Injection in MediaWiki Incorrect Access Control Vulnerability in PowerShell App Deployment Toolkit Unrestricted File Upload and Remote Code Execution in FrozenNode Laravel-Administrator (<=5.0.12) Arbitrary Code Execution Vulnerability in Serendipity before 2.3.4 on Windows Unauthenticated Password Reset Vulnerability in Teradici PCoIP Management Console Host Header Manipulation Vulnerability in VESTA and Hestia Control Panels Allows Account Takeover Dovecot 2.3.10.1 Vulnerability: Remote Crash via Empty Localpart in Mail FasterXML jackson-databind 2.x before 2.9.10.4 RCE Vulnerability FasterXML jackson-databind 2.x Vulnerability: Serialization Gadget Mishandling with javax.swing.JEditorPane Windows GDI Information Disclosure Vulnerability Command Execution Vulnerability on Wavlink Jetstream Devices Clear-text Administrator Password Exposure Vulnerability Unauthenticated Remote Configuration Disclosure in Wavlink Routers Unauthenticated Cleartext Password Disclosure in Wavlink and Jetstream Devices Unauthorized Access to Vulnerability Metadata and Comments in GitLab EE/CE 10.8 to 12.9 Information Leakage in GitLab EE/CE 8.17 to 12.9 Merge Request Widget Path Traversal Vulnerability in GitLab EE/CE 8.5 to 12.9: Issue Movement Allows Unauthorized File Access Information Leakage in GitLab: Public-to-Private Project Issue Transfer Vulnerability Unauthorized Access to Restricted CI Pipeline Metrics in GitLab EE/CE 11.10 to 12.9 Elevation of Privilege Vulnerability in Shell Infrastructure Component Blind SSRF Vulnerability in GitLab EE/CE FogBugz Integration Pipeline Trigger Description Modification Vulnerability SQL Injection Vulnerability in Gambio GX admin/gv_mail.php SQL Injection Vulnerability in Gambio GX admin/mobile.php CSRF Vulnerability in Gambio GX before 4.0.1.0 Cross-Site Scripting (XSS) Vulnerability in Gambio GX before 4.0.1.0 in admin/coupon_admin.php CSRF Vulnerability in Tenda AC15 AC1900 Version 15.03.05.19 Arbitrary Command Execution in Tenda AC15 AC1900 Version 15.03.05.19 Hard-coded Telnet Credential Vulnerability in Tenda AC15 AC1900 Version 15.03.05.19 Remote Code Execution via XSS in Tenda AC15 AC1900 Version 15.03.05.19 Microsoft Office SharePoint XSS Vulnerability XXE Vulnerability in Accenture Mercury Platform XXE (XML External Entity) Vulnerability in Mulesoft APIkit through 1.3.0 XML External Entity (XXE) Vulnerability in Azkaban 3.84.0 XXE Vulnerability in Osmand 2.0.0 through binary/BinaryMapIndexReader.java Out-of-Bounds Read Vulnerability in libImaging/Jpeg2KDecode.c in Pillow Amplification Attack Vulnerability in PowerDNS Recursor 4.1.0 - 4.3.0 Static Transition Key Vulnerability in Percona XtraDB Cluster Command Line Information Leakage in Percona XtraBackup Microsoft Office SharePoint XSS Vulnerability URL Parsing Vulnerability in GreenBrowser (pre-1.2) Allows Access Control Bypass Cross-Site Scripting (XSS) Vulnerability in Wagtail Admin Interface Remote Code Execution Vulnerability in dropwizard-validation Potential DNS Rebinding and CSRF Vulnerability in Oasis (Versions < 2.15.0) SQL Injection Vulnerability in Admidio before version 3.3.13 Unauthenticated Decryption Vulnerability in WindowsHello Open Source Library Script Injection Vulnerability in Shopizer (CVE-XXXX-XXXX) Unvalidated Negative Quantity Vulnerability in Shopizer Vulnerability: Git Credential Leakage via Blank Pattern Unauthorized Access to Execution Data and Job Details in Rundeck (CVE-2021-21290) Microsoft Office SharePoint XSS Vulnerability SQL Injection Vulnerability in Tortoise ORM Arbitrary Code Execution Vulnerability in Phproject (<=1.7.8) Authentication Bypass Vulnerability in MinIO Admin API Information Disclosure Vulnerability in Helm 3.1.0 and Earlier Versions Vulnerability in Electron-Cash-SLP Allows Unauthorized Token Minting and Destruction Vulnerability: MAC Address Spoofing in thinx-device-api IoT Device Management Server Arbitrary Code Execution Vulnerability in IntelMQ Manager Double Free Vulnerability in FreeRDP 2.0.0 and Below Resource Exhaustion Vulnerability in FreeRDP <= 2.0.0 Invalid Array Index Read Vulnerability in FreeRDP 2.0.0 Microsoft SharePoint Remote Code Execution Vulnerability Authentication Bypass Vulnerability in Faye (NPM, RubyGem) Authorization Header Disclosure in Actions Http-Client (NPM @actions/http-client) jQuery Untrusted HTML Code Execution Vulnerability jQuery DOM Manipulation Vulnerability: Untrusted Code Execution via <option> Elements Man-in-the-Middle Vulnerability in Moonlight iOS/tvOS Prior to v4.0.1 Cross-Site Scripting (XSS) Vulnerability in WordPress Customizer Navigation Section File Upload Script Execution Vulnerability in WordPress WordPress Password Reset Link Expiration Vulnerability Unauthenticated Disclosure of Private Posts in WordPress Cross-Site Scripting (XSS) Vulnerability in WordPress Object Cache Microsoft SharePoint Server Cross-Site Search Attack Vulnerability WordPress Block Editor Search Block Script Execution Vulnerability Insecure Encryption Algorithm in GLPI Prior to Version 9.5.0 SQL Injection Vulnerability in GLPI Helpdesk Instances (Versions Prior to 9.4.6) User Enumeration and Privilege Escalation in GLPI API Open Redirect Bypass Vulnerability in GLPI (Versions Prior to 9.4.6) Insecure CSRF Token Generation in GLPI Versions 0.83.3 to 9.4.5 GLPI before version 9.4.6 - Multiple Stored XSS Vulnerabilities in Knowledge Base Comments Timing Attack Vulnerability in Wagtail's Privacy Controls Integer Overflow to Buffer Overflow in FreeRDP 2.0.0 and below Arbitrary Memory Access Vulnerability in FreeRDP 2.0.0 Microsoft SharePoint Server Spoofing Vulnerability Out-of-Bound Data Read Vulnerability in FreeRDP 2.0.0 Unchecked Array Index Vulnerability in FreeRDP 2.0.0 and Below Out-of-Bounds Read Vulnerability in FreeRDP 1.1 to 2.0.0 Out-of-Bounds Read Vulnerability in FreeRDP 2.0.0 Double Free Vulnerability in FreeRDP 1.2 - 2.0.0 Out-of-Bound Read Vulnerability in FreeRDP Stream Out-of-Bounds Seek Vulnerability in FreeRDP (1.0 - 2.0.0) Out-of-Bounds Read Vulnerability in FreeRDP Out-of-Bounds Read Vulnerability in FreeRDP (1.0 - 2.0.0) Out-of-Bound Read Vulnerability in FreeRDP (Versions 1.1 - 2.0.0) Microsoft SharePoint Server Spoofing Vulnerability Improper Validation of Certificate with Host Mismatch in Java-WebSocket 1.4.1 and below Stored XSS vulnerability in Wiki.js Markdown Editor Brute Force Vulnerability in Sorcery Password Authentication Open Redirect Vulnerability in OAuth2 Proxy before 5.1.1 Misleading URL Color Display Vulnerability in qutebrowser XSS Vulnerability in Comment Creation in BookStack (0.18.0 - 0.29.1) Server-Side Template Injection in Sprout Forms Notification Emails Unrestricted Script Execution in XWiki Personal Dashboards Out-of-Bounds Seek Vulnerability in FreeRDP Environment Variable Leakage in AEgir 21.7.0 - 21.10.1 Microsoft Office SharePoint XSS Vulnerability Command Execution via Backup Functionality in GLPI Heap Overflow Vulnerability in Bareos Director Reflexive XSS Vulnerability in GLPI Dropdown Endpoints Time-Based User Enumeration Vulnerability in TYPO3 CMS 10.4.0 and 10.4.1 Cross-Site Scripting (XSS) Vulnerability in TYPO3 CMS 9.0.0 - 9.5.17 and 10.0.0 - 10.4.2 Cross-Site Scripting (XSS) Vulnerability in TYPO3 CMS 9.5.12 - 9.5.17 and 10.2.0 - 10.4.2 Arbitrary Directory Deletion and Email Message Submission Vulnerability in TYPO3 CMS Insecure Deserialization Vulnerability in TYPO3 CMS Backend User Settings Reception Buffer Overflow Vulnerability in LoRaMac-node Same-Site Request Forgery (SSRF) Vulnerability in TYPO3 CMS Microsoft SharePoint Server Spoofing Vulnerability Cross-Site Scripting Vulnerability in SVG Sanitizer Extension for TYPO3 False-Negative Validation Vulnerability in SLPJS npm Package (slpjs) Prior to 0.27.2 False-Negative Validation Vulnerability in SLP Validate (CVE-2020-11071) Arbitrary Code Execution via Malicious .venv File in Autoswitch Python Virtualenv Stored XSS Vulnerability in PrestaShop Versions 1.5.3.0 to 1.7.6.6 Shell Escape Vulnerability in Anchore Engine 0.7.0 HTTP Response Smuggling Vulnerability in Puma RubyGem Proxy Response Smuggling Vulnerability in Puma RubyGem Unescaped URI Manipulation Vulnerability in httplib2 Arbitrary Command Execution Vulnerability in node-dns-sync (npm module dns-sync) through 0.2.0 .NET Web Request Denial of Service Vulnerability Denial of Service Vulnerability in nghttp2 before version 1.41.0 Privilege Escalation via DLL Hijacking in osquery Arbitrary Code Injection Vulnerability in Kaminari Pagination Links Stored XSS vulnerability in Markdown FormWidget in versions 1.0.319 to 1.0.466 Command Injection Vulnerability in iPear's eval() Function Out-of-Bounds Read Vulnerability in FreeRDP before 2.1.0 Out-of-Bound Read Vulnerability in FreeRDP 2.0.0 and Below Out-of-Bound Read Vulnerability in FreeRDP 2.0.0 and Below Out-of-Bound Read Vulnerability in FreeRDP 2.0.0 and Below Out-of-Bound Read Vulnerability in FreeRDP Windows Update Stack Elevation of Privilege Vulnerability Uncontrolled Resource Consumption Vulnerability in Indy Node 1.12.2 Weave Net DNS Hijacking Vulnerability Unauthenticated Ledger Modification in Hyperledger Indy Node Vulnerability: Unauthenticated Access to Request Information in October CMS Debugbar Plugin Out-of-Bounds Read Vulnerability in FreeRDP Global OOB Read Vulnerability in FreeRDP before Version 2.1.2 Out of Bounds Read Vulnerability in FreeRDP Out-of-Bound Read Vulnerability in FreeRDP Glyph Cache Out of Bounds Read Vulnerability in FreeRDP Windows Update Stack Elevation of Privilege Vulnerability Arbitrary Heap Write Vulnerability in HAProxy HPACK Decoder Unauthenticated Session Hijacking in Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 Buffer Overflow in QEMU 4.2.0: Unvalidated Frame Size in hw/net/tulip.c Remote Code Execution Vulnerability in JsLink in Webswing Memory Leakage in USC iLab Cereal Serialization Memory Layout Dependency in USC iLab Cereal Caching Vulnerability Stored XSS vulnerability in Responsive Filemanager through 9.14.0 Arbitrary Command Execution Vulnerability in XAMPP on Windows Arbitrary File Upload and Remote Code Execution in Pi-hole Gravity Updater Windows Clipboard Service Elevation of Privilege Vulnerability Stored XSS Vulnerability in Grafana OriginalUrl Field Deserialization Vulnerability in FasterXML Jackson-databind 2.x Remote Code Execution Vulnerability in FasterXML Jackson-Databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Buffer overflow vulnerability in Bluetooth devices in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344 Buffer Over Read Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables Out of Bound Write Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables Arbitrary File Overwrite and Remote Code Execution Vulnerability in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980 Improper Check of Beacon IE Frame in Snapdragon Processors Buffer Over-read Vulnerability in Multiple Snapdragon Platforms Windows Background Intelligent Transfer Service (BITS) IIS Module Content Handling Elevation of Privilege Vulnerability Use After Free Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in WIFI Hal Process in Snapdragon Chips Critical Null Pointer Exception Vulnerability in Snapdragon Auto, Consumer IOT, and Mobile Devices Gatekeeper TrustZone Implementation Vulnerability in Snapdragon Processors Use-after-free vulnerability in diag client map table in multiple Snapdragon platforms Out of Bound Access Vulnerability in MHI Command Process in Multiple Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms Vulnerability in Snapdragon Processors: Integer Overflow Leading to Buffer Overflow in Extensible Boot Loader Out of Bound Access Vulnerability in Multiple Snapdragon Platforms Memory Use-After-Free Vulnerability in Snapdragon Consumer IOT, Snapdragon Mobile Windows Task Scheduler RPC Verification Bypass Vulnerability Possible Buffer Overflow Vulnerability in WIFI HAL Process in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile Integer Overflow Vulnerability in WMA Message Processing in Snapdragon Platforms Buffer Over Read Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Multiple Chipsets Out-of-Bound Array Write Vulnerability in rxdco cal Utility in Snapdragon Processors Stack Out-of-Bound Write Vulnerability in Snapdragon Platforms Vulnerability: Reachable Assertion in Ape Clip Parser in Snapdragon Processors Buffer Over-read Vulnerability in Audio Driver in Snapdragon Platforms Critical Integer Multiplication Overflow Vulnerability in Multiple Snapdragon Platforms Uninitialized Pointer Vulnerability in Multiple Snapdragon Platforms Critical Vulnerability: Out of Bound Memory Access in Multiple Snapdragon Platforms Windows Kernel Object Handling Elevation of Privilege Vulnerability ALAC Modified Content Vulnerability in Snapdragon Platforms Buffer Over-read Vulnerability in Bluetooth Estack Critical Vulnerability: Out of Bound Memory Access in Snapdragon Platforms during Music Playback Buffer Over-read Vulnerability in Snapdragon Platforms Improper Validation of Master and Extension Header SN Leads to Divide by Zero Vulnerability in Snapdragon Platforms Critical Out-of-Bound Write Vulnerability in Snapdragon Platforms Use After Free Vulnerability in Audio Modules during Object Removal in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile Use After Free Vulnerability in HIDL Callbacks in Snapdragon Platforms Out-of-Range Pointer Offset Vulnerability in Snapdragon Platform Elevation of Privilege Vulnerability in Windows Common Log File System (CLFS) Driver Critical Out-of-Bounds Memory Access Vulnerability in Snapdragon Platform Camera Driver Race Condition in User Space IOCTL Leads to Use After Free Vulnerability in Snapdragon Platforms Race condition vulnerability in HAL layer of Snapdragon platforms Critical Remote Code Execution Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Bluetooth PDU Packet Processing in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55 Buffer Over-read Vulnerability in Bluetooth Estack: Lack of Length Validation in L2cap Packet Handling Denial of Service Vulnerability in Snapdragon Platforms Denial of Service Vulnerability in HP OfficeJet Pro 8210 JBIG2 Filter Buffer Over-read Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Networking Windows CSRSS Information Disclosure Vulnerability Resource Leakage Issue in Snapdragon Platforms during DCI Client Registration Vulnerability: Out-of-Bounds Memory Access in Snapdragon Platforms Possible buffer overflow vulnerability in MHI driver in multiple Snapdragon platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms during IKEv2 Parameter Update Improper Access Control in Perfdump Broadcasts: Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Padding Octets in ROHC Header Can Trigger Out of Bound Read Exception in Snapdragon Platforms L2CAP Packet Length Memory Corruption Vulnerability in Snapdragon Platforms Null-pointer dereference vulnerability allows buffer access beyond its size in Snapdragon processors Critical Buffer Over-read Vulnerability in Multiple Snapdragon Platforms ICM32.dll Remote Code Execution Vulnerability Vulnerability: Out of Bound Memory Access in Snapdragon Platforms during Music Playback with Crafted Vorbis Content Buffer Over-read Vulnerability in Snapdragon Platforms Stack Overflow Vulnerability in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980 Race Condition Vulnerability in FastRPC Driver in Snapdragon Platforms Array index underflow vulnerability in adsp driver Use After Free Vulnerability in Bluetooth Transport Driver in Snapdragon Devices Heap Overflow Vulnerability in Snapdragon Platforms Insecure Validation Allows Overwriting Security Code NV Item in Snapdragon Devices Memory Overwrite Vulnerability in Multiple Snapdragon Platforms Kernel Address Overwrite Vulnerability in Snapdragon Platforms Windows TLS Key Exchange Denial of Service Vulnerability Critical Out-of-Bound Access Vulnerability in Snapdragon Platforms' Computer Vision Control Improper Validation of Buffer Pointer in Snapdragon Process Control Command Handling Heap Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Services Enables Privilege Escalation Buffer overflow vulnerability in video parsing of mp4 clips with crafted esds atom size WLAN Driver Out-of-Bounds Vulnerability in Snapdragon Platforms Infinite Loop Vulnerability in Snapdragon Auto, Compute, Connectivity, and Mobile Modems Memory Corruption Vulnerability in Snapdragon Auto, Connectivity, and Mobile Modules Buffer Over-read Vulnerability in Snapdragon Platforms Buffer Over-read Vulnerability in Snapdragon Platforms Information Disclosure Vulnerability in StartTileData.dll Buffer Over-read Vulnerability in Snapdragon Platforms Null String Out-of-Bound Read Vulnerability in Multiple Snapdragon Platforms Critical Out-of-Bound Write Vulnerability in Snapdragon Platforms Improper Typecasting Vulnerability in Snapdragon Processors Improper Length Check Vulnerability in Snapdragon Platforms Improper Length Check Vulnerability in Snapdragon Platforms Integer Overflow to Buffer Overflow Vulnerability in Snapdragon Processors Integer Overflow Vulnerability in Stream Info Update in Snapdragon Platforms Insecure Wiping of Key Material in Multiple Snapdragon Platforms Stack Canary Information Exposure Vulnerability in Multiple Snapdragon Platforms Connected User Experiences and Telemetry Service Denial of Service Vulnerability Unvalidated Input in Snapdragon Platforms Leads to Buffer Over-read Vulnerability Arbitrary Access to DSP Memory: Improper Check in Loaded Library Vulnerability in Snapdragon Platforms Buffer Overflow/Underflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, and Mobile Processors Potential Stack Overflow Vulnerability in Snapdragon Platforms due to Large GSM/WCDMA Broadcast Config Size Critical Vulnerability: Memory Corruption and Information Leakage in Multiple Snapdragon Sub-Systems Critical Heap Overflow Vulnerability in Snapdragon Auto, Compute, and Mobile Processors Possible Buffer Overflow Vulnerability in Fastrpc Critical Buffer Overflow Vulnerability in LibFastCV Library in Snapdragon Devices Critical Out of Bounds Vulnerability in DSP Services: Improper Length Validation in Multiple Qualcomm Chipsets Vulnerability: Unauthorized Downgrade of Library Versions in Qualcomm Chipsets Windows Clipboard Service Elevation of Privilege Vulnerability Memory Corruption Vulnerability in Snapdragon Chipsets: Improper XPU Configuration in Multiple Product Lines Improper Length Field Check Vulnerability in Snapdragon Platforms Improper Validation of Length Fields in Snapdragon Platforms: Out-of-Bound Read Vulnerability Critical Buffer Over-read Vulnerability in Snapdragon Platforms Improper Minimum Length Check Vulnerability in Snapdragon Platforms Critical Buffer Over Read Vulnerability in Snapdragon Video Driver Critical Vulnerability in Audio Driver: Double Free or Invalid Memory Access in Snapdragon Compute, Connectivity, Industrial IOT, and Mobile Denial of Service Vulnerability in Snapdragon Platforms due to Lack of Data Validation in LTE betaOffset-RI-Index Configuration Elevation of Privilege Vulnerability in Windows Language Pack Installer Time of Check/Time of Use Vulnerability in Snapdragon Platforms Insecure Syscall Handling Leads to Clear Text Extraction of Secure QTEE Diagnostic Information Improper Length Check in Snapdragon Platforms Leads to Buffer Over Read Vulnerability Critical Out-of-Bounds Vulnerability in Snapdragon Camera Driver Critical Out-of-Bound Access Vulnerability in Snapdragon WLAN Driver Critical Memory Read Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms Improper Policy Allows Unprivileged Access in Multiple Snapdragon Platforms Connected User Experiences and Telemetry Service Denial of Service Vulnerability Critical Vulnerability: Arbitrary Memory Corruption in qseecom Driver Exposing Physical Addresses in Snapdragon Platforms Concurrent Function Call Vulnerability in Snapdragon Platforms Time-of-Check Time-of-Use Race Condition in Snapdragon Platforms Use After Free Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Invalid total dimension value in non-histogram KPIs leading to memory corruption vulnerability in Snapdragon Auto, Compute, Connectivity, and Mobile Unprotected Access to Histogram Definition Leads to Memory Crash in Snapdragon Platforms Buffer Over-read Vulnerability in Snapdragon Platforms Importing DMA Buffer: Use After Free Vulnerability in Snapdragon Platforms Windows State Repository Service Elevation of Privilege Vulnerability Memory Corruption Vulnerability in Snapdragon Platforms Vulnerability: Out-of-Bound Read in EAPOL Key Length Processing Memory Access Vulnerability in Snapdragon Industrial IOT and Snapdragon Mobile Denial of Service Vulnerability in Snapdragon Auto, Compute, Connectivity, and Mobile due to RRC Connection Establishment Flaw Lack of Input Validation in Snapdragon Platforms' Access Control Driver Leads to Unintended Reads and Writes by NS EL2 Double Free Vulnerability in Snapdragon Devices during Secure Playback Critical Vulnerability: Out-of-Bound Memory Read in Snapdragon Platforms Windows Runtime Object Handling Elevation of Privilege Vulnerability Race condition vulnerability leading to use after free in Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, Wired Infrastructure and Networking device drivers DTMF Payload Out-of-Bounds Read Vulnerability in Snapdragon Platforms Vulnerability: TrustZone Initialization Code Enables Information Disclosure in Multiple Snapdragon Platforms Critical Vulnerability: Arbitrary Memory Write Exploit in Snapdragon Drivers Memory Corruption Vulnerability in Snapdragon Platforms: Unchecked Dereferencing of Session Context Pointer Memory Leakage Vulnerability in Snapdragon Platforms Unvalidated Pointer Vulnerability in Snapdragon Wired Infrastructure and Networking Unvalidated Pointer Arguments in Snapdragon Wired Infrastructure and Networking Lead to Memory Corruption Vulnerability Unvalidated Pointer Arguments in Snapdragon Wired Infrastructure and Networking Trustzone BSP Leading to Memory Corruption Unvalidated Pointer Arguments in Snapdragon Wired Infrastructure and Networking Trustzone BSP Leading to Memory Corruption Windows Media Foundation Memory Corruption Vulnerability Uninitialized Memory Vulnerability in Snapdragon Compute, Industrial IOT, and Mobile Devices' DIAG Services Critical Memory Corruption Vulnerability in Snapdragon Platforms Race Condition Vulnerability in Snapdragon Platforms Integer Overflow Vulnerability in Snapdragon Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Wired Infrastructure, and Networking Vulnerability: Arbitrary Network Packet Injection in Snapdragon Devices Pointer Validation Vulnerability in Snapdragon Wired Infrastructure and Networking Potential QSEE Information Leakage in Snapdragon Wired Infrastructure and Networking due to Image Address Dereferencing Vulnerability Stack Out-of-Bounds Write Vulnerability in Snapdragon Devices Denial of Service Vulnerability in Snapdragon Auto and Snapdragon Mobile: UE Reset via Crafted SIB1 or Unsupported SIB Scheduling Memory Corruption Vulnerability in Multiple Snapdragon Platforms Denial of Service Vulnerability in Multiple Snapdragon Platforms Race condition vulnerability in multiple Snapdragon platforms allows out-of-bounds access to global control elements Use After Free Vulnerability in Snapdragon Platforms Null Pointer Access Vulnerability in Snapdragon Auto, Compute, Connectivity, and Mobile: Histogram Type KPI Teardown Critical Vulnerability: Denial of Service Exploit in Snapdragon Chipsets Buffer Over-read Vulnerability in Rx Beacon Frame Parsing in Snapdragon Platforms Improper Validation of P2P IE and NOA Attribute Lengths in Snapdragon Platforms Race Condition Vulnerability in Async FastRPC Session in Snapdragon Compute, Snapdragon Industrial IOT, and Snapdragon Mobile Improper Validation in Snapdragon Platforms Leads to Denial of Service Vulnerability Improper Length Check in SDES Packets Leads to Memory Corruption in Snapdragon Devices Improper Error Handling in Snapdragon Platforms Leads to Denial of Service in Fine Timing Measurement Request (FTMR) Frame Processing Vulnerability: Information Disclosure via RTT Frame Linking with Non-Randomized MAC Address GPU Memstore Mapping Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms when Playing MKV Clips Vulnerability: Untrusted Input Source in Snapdragon Platforms Buffer Over-read Vulnerability in Snapdragon Platforms Untrusted Pointer Dereference Vulnerability in Multiple Snapdragon Platforms Vulnerability: Information Disclosure via RTT Frame Linking with Non-Randomized MAC Address Vulnerability: Out-of-Bound Write in PlayReady Command Processing Vulnerability: Out of Bound Write in TZ Command Handler in Multiple Snapdragon Platforms Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Race condition vulnerability in ioctl events leads to use after free in Snapdragon devices Buffer Overflow Vulnerability in IKEv2 Parameter Update in Snapdragon Platforms Critical Buffer Overflow Vulnerability in QMI Voice API: Snapdragon Devices at Risk Vulnerability: Out of Bound Read in Widevine TA in Multiple Snapdragon Platforms Unvalidated Prefix Size Leads to Out of Bound Write Vulnerability in Snapdragon Platforms Use After Free Vulnerability in Camera Thread Manager of Snapdragon Platforms Arithmetic Overflow Vulnerability in Snapdragon Platforms Improper Subtype Check Leading to Denial of Service in Snapdragon Devices Shared Memory Buffer Permission Vulnerability Critical Buffer Overflow Vulnerability in Snapdragon Platforms: Exploiting Non-Standard Video Clips Elevation of Privilege Vulnerability in Diagnostics Hub Standard Collector Unencrypted Wi-Fi Frame Authentication Vulnerability in Snapdragon Devices Vulnerability: Information Disclosure via Mismatched AMSDU Frame Addresses in Snapdragon Platforms Critical Out-of-Bound Read Vulnerability in Snapdragon Platforms' DRM Critical Integer Overflow Vulnerability in Snapdragon Consumer IOT, Industrial IOT, Voice & Music Integer Overflow Vulnerability in Snapdragon Platforms Critical Buffer Overflow Vulnerability in Snapdragon Platforms Buffer Overflow Vulnerability in Snapdragon Platforms GPU Driver Use After Free Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Windows Error Reporting Manager File and Folder Link Handling Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in Diagnostics Hub Standard Collector Windows State Repository Service Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Windows Media Foundation Memory Corruption Vulnerability Windows Push Notification Service Elevation of Privilege Vulnerability Windows Storage Service Elevation of Privilege Vulnerability Windows Runtime Object Handling Elevation of Privilege Vulnerability DirectX Memory Handling Vulnerability Windows GDI Information Disclosure Vulnerability Arbitrary File Upload Vulnerability in Progress Telerik UI for Silverlight LDAP Server Credentials Disclosure in Sonatype Nexus Repository Manager Stored XSS Vulnerability in JetBrains Space Chats Windows GDI Object Memory Handling Elevation of Privilege Vulnerability Directory Traversal Vulnerability in UPS Adapter CS141 before 1.90 Win32k Kernel-Mode Object Handling Elevation of Privilege Vulnerability Directory Traversal Vulnerability in i-net Clear Reports, HelpDesk, and PDFC Arbitrary Action Exploit: XSS Vulnerability in LibreHealth EMR v2.0.0 SQL Injection Vulnerability in LibreHealth EMR v2.0.0 Allows Database Enumeration by Low-Privilege Authenticated Users Systemic CSRF Vulnerability in LibreHealth EMR v2.0.0 Local File Inclusion Vulnerability in LibreHealth EMR v2.0.0 Windows State Repository Service Elevation of Privilege Vulnerability Unrestricted File Access in WebCLI of Wind River VxWorks CRLF Injection Vulnerability in phpMyAdmin 5.0.2 Privilege Escalation Vulnerability in Zoom IT Installer for Windows Incorrect Access Control in Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 TP-Link Cloud Cameras Authentication Bypass Vulnerability (CNVD-2020-04855) Privilege Escalation via Hard Links in ESET Antivirus and Antispyware Module Information Leakage: Remote Retrieval of Serial Number on Bell HomeHub 3000 SG48222070 Devices Cross-Site Scripting (XSS) Vulnerability in Bell HomeHub 3000 SG48222070 Devices Technicolor TC7337 8.89.17 Backup File Disclosure Vulnerability Windows GDI Information Disclosure Vulnerability Information Disclosure Vulnerability in Microstrategy Web 10.4 Arbitrary File Upload Vulnerability in Microstrategy Web 10.4 Admin Panel SSRF and File Leakage Vulnerability in Microstrategy Web 10.4 Server-Side Request Forgery (SSRF) Vulnerability in Microstrategy Web 10.4 Stored XSS Vulnerability in Microstrategy Web 10.4 Allows Creation of Malicious Dashboards Path Traversal Vulnerability in LimeSurvey FileManager Stored XSS Vulnerability in LimeSurvey Survey Groups Stored XSS in pfSense WebGUI via User Full Name Parameter Arbitrary File Ingestion Vulnerability in MISP (CVE-2021-XXXX) Elevation of Privilege Vulnerability in Microsoft Store Runtime OpenVPN Access Server XML Entity Expansion (XEE) DoS Vulnerability Cleartext Credential Retrieval Vulnerability in Deskpro Information Disclosure Vulnerability in Deskpro API Endpoint Privilege Escalation and Information Leakage in Deskpro API Endpoints Privilege Escalation and Information Leakage in Deskpro Remote Code Execution Vulnerability in Deskpro Zoom Client for Meetings on macOS Vulnerability: Local Privilege Escalation via runwithroot XML Markup Remote Code Execution Vulnerability Unprompted Microphone and Camera Access Vulnerability in Zoom Client for Meetings on macOS Symbolic Link Attack on enumusb.reg via Support Assistant in NCP Secure Enterprise Client Unrestricted File Upload Vulnerability in Concrete5 before 8.5.3 Microsoft SharePoint Server Spoofing Vulnerability Hard-coded Credentials Vulnerability in NVIDIA DGX Servers' AMI BMC Firmware Vulnerability: Information Disclosure in NVIDIA DGX-1 BMC Firmware Cross-Site Request Forgery (CSRF) Vulnerability in NVIDIA DGX-1 BMC Firmware Vulnerability: Remote Code Execution in NVIDIA DGX-1 Servers with BMC Firmware Vulnerability: Weak Cipher Usage in NVIDIA DGX Servers' BMC Firmware Vulnerability in NVIDIA DGX Servers: Insecure RSA 1024 Public Key Validation in AMI BMC Firmware Default SNMP Community Strings Vulnerability in NVIDIA DGX Servers Windows Runtime Object Handling Elevation of Privilege Vulnerability Arbitrary OS Command Execution in Zen Load Balancer 3.10.1 via Manage::Certificates Absolute Path Traversal Vulnerability in Zen Load Balancer 3.10.1 Privilege Escalation via Named Pipe Interception in Docker Desktop on Windows Uninitialized Object Information Disclosure Vulnerability in Foxit Reader and PhantomPDF Uninitialized Data Leak Vulnerability in Linux Kernel's slc_bump Arbitrary Code Execution in Sprecher SPRECON-E Firmware Arbitrary Bank Transaction ID Bypass in NAB Transact Extension for WooCommerce Relative Path Vulnerability in Slack Nebula through 1.1.0 Allows Code Execution as Root User Stored XSS Vulnerability in FACT 3 via Localhost Web Request Windows Media Foundation Memory Corruption Vulnerability Insecure Encryption: Zoom Client for Meetings Uses ECB Mode for Video and Audio Encryption GnuTLS DTLS Client Vulnerability: Lack of Randomness in Negotiation Heap-based Buffer Overflow in Sophos XG Firewall v17.5 MR11 and Older: Remote Code Execution Vulnerability GitLab Workhorse Bypass Vulnerability: NuGet Package and File Disclosure GitLab Workhorse Bypass: Job Artifact Uploads and File Disclosure via Request Smuggling Untrusted Search Path Vulnerability in Malwarebytes AdwCleaner 8.0.3 Allows Arbitrary Code Execution XSS Vulnerability in WP Lead Plus X Plugin Allows Arbitrary JavaScript Execution Arbitrary JavaScript Upload Vulnerability in WP Lead Plus X Plugin Windows Runtime Object Handling Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in LearnPress Plugin for WordPress Stored XSS in IMPress for IDX Broker WordPress Plugin Allows Creation of Administrator-Level Accounts Unauthenticated Remote Attackers Can Escalate Privileges in Rank Math Plugin for WordPress Arbitrary URI Creation Vulnerability in Rank Math WordPress Plugin Stored XSS in Contact Form 7 Datepicker Plugin through 2.6.0 for WordPress Unauthenticated Remote Code Execution in Zoho ManageEngine ADSelfService Plus Privilege Escalation via SDDisk2k.sys Driver in WinMagic SecureDoc v8.5 and Earlier Win32k.sys Elevation of Privilege Vulnerability Arbitrary Kernel Memory Write Vulnerability in WinMagic SecureDoc v8.5 and Earlier Out-of-bounds Write Vulnerability in libfreerdp/codec/planar.c Out-of-bounds Read Vulnerability in FreeRDP Integer Overflow Vulnerability in libfreerdp/gdi/region.c Out-of-bounds Write Vulnerability in libfreerdp/codec/interleaved.c Out of Bounds Read Vulnerability in libfreerdp/cache/bitmap.c Out-of-bounds Read Vulnerability in FreeRDP versions > 1.1 through 2.0.0-rc4 Arbitrary File Read Vulnerability in Zoho ManageEngine OpManager Stack-Based Buffer Overflow in conv_bitmap via Long Line in Bitmap File Open Redirect Vulnerability in Grav CMS Memory Object Handling Vulnerability in Microsoft Graphics Components Blind SQL Injection Vulnerability in Chop Slider 3 WordPress Plugin Arbitrary Code Execution via Directory Traversal in Zoho ManageEngine DataSecurity Plus Default Admin Credentials Bypass in Zoho ManageEngine DataSecurity Plus Sensitive Information Disclosure in Ivanti Workspace Control with SCCM Integration Remote Code Execution via Malicious .docx File in ONLYOFFICE Document Server 5.5.0 XML Injection Vulnerability in ONLYOFFICE Document Server 5.5.0 Remote Code Execution via Malicious .docx File in ONLYOFFICE Document Server 5.5.0 SQL Injection Vulnerability in ONLYOFFICE Document Server 5.5.0 via Websocket API Out-of-Bounds Reads in SGI Image File Parsing in Pillow through 7.0.0 Unauthenticated Control and Data Exposure Vulnerability in Tata Sonata Smart SF Rush 1.12 Devices Windows Common Log File System Driver Elevation of Privilege Vulnerability XML External Entity (XXE) Injection Vulnerability in TechSmith SnagIt Authentication Bypass Vulnerability in 3xLOGIC Infinias eIDC32 2.213 Devices Backdoor Account Vulnerability in OpsRamp Gateway Arbitrary File Upload Vulnerability in Project Worlds Official Car Rental System Multiple SQL Injection Vulnerabilities in Project Worlds Official Car Rental System 1 Remote Code Execution Vulnerability in SuperWebMailer 7.21.0.01526 via Language Parameter in mailingupgrade.php Information Disclosure Vulnerability in PRTG Network Monitor Remote Code Execution via CSV Injection in Search Meter Plugin for WordPress Vulnerability: Remote Code Execution with Root Privileges on NETGEAR Orbi Tri-Band Business WiFi Devices Windows Runtime Elevation of Privilege Vulnerability Unauthenticated Remote Leak of Sensitive Wi-Fi Information in NETGEAR Orbi Tri-Band Business WiFi Devices Unauthenticated Remote Write Vulnerability in NETGEAR Orbi Tri-Band Business WiFi Devices Elevation of Privilege Vulnerability in ManageEngine ADSelfService Plus CSRF Vulnerability in Castle Rock SNMPc Online 12.10.10 Sensitive Information Disclosure in Castle Rock SNMPc Online 12.10.10 Sensitive Credential Information Disclosure in Castle Rock SNMPc Online 12.10.10 Multiple Persistent and Reflected XSS Vulnerabilities in Castle Rock SNMPc Online 12.10.10 Clear-text Transmission of Username and Password in Castle Rock SNMPc Online 12.10.10 Use-after-free vulnerability in libgpac.a in GPAC 0.8.0 Windows Runtime Object Handling Elevation of Privilege Vulnerability Local Privilege Escalation: Cleartext Password Exposure in NCH Express Invoice 7.25 Configuration File Privilege Escalation Vulnerability in NCH Express Invoice 7.25 Stack-based Out-of-Bounds Write Vulnerability in Linux Kernel's mpol_parse_str Function (CID-aa9f7d5172fa) Windows Runtime Object Handling Elevation of Privilege Vulnerability User Enumeration Vulnerability in Argo v1.5.0 Remote File Disclosure Vulnerability in Chadha PHPKB 9.0 Enterprise Edition Windows Runtime Object Handling Elevation of Privilege Vulnerability Arbitrary SSL Certificate Acceptance Vulnerability in Pulse Secure Pulse Connect Secure (PCS) Pulse Secure Pulse Connect Secure (PCS) OS Command Injection Vulnerability Pulse Secure Pulse Connect Secure (PCS) Vulnerability: Applet TCP Server Accepts Local Connections GET-based XSS Reflected Vulnerability in Plesk Obsidian 18.0.17 Reflected XSS Vulnerability in Plesk Onyx 17.8.11 via GET Parameter Information Disclosure Vulnerability in DNN 9.5 Activity-Feed/Messaging/Userid/Message Center Module CIPPlanner CIPAce 9.1 Build 2019092801 XXE Vulnerability Unauthenticated API Request Vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801 Unauthenticated Access to Customer Data and Application Paths in CIPPlanner CIPAce 9.1 Build 2019092801 Insecure Direct Object Reference Vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801 Elevation of Privilege Vulnerability in StartTileData.dll Information Disclosure: Server Name Exposure in CIPPlanner CIPAce 9.1 Build 2019092801 Unauthenticated Information Disclosure in CIPPlanner CIPAce 9.1 Build 2019092801 Unauthenticated API Request Vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801 Unauthenticated HTML Injection Leading to Email Spoofing in CIPPlanner CIPAce 9.1 Unauthenticated API Request Stack Error Disclosure in CIPPlanner CIPAce 9.1 Build 2019092801 CIPPlanner CIPAce 9.1 Build 2019092801 - Unauthenticated API Request Path Disclosure Vulnerability CIPPlanner CIPAce 9.1 Build 2019092801 Directory Traversal Vulnerability SQL Injection Vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801 Arbitrary Code Execution via ASHX File Upload in CIPPlanner CIPAce 9.1 Build 2019092801 CIPPlanner CIPAce 6.80 Build 2016031401 - GetDistributedPOP3 Username and Password Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability Arbitrary Code Execution Vulnerability in Samsung Fingerprint Trustlet (SVE-2019-16587, SVE-2019-16588, SVE-2019-16589) Unauthorized Access to Applications in Secure Folder via Floating Icons Clipboard Content Leakage on Locked Samsung Devices Type Confusion Vulnerability in Samsung Mobile Devices with P(9.0) and Q(10.0) Software (SVE-2020-16599) Out-of-bounds read vulnerability in Samsung mobile devices with TEEGRIS software Sensitive Information Exposure in NFC Logs on Samsung Mobile Devices (SVE-2019-16359) Secure Folder Application Preview Information Leakage Vulnerability Notification Exposure Vulnerability in Samsung Mobile Devices with P(9.0) and Q(10.0) Software NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints NULL pointer dereference in stv06xx subsystem of Linux kernel (CVE-2020-12345) ASP.NET Core Denial of Service Vulnerability Cross-Origin PostMessage Vulnerability in xdLocalStorage Cross-Origin Communication Vulnerability in xdLocalStorage Unbounded Memory Allocation Vulnerability in Netty's ZlibDecoders Elevation of Privilege Vulnerability in Mids' Reborn Hero Designer 2.6.0.7 Insecure Update Process and File Tampering Vulnerability in Mids' Reborn Hero Designer 2.6.0.7 Hard-coded RC4 Cipher Key Vulnerability in NVIDIA DGX Servers' BMC Firmware Weak Pseudo-Random Number Generator in NVIDIA DGX Servers' BMC Firmware SSL Certificate Validation Vulnerability in THOMSON THT741FTA and Philips DTR3502BFTA Set-Top Boxes Hardcoded TELNET Service Vulnerability in Thomson and Philips Set-Top Boxes Deserialization Vulnerability in FasterXML Jackson-databind 2.x Windows Security Health Service Elevation of Privilege Vulnerability Deserialization Vulnerability in FasterXML Jackson-databind 2.x Vulnerability in Arista's Cloud EOS VM / vEOS Router Code with TCP MSS Options Configuration Vulnerability: Unauthorized Access to Diagnostic and Configuration Functionalities in AvertX IP Cameras Default password vulnerability in AvertX Auto focus Night Vision HD Cameras Vulnerability: User Enumeration via Failed Login Attempts in AvertX IP Cameras Cross-Site Scripting (XSS) Vulnerabilities in EJBCA Public Web and Certificate/CRL Download Servlets Cross Site Request Forgery (CSRF) Vulnerability in EJBCA CA UI Bypassing Remote Protocol Restrictions in EJBCA External Command Certificate Validator Allows Upload of Malicious Scripts Windows Defender Arbitrary File Deletion Elevation of Privilege Vulnerability Insecure Deserialization Vulnerability in EJBCA Privilege Escalation and Remote Code Execution via CA UI Error State Unquoted Service Path Vulnerability in Zscaler Client Connector Stack-Based Buffer Overflow in Zscaler Client Connector for Windows DLL Hijacking Vulnerability in Zscaler Client Connector for Windows Insufficient Validation of RPC Clients in Zscaler Client Connector Prior to 3.1.0 Memory Leak Vulnerability in B&R Automation Runtime TFTP Service Windows Runtime Object Handling Elevation of Privilege Vulnerability Local File Inclusion Vulnerability in B&R SiteManager Versions <9.2.620236042 Allows Unauthorized Access to Sensitive Files Authenticated Local File Inclusion Vulnerability in B&R SiteManager <9.2.620236042 Information Disclosure Vulnerability in B&R GateManager Allows Unauthorized Access to Foreign Domain Device Information Authenticated User Information Disclosure Vulnerability in B&R GateManager GateManager Denial of Service Vulnerability Log Information Disclosure Vulnerability in B&R GateManager Versions <9.0.20262 and <9.2.620236042 BACapp Dissector Recursion Crash Vulnerability Persistent Access Vulnerability in GitLab CE and EE 8.15 through 12.9.2 Windows Clipboard Service Elevation of Privilege Vulnerability Denial of Service Vulnerability in iXsystems FreeNAS and TrueNAS Unauthenticated Remote Code Execution in SaltStack Salt Arbitrary Directory Access Vulnerability in SaltStack Salt TLS Termination Proxy Vulnerability in Varnish Cache SQLite Denial of Service Vulnerability via Malformed Window-Function Query Use-after-free vulnerability in SQLite ALTER TABLE implementation Insecure Handling of Shared Secret Keys in CA API Developer Portal 4.3.1 and Earlier Allows Authorization Bypass Privileged User Access Control Flaw in CA API Developer Portal 4.3.1 and Earlier Windows Clipboard Service Elevation of Privilege Vulnerability Access Control Flaw in CA API Developer Portal 4.3.1 and Earlier Allows Privileged Users to View Restricted Sensitive Information Access Control Flaw in CA API Developer Portal 4.3.1 and Earlier: Privileged User Data Exposure and Manipulation Vulnerability Cross-Origin Resource Sharing Vulnerability in CA API Developer Portal 4.3.1 and Earlier Open Redirect Vulnerability in CA API Developer Portal 4.3.1 and Earlier Insecure HomeRedirect Handling in CA API Developer Portal 4.3.1 and Earlier: Open Redirect Vulnerability Open Redirect Vulnerability in CA API Developer Portal 4.3.1 and Earlier Access Control Flaw in CA API Developer Portal 4.3.1 and Earlier Allows Privilege Escalation Xirlink Camera USB Driver Invalid Descriptor Vulnerability Missing save/restore functionality for power management registers in powerpc/kernel/idle_book3s.S (CID-53a712bae5dd) Remote Code Execution Vulnerability in Microsoft Graphics Components Unrestricted Access to TeamPass Administrator Privileges via REST API Unauthenticated User Manipulation of Responsive Polls in WordPress Variable Reuse Vulnerability in Cerner Medico 26.00: Potential Data Corruption Risk Local Buffer Overflow in Cerner Medico 26.00 (Issue 1 of 3) Local Buffer Overflow in Cerner Medico 26.00 (Issue 2 of 3) Local Buffer Overflow in Cerner Medico 26.00 Privilege Escalation in Castel NextGen DVR v1.0.0 through Adminstrator/Users/Edit/:UserId Functionality Authorization Bypass Vulnerability in Castel NextGen DVR v1.0.0 Clear-text Storage of SMTP Credentials in Castel NextGen DVR v1.0.0 CSRF Vulnerability in Castel NextGen DVR v1.0.0 Allows Unauthorized State Changes Timing Side Channel Vulnerability in AT91bootstrap before 3.9.2 Allows Arbitrary Code Execution Insecure Key Handling in AT91bootstrap Insecure Plugin Repository Access in JetBrains GoLand Information Disclosure Vulnerability in JetBrains TeamCity Unmasked Password Vulnerability in JetBrains TeamCity Persistent Application State in JetBrains TeamCity before 2019.2.1 Unauthorized Import of Settings.kts File in JetBrains TeamCity Windows Runtime Elevation of Privilege Vulnerability Untrusted Host Resolution Vulnerability in JetBrains IntelliJ IDEA Content Spoofing Vulnerability in JetBrains Hub OAuth Error Message Vulnerability: Unauthorized Access to DB Export in JetBrains YouTrack Denial of Service Vulnerability in JetBrains YouTrack before 2020.1.659 via Malformed TIFF File Attachment Inclusion of Apple Notarization Service Credentials in JetBrains PyCharm 2019.2.5 and 2019.3 on Windows Stored XSS Vulnerability in Combodo iTop Menu Shortcut Reflective XSS Vulnerability in Combodo iTop Dashboard IDs Command Injection Vulnerability in Titan SpamTitan 7.07 Remote Code Execution Vulnerability in Titan SpamTitan 7.07 Windows Defender Arbitrary File Deletion Vulnerability Arbitrary File Retrieval Vulnerability in Titan SpamTitan 7.07 CSRF Vulnerability in ProVide User Web Interface Allows Unauthorized Filesystem Access Multiple Stored and Reflected XSS Vulnerabilities in ProVide User Web Interface HTTP Response Splitting Vulnerability in ProVide (formerly zFTPServer) through 13.1 Multiple Stored and Reflected XSS Vulnerabilities in ProVide (formerly zFTPServer) Admin Web Interface Arbitrary Certificate Loading and File Overwrite Vulnerability in ProVide CSRF Vulnerability in ProVide Admin Interface Allows Unauthorized Actions Windows Symlink and Junction Vulnerability in ProVide (formerly zFTPServer) Privilege Escalation via /ajax/SetUserInfo Messages Parameter in ProVide CRLF Injection and HTTP Response Splitting Vulnerability in cpp-httplib Visual Studio Code Python Extension Configuration File Remote Code Execution Vulnerability Vulnerability: Unauthorized Access to Kong Admin API Authenticated Stored XSS in Stormshield SNS 3.8.0 Allows SSL VPN Credential Theft Cross-Site Scripting (XSS) Vulnerability in Open Upload 0.4.3 via index.php?action=u and filename Field Timing Side-Channel Vulnerability in wolfSSL 4.3.0's wc_ecc_mulmod_ex Function XSS Vulnerability in Eten PSG-6528VM 1.1 Devices via System Contact or System Location End-of-Support Access Control Vulnerability in Panasonic P99 Devices Insecure Permissions in Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro Devices Multiple SQL Injection Vulnerabilities in Programi 014 31.01.2020 Cleartext HTTP Software Update Vulnerability Weak and Guessable Static Encryption Key Vulnerability ChakraCore Scripting Engine Remote Code Execution Vulnerability Default Administrative Access with Weak Password Uninitialized Pointer Vulnerability in libsixel 1.8.6 Arbitrary Code Execution via Lua Bytecode in Dungeon Crawl Stone Soup (DCSS) 0.25 and earlier Hardcoded RSA Private Keys in Cellebrite UFED: A Forensic Extraction Vulnerability HTTP Request Smuggling Vulnerability in OpenResty Potential Privilege Escalation in Linux Kernel's snd_ctl_elem_add Function Cross-Site Scripting (XSS) Vulnerability in AlgolPlus Advanced Order Export For WooCommerce Plugin 3.1.3 for WordPress Session Impersonation Vulnerability in DAViCal Andrew's Web Libraries (AWL) Insecure Generation of Long-Term Session Cookies in DAViCal Andrew's Web Libraries (AWL) Content-Type Spoofing Vulnerability in Microsoft Power BI Report Server Multiple XSS Vulnerabilities in Media Library Assistant Plugin for WordPress Local File Inclusion Vulnerability in Media Library Assistant Plugin for WordPress Root Access Vulnerability in Spirent TestCenter and Avalanche Appliance Admin Interface Firmware Cross-Site Scripting (XSS) Vulnerability in CyberSolutions CyberMail 5 or Later via ACTION Parameter in cgi-bin/go Projective Coordinates Leak in ECC Private-Key Operations Directory Traversal Vulnerability in GNOME file-roller through 3.36.1 Cross-Site Scripting (XSS) Vulnerability in Zimbra 9.0 Web Client Allows Remote Code Execution Directory Traversal Vulnerability in Snap Creek Duplicator Plugin for WordPress Missing Memory Barriers in Read-Write Unlock Paths in Xen: Denial of Service and Privilege Escalation Vulnerability Jet Database Engine Remote Code Execution Vulnerability Unprivileged Guest Information Disclosure Vulnerability in Xen Xenoprof Privilege Escalation and Denial of Service Vulnerability Denial of Service Vulnerability in Xen's GNTTABOP_copy Denial of Service Vulnerability in Xen's GNTTABOP_map_grant Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in Pandora FMS 7.0 NG <= 746 Jet Database Engine Remote Code Execution Vulnerability Unauthenticated Scripting Vulnerability in Sonatype Nexus Repository Manager Out-of-Bounds Read Vulnerability in OpenEXR Integer Overflow Vulnerability in OpenEXR Jet Database Engine Remote Code Execution Vulnerability Out-of-Bounds Read Vulnerability in OpenEXR's RLE Uncompression Out-of-Bounds Read Vulnerability in OpenEXR's Huffman Uncompression Out-of-Bounds Read and Write Vulnerability in OpenEXR's DwaCompressor Out-of-bounds Read and Write Vulnerability in OpenEXR Out-of-Bounds Write Vulnerability in OpenEXR's copyIntoFrameBuffer Off-by-one Error in OpenEXR's ImfXdr.h Read Function Authenticated Command Injection in sendfax.php in iFAX AvantFAX and HylaFAX Enterprise Web Interface Data-leak issue in Istio and Envoy allows sensitive data to be sent to the wrong server Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Microsoft Office SharePoint XSS Vulnerability Command Injection Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Microsoft SharePoint Server Elevation of Privilege Vulnerability Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Authentication Bypass Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR Routers Windows GDI Memory Disclosure Vulnerability Remote Code Execution Vulnerability in NETGEAR R7800 Devices Reflected XSS Vulnerability in NETGEAR JGS516PE Devices TLS Certificate Private Key Disclosure in NETGEAR R8900, R9000, RAX120, and XR700 Devices Use-After-Free Vulnerability in WebKitGTK and WPE WebKit (CVE-2021-30663) Improper Session Timeout Configuration in JetBrains Space Insecure Password Authentication Implementation in JetBrains Space (through 2020-04-22) Mitel MiCollab AWV Authentication Bypass Vulnerability Mitel MiCollab AWV Directory Traversal Vulnerability Privilege Escalation Vulnerability in Z-Cron 5.6 Build 04 ChakraCore Scripting Engine Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 PHP Code Evaluation Vulnerability in Titan SpamTitan 7.07 Code Injection Vulnerability in Titan SpamTitan 7.07 Incorrect UDP Access Control in Pexip Reverse Proxy and TURN Server Lack of Certificate Validation in MailStore Outlook Add-in Arbitrary Code Execution through Unrestricted File Upload in Sourcefabric Newscoop 4.4.7 Unsafe ASP.Net web controls in Microsoft SharePoint Server can lead to remote code execution OpenVPN 2.4.x Vulnerability: Denial of Service via Injected Data Channel Packet Arbitrary Command Execution via Profile Photo Upload in qdPM 9.1 SQL Injection Vulnerability in Rukovoditel 2.5.2 Stored XSS Vulnerability in Rukovoditel 2.5.2 via Copyright Text Input Host Header Injection Vulnerability in qdPM 9.1: Spoofing and Malicious Website Redirection Arbitrary File Upload Vulnerability in Rukovoditel 2.5.2 SQL Injection Vulnerability in Rukovoditel 2.5.2 due to Improper Handling of reports_id Parameter Arbitrary File Upload and Command Execution Vulnerability in Rukovoditel V2.5.2 Maintenance Mode CSRF Vulnerability in Rukovoditel 2.5.2 Allows Privilege Escalation Arbitrary PHP File Injection Vulnerability in Rukovoditel 2.5.2 Remote Code Execution Vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 SQL Injection Vulnerability in Rukovoditel 2.5.2 Weak Password Storage in Rukovoditel 2.5.2 Stored XSS Vulnerability on Rukovoditel 2.5.2 User Access Groups Page Stored XSS Vulnerability on Dolibarr 10.0.6 Admin Tools Audit Page CSRF Tokens Vulnerability in Dolibarr 10.0.6: Cross-User Session Exploitation Unencrypted Password-Protected Notes Vulnerability in Memono Version 3.8 Privilege Escalation Vulnerability in GOG Galaxy 1.2.67 Uninitialized RGB Stack Variable Information Leakage Vulnerability in ColorOS Elevated Privileges Vulnerability in com.coloros.codebook V2.0.0_5493e40_200722 Backup and Restore SDK Microsoft Office SharePoint XSS Vulnerability Arbitrary System Command Execution Vulnerability in QualityProtect V2.0 Arbitrary File Write Vulnerability in OvoiceManager (com.oppo.ovoicemanager V2.0.1) Unvalidated Parameter Input Vulnerability in charging_limit_current_write and charging_limit_time_write Functions Unvalidated Parameter Length in mp2650_data_log_write Function Unvalidated Parameter Length in proc_fastchg_fw_update_write Function Unvalidated Input in proc_work_mode_write Function Leads to Vulnerability Information Leak Vulnerability in OPPO Android Phones with MTK Chipset and Android 8.1/9/10/11 Versions Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight Management Center Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight Logger Versions 6.6.1 to 7.0.1 Windows State Repository Service Elevation of Privilege Vulnerability Remote Unauthorized Information Disclosure Vulnerability in Micro Focus ArcSight Management Center Remote Unauthorized Information Disclosure Vulnerability in Micro Focus ArcSight Management Center Unauthenticated Information Disclosure Vulnerability in Micro Focus Verastream Host Integrator (VHI) Product Incorrect Authorization Vulnerability in Micro Focus Container Deployment Foundation Component Arbitrary Web Script Injection Vulnerability in Micro Focus Service Manager Critical Denial of Service Vulnerability in Micro Focus ArcSight Management Center Critical Elevation of Privilege and Unauthorized Access Vulnerability in Micro Focus Identity Manager Windows State Repository Service Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Micro Focus ArcSight Logger (Versions < 7.1.1) DKIM Key Injection Vulnerability in Micro Focus Secure Messaging Gateway (SMG) Arbitrary Code Execution Vulnerability in Multiple Micro Focus Products Arbitrary Code Execution Vulnerability in Micro Focus Products Authorization Bypass Vulnerability in Micro Focus Operation Bridge Reporter (OBR) 10.40 and Earlier Critical Arbitrary Code Execution Vulnerability in Micro Focus Operation Bridge Reporter (OBR) v10.40 and Earlier Authorization Bypass Vulnerability in Micro Focus Operation Bridge Reporter (OBR) 10.40 and Earlier Privilege Escalation Code Execution Vulnerability in Micro Focus Operation Bridge Manager and Operation Bridge (containerized) Windows State Repository Service Elevation of Privilege Vulnerability Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight Logger Versions Prior to 7.1.1 Root Access Vulnerability in Micro Focus Operation Agent CVE-2020-11862 Denial of Service Vulnerability in libEMF (aka ECMA-234 Metafile Library) 1.0.11 Denial of Service Vulnerability in libEMF (aka ECMA-234 Metafile Library) 1.0.11 Out-of-Bounds Memory Access Vulnerability in libEMF Use-after-free vulnerability in libEMF (aka ECMA-234 Metafile Library) 1.0.11 Insecure Temporary File Handling in Audacity Off-Path Attacker Can Block Unauthenticated Synchronization in ntpd Integer Overflow in QEMU ATI VGA Emulation Windows State Repository Service Elevation of Privilege Vulnerability Fabrication Attacks in OpenTrace 1.0 Cloud Functions Subsystem LG Mobile Devices Stack-Based Buffer Overflow Vulnerability LG Mobile Devices with Android OS 8.0-10 Factory Reset Protection Bypass Vulnerability Privilege Escalation Vulnerability in LG Mobile Devices with MTK Chipsets Insecure Initialization of OpenSSL EVP AES-256 CBC Context in Zoom Client for Meetings 4.6.11 Weak Initialization Vector (IV) Usage in Zoom Client for Meetings 4.6.11 Default Password Vulnerability in Jitsi Meet Docker Stack Unauthenticated File Attachment Vulnerability in GNOME Evolution Windows State Repository Service Elevation of Privilege Vulnerability KDE KMail Attachment Vulnerability Array Index Error in MikroTik RouterOS: SUP-12964 Unvalidated Deeplink Handling in O2 Business Android App Allows for Unauthorized Redirects Error Stack Trace Disclosure in Divante Vue Storefront API Race condition vulnerability in Linux kernel 4.19 through 5.6.7 on s390 platform allows for code execution and potential crashes (CID-3f777e19d171) XML External Entity (XXE) Vulnerability in WSO2 Enterprise Integrator 6.6.0: Unintended Network Invocations and SSRF via XML Validator HQL Injection Vulnerability in OpenNMS Horizon and Meridian XSS and SSRF Vulnerability in svg2png 4.1.1 XSS Vulnerability in python-markdown2 through 2.3.8 Unauthenticated Deletion of Usergroups in Joomla! Windows State Repository Service Elevation of Privilege Vulnerability Improper Input Validation in Joomla Usergroup Table Class Leads to Broken ACL Configuration Unauthenticated Usergroup Editing Vulnerability in Joomla! Heap-Based Buffer Over-read in Ming (libming) 0.4.8's decompileIF() Function Heap-Based Buffer Over-read in Ming (libming) 0.4.8's decompileIF() Function IPv4 Tunneling Remote Code Execution Vulnerability Out-of-Bounds Write Vulnerability in Treck TCP/IP Stack IPv4/ICMPv4 Length Parameter Inconsistency Vulnerability IPv6 Out-of-bounds Read Vulnerability in Treck TCP/IP Stack Windows State Repository Service Elevation of Privilege Vulnerability IPv4 Tunneling Double Free Vulnerability Remote Code Execution Vulnerability in Treck TCP/IP Stack IPv6OverIPv4 Tunneling Out-of-bounds Read Vulnerability DHCP Out-of-bounds Read Vulnerability in Treck TCP/IP Stack Integer Overflow in Treck TCP/IP Stack Leads to Out-of-Bounds Write Vulnerability DHCPv6 Out-of-bounds Read Vulnerability in Treck TCP/IP Stack Ethernet Link Layer Integer Underflow in Treck TCP/IP Stack TCP Length Parameter Inconsistency Vulnerability in Treck TCP/IP Stack DHCP '\0' Termination Mishandling in Treck TCP/IP Stack IPv4 Integer Underflow Vulnerability in Treck TCP/IP Stack Windows State Repository Service Elevation of Privilege Vulnerability ICMPv4 Out-of-bounds Read Vulnerability in Treck TCP/IP Stack ICMPv4 Access Control Vulnerability in Treck TCP/IP Stack TCP Out-of-bounds Read Vulnerability in Treck TCP/IP Stack IPv6 Out-of-bounds Read Vulnerability in Treck TCP/IP Stack ARP Out-of-bounds Read Vulnerability in Treck TCP/IP Stack Vulnerability: Unauthorized Telnet Access on Svakom Siime Eye Devices Visual Studio Code Python Extension Workspace Settings Remote Code Execution Vulnerability Command Injection Vulnerability in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14 Privacy Leakage in WiZ Colors A60 1.14.0: Unnecessary Transmission of Local IP Address and Wi-Fi SSID Local Logging of API Credentials in WiZ Colors A60 1.14.0 Clear-text Storage of Wi-Fi Credentials in WiZ Colors A60 1.14.0 Default Root Credentials in Luvion Grand Elite 3 Connect Devices Remote Code Execution Vulnerability in Media Library Assistant Plugin for WordPress Remote Code Execution Vulnerability in Microsoft Excel Software Reflected XSS Vulnerability in GTranslate WordPress Plugin Bypass of Access Restriction for Snap-packaged Applications in Ubuntu's Modified Pulseaudio Subiquity Installer Vulnerability: LUKS Full Disk Encryption Password Logging Vulnerability: Unrestricted Execution of cloud-init on Ubuntu Core Devices Snapd Vulnerability: Privilege Escalation via snapctl user-open Improper Inode Reference Count Management in aufs vfsub_dentry_open() Method Memory Leak DoS Vulnerability in whoopsie's parse_report() Function Password Scrambling Vulnerability in JetBrains TeamCity 2018.2 through 2019.2.1 Remote Code Execution Vulnerability in nDPI SSH Protocol Dissector Registry Filesystem Operations Denial of Service Vulnerability Out-of-Bounds Read Vulnerability in nDPI's SSH Protocol Handling OS Command Injection Vulnerability in Open-AudIT 3.2.2 Discovery Multiple SQL Injections in Open-AudIT 3.2.2 Arbitrary File Upload Vulnerability in Open-AudIT 3.2.2 Cross-Site Scripting (XSS) Vulnerability in Abe (aka bitcoin-abe) Digest Authentication Replay Vulnerability in Squid Unauthenticated API Key Retrieval Vulnerability in Zoho ManageEngine OpManager Heap-Based Buffer Over-read in QEMU 4.1.0's iscsi_aio_ioctl_cb Function Arbitrary File Access Vulnerability in VIVOTEK Network Cameras Improper Input Validation in Microsoft Edge (Chromium-based) Feedback Extension Authenticated Remote Code Execution in VIVOTEK Network Cameras Backdoor Root Account Vulnerability in Rittal PDU and CMCIII Devices Bypassing CLI Menu on Rittal PDU and CMCIII-PU Devices Remote Code Execution Vulnerability in Rittal PDU-3C002DEC and CMCIII-PU-9333E0FB Devices Insecure Permissions Vulnerability in Rittal PDU-3C002DEC and CMCIII-PU-9333E0FB Devices Least Privilege Violation in Rittal PDU-3C002DEC and CMCIII-PU-9333E0FB Devices Insufficient Entropy in Cypress PSoC Creator BLE 4.2 Component Allows MITM Attack during Pairing Heap-Based Buffer Overflow in re2c 1.3's Scanner::fill in parse/scanner.cc Information Leakage Vulnerability in Xiaomi Router R3600 ROM before 1.0.50 due to Unsafe Nginx Configuration Printconfig.dll Elevation of Privilege Vulnerability Xiaomi Router R3600 ROM < 1.0.50 Backup File Extraction Vulnerability Insecure Interface in Xiaomi Router R3600 ROM Allows Sensitive Information Leakage Remote Code Execution Vulnerabilities in Unconfigured IQrouter Web-Panel due to Bash Shell Metacharacter Injection Arbitrary Root Password Change Vulnerability in IQrouter through 3.3.1 Unsecured Root User Access in IQrouter through 3.3.1 Arbitrary Root Password Change Vulnerability in IQrouter Remote Control Vulnerability in IQrouter through 3.3.1: Incorrect Access Control Incorrect Access Control in IQrouter Web-Panel Allows Remote Reading of System Logs Unauthenticated JMX Port Vulnerability in Apache TomEE Windows Error Reporting Manager Elevation of Privilege Vulnerability Apache Camel's JMX Vulnerability: Rebind Flaw Java Deserialization Vulnerability in Apache Camel RabbitMQ Apache Camel Netty Java Deserialization Vulnerability Remote Code Execution Vulnerability in DolphinScheduler 1.2.0 and 1.2.1 with MySQL Connector/J Apache Unomi OGNL Scripting Vulnerability Apache Wicket Unprocessed HTML Template Disclosure Vulnerability Vulnerability: Apache Syncope 2.1.X Flowable Extension Shell Service Tasks Privilege Escalation Remote Code/Command Injection Vulnerability in Apache Airflow Example DAG Insecure Temporary File Handling in Apache Ant 1.10.8 Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Privilege Escalation via SSRF-style Attack in Karaf JMX Authentication Arbitrary Command Injection in Apache Airflow with CeleryExecutor Deserialization Attack via Direct Broker Connection in Apache Airflow Stored XSS Vulnerability in Apache Airflow's Admin Management Screens Apache HTTP Server mod_proxy_uwsgi Info Disclosure and Potential RCE (CVE-XXXX-XXXX) Vulnerability: IP Address Spoofing in Apache HTTP Server Unauthenticated Execution of Potentially Malicious Code in Apache NetBeans Apache Batik 1.13 Server-Side Request Forgery Vulnerability Server-Side Request Forgery Vulnerability in Apache XmlGraphics Commons 2.4 and Earlier Authentication Bypass Vulnerability in Apache Shiro with Spring Dynamic Controllers Windows Feedback Hub Elevation of Privilege Vulnerability Camera Plugin Vulnerability Allows Unauthorized Access to Captured Photos in Cordova (Android) Applications XML External Entity (XXE) Injection Vulnerability Apache HTTP Server HTTP/2 Module Memory Pool Vulnerability Exploiting Server-Side Template Injection and Arbitrary File Disclosure in Camel Templating Components Dubbo Deserialization Remote Code Execution Vulnerability HTTP/2 Request Denial of Service Vulnerability in Apache Tomcat Inconsistent User Visibility in Apache Guacamole 1.2.0 and Earlier Vulnerability: JMX Re-bind Regression in Apache ActiveMQ Unsanitized File Processing Vulnerability in Rockwell Automation Software Remote Code Execution Vulnerability in Microsoft SharePoint Unvalidated Serialized Data Deserialization Vulnerability in Ignition Gateway File System Traversal and Code Execution Vulnerability in Rockwell Automation Software Multiple Stack-Based Buffer Overflow Vulnerabilities in Advantech WebAccess Node File System Traversal Vulnerability in Rockwell Automation Software Authentication Bypass Vulnerability in Ignition Gateway (Versions prior to 8.0.10 and 7.9.14) Denial-of-Service Vulnerability in FactoryTalk Linx and Related Software Multiple Relative Path Traversal Vulnerabilities in Advantech WebAccess Node Deserialization Vulnerability in Mitsubishi Electric MC Works64, MC Works32, and ICONICS GenBroker ClearText Communication Vulnerability in Baxter ExactaMix EM 2400 and EM1200 Systems Deserialization Vulnerability in Mitsubishi Electric MC Works64, MC Works32, and ICONICS GenBroker Windows Now Playing Session Manager Elevation of Privilege Vulnerability Multiple Relative Path Traversal Vulnerabilities in Advantech WebAccess Node Versions 8.4.4 and Prior, 9.0.0 Remote Code Execution and Denial-of-Service Vulnerability in Mitsubishi Electric MC Works64, MC Works32, ICONICS GenBroker64, GenBroker32 Hard-coded Administrative Account Credentials in Baxter ExactaMix EM 2400 & EM 1200 Remote SQL Injection Vulnerability in Mitsubishi Electric MC Works64, MC Works32, and ICONICS GenBroker SQL Injection Vulnerability in Advantech WebAccess Node Improper Deserialization Vulnerability in Mitsubishi Electric MC Works64, MC Works32, and ICONICS GenBroker Hard-coded administrative account credentials in Baxter ExactaMix EM 2400 & EM 1200 GE Grid Solutions Reason RT Clocks Firmware Vulnerability: Unauthenticated Command Execution and Configuration Modification Out-of-Bounds Vulnerability in Advantech WebAccess Node Stack-Based Buffer Overflow in WebAccess Node Version 8.4.4 and Prior: Remote Code Execution Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Vulnerability: Unrestricted Access to Operating System and Startup Script Alteration in Baxter ExactaMix EM 2400 and ExactaMix EM1200 Cross-Site Scripting (XSS) Vulnerability in OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and Earlier Versions Improper Validation Vulnerability in Advantech WebAccess Node Unencrypted User Credentials Logged in Philips IntelliBridge Enterprise Unrestricted USB Interface Access Vulnerability in Baxter ExactaMix EM 2400 and EM1200 XML External Entity (XXE) Vulnerability in Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 Multiple Relative Path Traversal Vulnerabilities in Advantech WebAccess Node Information Disclosure Vulnerability in FactoryTalk View SE Vulnerability: Unauthorized Data Interaction in FactoryTalk View SEA Remote Remote Code Execution (RCE) Vulnerability in FactoryTalk View SE Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Vulnerability: Disabling Internal Gateway Firewall via VLAN Configuration Arbitrary Code Execution Vulnerability in FactoryTalk View SE Unencrypted Database Storage of Sensitive Data in Baxter ExactaMix EM Systems Unauthenticated Remote Code Execution in Rockwell Automation FactoryTalk Services Platform Vulnerability: SQL Injection in EDS Subsystem Hard-coded Service Password Vulnerability in Baxter PrismaFlex and PrisMax Devices Lack of Data-in-Transit Encryption in Baxter PrismaFlex and PrisMax Devices Lack of Data-in-Transit Encryption in Baxter PrismaFlex and PrisMax Devices Memory Corruption Vulnerability in EDS Subsystem: Denial-of-Service Exploit Hardcoded Password Vulnerability in Baxter Sigma Spectrum Infusion Pumps Windows Mobile Device Management Diagnostics Junction Handling Elevation of Privilege Vulnerability Unauthenticated Clear-Text Communication Vulnerability in Sigma and Baxter Spectrum Infusion Systems Baxter Spectrum WBM Telnet Command-Line Interface Vulnerability Arbitrary File Write Vulnerability in Opto 22 SoftPAC Project Version 9.6 and Prior Persistent FTP Service Vulnerability in Baxter Spectrum WBM Hard-coded Credentials in Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) Telnet Service Firmware Signature Verification Bypass in Opto 22 SoftPAC Project Hard-coded Credentials Vulnerability in Baxter Spectrum WBM Lack of Data-in-Transit Encryption in Phoenix Hemodialysis Delivery System File Descriptor Leakage in DBusServer Spoofing Vulnerability in Microsoft SharePoint Server Allows Cross-Site Scripting Attacks Race Condition Vulnerability in SQLiteODBC 0.9996-4 Allows Root Privilege Escalation Sensitive Account Information Disclosure in CentralAuth Extension for MediaWiki Grafana Annotation Popup XSS Vulnerability Certificate-Based Authorization Bypass in Unisys Stealth Versions 3.4.x-5.x Reflected XSS Vulnerability in Catch Breadcrumb Plugin and Affected Themes Multiple XSS Vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 Ceph RGW Process Crash Vulnerability Windows SMBv3 Information Disclosure Vulnerability Insecure Communication in Nitrokey FIDO U2F Firmware Allows Secret Extraction and Firmware Manipulation Arbitrary File Overwrite Vulnerability in OpenSSH 8.2 SCP Client Homoglyph Spoofing Vulnerability in Postfix 2.10.1-7 Package Remote Code Execution Vulnerability in Teeworlds 0.7.x Server Password Change Vulnerability in Pilz PMC Programming Tool 3.x Privilege Escalation Vulnerability in CODESYS WebVisu and Remote TargetVisu Weak Hashing Algorithm Used for Storing Online Communication Passwords in CODESYS V3 Products Win32k Elevation of Privilege Vulnerability Sensitive Information Disclosure Vulnerability in Advanced Woo Search Plugin for WordPress XSS Vulnerability in Anchor 0.12.7 via Crafted Post Content Improper Access Control in Responsive-Add-Ons Plugin for WordPress CSV Import Vulnerability in Users-Customers-Import-Export-for-WP-WooCommerce Plugin Lack of Capability Checks in data-tables-generator-by-supsystic Plugin for WordPress Stored XSS vulnerability in data-tables-generator-by-supsystic plugin for WordPress Remote Code Execution Vulnerability in Mappress Google Maps for WordPress Plugin Shell Metacharacter Injection in Open-AudIT 3.3.1 via open-audit/configuration/ URI Prototype Pollution Attack in Beaker before 0.8.9 Allows Sandbox Escape and System Access Jet Database Engine Remote Code Execution Vulnerability FlexNet Publisher's lmadmin.exe 11.16.6 Denial of Service Vulnerability FlexNet Publisher lmadmin.exe 11.14.0.2 - Web Portal Information Disclosure Vulnerability Stored Cross-Site Scripting Vulnerability in Code Insight v7.x Releases Vulnerability in Spring MVC Calls Allows for Elevated Privileges in Code Insight v7.x Windows Network List Service Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Microsoft SharePoint Uncontrolled Recursion in Dovecot Allows Denial of Service via Crafted E-mail Message Address Manipulation Vulnerability in xt:Commerce 5.1 to 6.2.2 Path Traversal Vulnerability in Tiny File Manager 2.4.1 Allows Unauthorized File Enumeration Vulnerability in Tiny File Manager 2.4.1 Allows Unauthorized File Backup Copies Authenticated SQL Injection Vulnerability in wp-advanced-search Plugin 3.3.6 for WordPress via Import Feature OpenConnect X509_check_ Function Vulnerability Unauthenticated Remote Administrative Access Vulnerability in VPNCrypt M10 2.6.5 Command Injection Vulnerability in VPNCrypt M10 2.6.5 WiFi Module Web Portal Arbitrary Content Injection Vulnerability in GNU Mailman before 2.1.31 Title: Command Injection Vulnerability in TP-Link Devices (NC200, NC210, NC220, NC230, NC250, NC260, NC450) Memory Object Handling Vulnerability in Connected Devices Platform Service Hardcoded Encryption Key Vulnerability in TP-Link Devices Command Injection Vulnerability in TP-Link NC260 and NC450 Devices Local File Inclusion Vulnerability in BigBlueButton before 2.2.5 XSS Vulnerability in BigBlueButton Prior to 2.2.4 via Closed Captions Pivot_root Race Condition Denial of Service Vulnerability in Linux Kernel Arbitrary File Read Vulnerability in Zoho ManageEngine OpManager Sensitive Configuration Value Disclosure in Moxa NPort 5150A Firmware Vulnerability: Keygen Protocol Implementation in Binance tss-lib Allows Compromise and Information Disclosure Vulnerability in Ledger Live: Unconfirmed Transaction Balance Increase OLE Automation Memory Handling Vulnerability Correos Express Addon for PrestaShop: Remote Information Disclosure and Order Modification Vulnerability Denial of Service Vulnerability in Max Secure Max Spyware Detector 1.0.0.044 CSRF Vulnerabilities in WAVLINK WN530H4 M30H4.V5030.190403 Router's /cgi-bin/ Directory Allow Remote Access Remote Command-Line Injection Vulnerability in WAVLINK WN530H4 M30H4.V5030.190403 Remote Buffer Overflow Vulnerability in WAVLINK WN530H4 M30H4.V5030.190403 WAVLINK WN530H4 M30H4.V5030.190403 Multiple Authentication Bypass Vulnerabilities Information Disclosure Vulnerability in WAVLINK WN530H4 M30H4.V5030.190403 Router Directory Traversal Vulnerability in DONG JOO CHO File Transfer iFamily 2.1 XSS Vulnerability in AirDisk Pro App 5.5.3 for iOS VBScript Remote Code Execution Vulnerability XSS Vulnerability in AirDisk Pro App 5.5.3 for iOS XSS Vulnerability in AirDisk Pro App 5.5.3 for iOS via devicename Parameter Unauthenticated Stored XSS Vulnerability in Fifthplay S.A.M.I before 2019.3_HP2 Remote Code Execution Vulnerability in Apros Evolution, ConsciusMap, and Furukawa Provisioning Systems through 2.8.1 Access Control Bypass in Nanometrics Centaur and TitanSMA Syslog Log Integer Overflow in bson_ensure_space() Parameter bytesNeeded XSS Vulnerability in GNU Mailman 2.x before 2.1.30 Privilege Escalation via AMD ATI atillk64.sys Driver Routines VBScript Remote Code Execution Vulnerability Buffer Overflow Vulnerability in Contiki-NG BLE Stack Allows Arbitrary Code Execution via Malicious L2CAP Frames Out-of-Bounds Read Vulnerability in Contiki-NG SNMP Stack Vulnerability: Admin Access Allows Retrieval of IPSec Key Material for Decryption Unvalidated Certificate Vulnerability in Orchestrator-EdgeConnect TLS Connection Unvalidated Certificate Vulnerability in Silver Peak Cloud Portal Authentication Bypass Vulnerability in Silver Peak Unity Orchestrator Authenticated User File Access and Modification Vulnerability in Silver Peak Unity Orchestrator Unauthorized MySQL Query Vulnerability in Silver Peak Unity Orchestrator Command Injection Vulnerability in Silver Peak Unity ECOS Appliance Software Command Injection Vulnerability in Silver Peak Unity ECOS Appliance Software VBScript Remote Code Execution Vulnerability VBScript Remote Code Execution Vulnerability Windows Runtime Object Handling Vulnerability Microsoft Word Remote Code Execution Vulnerability Memory Corruption Vulnerability in Microsoft Browsers: Remote Code Execution IE Mode Spoofing Vulnerability in Microsoft Edge (Chromium-based) Microsoft Store Runtime Memory Handling Vulnerability Word for Android Remote Code Execution Vulnerability Microsoft Excel Memory Disclosure Vulnerability Privilege Escalation in Valve Source via /tmp/hl2_relaunch File Execution Denial of Service Vulnerability in OpenLDAP's slapd Vulnerability: DNSSEC Bypass in PowerDNS Recursor 4.1.0 - 4.3.0 Cross-Site Scripting (XSS) Vulnerability in Grafana before 6.7.3 OS Command Injection in Beeline Smart Box 2.0.38 Routers via Diagnostics Settings Out-of-Bounds Read and Information Disclosure Vulnerability in Foxit Reader and PhantomPDF Heap-based Buffer Overflow in Foxit Reader and PhantomPDF Microsoft Excel Remote Code Execution Vulnerability Directory Traversal Vulnerability in Gigamon GigaVUE 5.5.01.11 Arbitrary File Upload Vulnerability in Gigamon GigaVUE 5.5.01.11 Symlink Abuse Vulnerability in Avira Antivirus on Windows Remote Code Execution in rConfig 3.9.4 via Improper Validation in File Upload Functionality Reflected XSS vulnerability in rConfig 3.9.4 via devicemgmnt.php CSRF Vulnerability in rConfig 3.9.4 Allows Unauthorized User Actions Session Fixation Vulnerability in rConfig 3.9.4: Mishandling of Session Expiry and Randomization Reflected XSS Vulnerability in rConfig 3.9.4 Microsoft Excel Remote Code Execution Vulnerability XSS Vulnerability in Open-AudIT 3.3.0 After Login Cross-Site Scripting (XSS) Vulnerability in Intelbras TIP200, TIP200LITE, and TIP300 Devices Arbitrary File Write Vulnerability in decompress package for Node.js Unauthenticated Access to Externally Accessible Pages on Wavlink and Jetstream Devices Use-after-free vulnerability in Qt's setMarkdown function prior to version 5.14.2 Heap-Based Buffer Overflow in jbig2_image_compose in jbig2dec Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Insecure Alphanumeric IDs in React Native Bluetooth Scan: Exploiting COVID-19 Contact Tracing in Bluezone 1.0.0 Sophos XG Firewall SQL Injection Vulnerability OpenDMARC Vulnerability: Domain Spoofing via Incorrect Parsing and Interpretation of Authentication Results Cleartext Credential Exposure in TestLink 1.9.20's login.php Viewer Parameter Unrestricted goback_url Parameter in TestLink 1.9.20's cfieldsExport.php Privilege Escalation Vulnerability in GitLab 12.6-12.9: Unauthorized Creation of Personal Snippets via API Stored XSS Vulnerability in GitLab Admin Notification Feature Unauthenticated Repository Mirroring Vulnerability in GitLab 10.8 through 12.9 Remote Code Execution Vulnerability in libgit2 Remote Code Execution Vulnerability in libgit2 Windows DNS Denial of Service Vulnerability CSRF Vulnerability in iSmartgate PRO 1.5.9 Allows Unauthorized Garage Door/Gate Access CSRF Vulnerability in iSmartgate PRO 1.5.9 Allows Remote User Creation CSRF and Reflected XSS Vulnerability in iSmartgate PRO 1.5.9 Improper Validation in SafeRedirectURL Method in Sourcegraph before 3.15.1 Heap-based Buffer Overflow in FFmpeg's JPEG Marker SOS Handling Unscoped TaskView Permission in Octopus Deploy Privilege Escalation Vulnerability in Intel(R) Distribution of OpenVINO(TM) Toolkit Vulnerability: Denial of Service via Local Access in Intel Thunderbolt Controllers Authenticated User Denial of Service Vulnerability in Intel Thunderbolt Controllers Outlook Security Settings Bypass Vulnerability Intel Thunderbolt Controllers: Local Access Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) Thunderbolt(TM) Controllers Improper Conditions Check in Intel Thunderbolt Controllers: Local Access Denial of Service Vulnerability Denial of Service Vulnerability in Intel Thunderbolt Controllers Denial of Service Vulnerability in Intel(R) Thunderbolt(TM) Controllers Improper Input Validation in Intel Thunderbolt Controllers: Local Access Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) Thunderbolt(TM) Controllers Privilege Escalation Vulnerability in Intel(R) CSME Driver Installer Privilege Escalation Vulnerability in Intel(R) Server Board Firmware VBScript Remote Code Execution Vulnerability Uninitialized Pointer Vulnerability in Intel(R) Server Board Firmware: Potential Privilege Escalation via Local Access BIOS Firmware Vulnerability in Intel(R) Server Board Families S2600ST, S2600BP, and S2600WF: Local Privilege Escalation Privilege Escalation Vulnerability in Intel(R) Driver & Support Assistant Use After Free Vulnerability in Intel(R) CSME and Intel(R) TXE Subsystems Privilege Escalation Vulnerability in Intel(R) DAL SDK Installer Privilege Escalation Vulnerability in Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool Privilege Escalation Vulnerability in Intel(R) High Definition Audio Drivers Improper Access Control in Intel(R) Computing Improvement Program: Potential Information Disclosure via Network Access Vulnerability: Insufficiently Protected Credentials in Intel SSDs Windows Runtime Object Handling Elevation of Privilege Vulnerability Insufficient Control Flow Management in Intel SSD Firmware: Potential Information Disclosure via Physical Access Insufficient Control Flow Management in Intel SSD Firmware: Potential Information Disclosure via Physical Access Buffer Overflow Vulnerability in Intel(R) Stratix(R) 10 FPGA Firmware Insufficient Control Flow Management in Intel(R) PROSet/Wireless WiFi Products: Potential Privilege Escalation via Adjacent Access Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products Path Traversal Vulnerability in Intel(R) EMA (CVE-2021-XXXX) Intel(R) EMA Version 1.3.3 Vulnerability: Insufficient Credential Protection Buffer Overflow Vulnerability in Intel(R) PROSet/Wireless WiFi Products Vulnerability in Intel(R) PROSet/Wireless WiFi Products Allows Privilege Escalation via Local Access Denial of Service Vulnerability in Intel(R) PROSet/Wireless WiFi Products Media Foundation Information Disclosure Vulnerability Uncontrolled Search Path Vulnerability in Intel(R) SCS Add-on for Microsoft* SCCM Buffer Overflow Vulnerability in Intel(R) Wireless Bluetooth(R) Products Denial of Service Vulnerability in Intel(R) Wireless Bluetooth(R) Products Privilege Escalation Vulnerability in Intel(R) ADAS IE Vulnerability in Intel Thunderbolt DCH Drivers for Windows Allows Privilege Escalation Buffer Overflow Vulnerability in Intel Thunderbolt DCH Drivers for Windows Improper Initialization in Intel Thunderbolt DCH Drivers for Windows* Allows Local Information Disclosure Insecure Default Variable Initialization in Intel Thunderbolt DCH Drivers for Windows* Vulnerability: Information Disclosure in Intel Thunderbolt DCH Drivers Uncontrolled Search Path Vulnerability in Intel(R) VTune(TM) Profiler Windows Runtime Object Handling Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in Intel(R) Falcon 8+ UAS AscTec Thermal Viewer Installer Privilege Escalation Vulnerability in Intel Unite(R) Cloud Service Client Privilege Escalation Vulnerability in Intel(R) HID Event Filter Driver Installer Credential Vulnerability in Intel(R) QAT for Linux Privilege Escalation Vulnerability in Intel(R) Advisor Tools Installer Privilege Escalation Vulnerability in Intel(R) Processor Identification Utility Installer Default Variable Initialization Vulnerability in Intel(R) NUC Firmware Buffer Overflow Vulnerability in Intel(R) NUC Firmware Allows Privilege Escalation via Local Access Open WebRTC Toolkit: Insufficient Control Flow Management Vulnerability Privilege Escalation via Insufficient Control Flow Management in Intel(R) Collaboration Suite for WebRTC API Windows Error Reporting Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in Intel(R) Data Center Manager Console Installer Privilege Escalation Vulnerability in Intel(R) Battery Life Diagnostic Tool Installer Privilege Escalation Vulnerability in Intel(R) Data Center Manager Console Information Disclosure Vulnerability in Intel(R) Data Center Manager Console Windows Runtime Object Handling Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in Intel(R) XTU BlueZ Vulnerability: Unauthenticated Privilege Escalation via Improper Input Validation BlueZ Vulnerability: Unauthorized Information Disclosure via Adjacent Access Improper Permissions in Intel(R) Data Center Manager Console: Potential Denial of Service Vulnerability Privilege Escalation Vulnerability in Intel AMT SDK Versions Before 14.0.0.1 RPMB Protocol Message Authentication Subsystem Authentication Bypass Vulnerability Intel(R) AMT Subsystem Out-of-Bounds Read Vulnerability Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Local Access Intel(R) Processor Firmware Out of Bounds Write Vulnerability: Local Denial of Service Exploit Intel(R) Processors Firmware Vulnerability: Unauthorized Privilege Escalation via Physical Access Jet Database Engine Remote Code Execution Vulnerability Intel(R) Processors Firmware Out of Bounds Read Vulnerability Use After Free Vulnerability in Intel Graphics Drivers: Potential Denial of Service via Local Access Integer Overflow Vulnerability in Intel Graphics Drivers for Windows and Linux Denial of Service Vulnerability in Intel Graphics Drivers for Windows and Linux Null Pointer Dereference Vulnerability in Intel Graphics Drivers for Windows and Linux Untrusted Pointer Dereference Vulnerability in Intel Graphics Drivers Privilege Escalation Vulnerability in Intel Graphics Drivers Privilege Escalation via Integer Overflow in Intel Graphics Drivers Integer Overflow Vulnerability in Intel Graphics Drivers: Potential Privilege Escalation via Local Access Escalation of Privilege Vulnerability in Intel Graphics Drivers Windows Kernel Object Memory Handling Elevation of Privilege Vulnerability Untrusted Pointer Dereference Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel(R) Graphics Drivers: Divide by Zero Exploit Denial of Service Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel Graphics Drivers BMC Firmware Buffer Overflow Vulnerability BMC Firmware Heap Overflow Vulnerability Hard-coded Key Vulnerability in Intel Server Boards, Systems, and Compute Modules BMC Firmware Vulnerability: Local Privilege Escalation in Intel Server Boards Windows Media Foundation Memory Corruption Vulnerability BMC Firmware Out of Bounds Read Vulnerability Intel Graphics Drivers Vulnerability: Local Access Privilege Escalation Privilege Escalation Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel Graphics Drivers Race Condition in Web Worker Shutdown Code: Use-After-Free Vulnerability in Firefox and Thunderbird Windows Sandbox Escape Vulnerability in Firefox ESR < 68.8 and Firefox < 76 Windows Sandbox Escape Vulnerability in Firefox ESR < 68.8 and Firefox < 76 Windows Media Foundation Memory Corruption Vulnerability IPv6 Address Origin Serialization Vulnerability in Firefox < 76 Insecure Inheritance of Content Security Policy (CSP) in Firefox < 76 Command Injection Vulnerability in Devtools' 'Copy as cURL' Feature Command Injection Vulnerability in Firefox's 'Copy as cURL' Feature Location Bar Spoofing Vulnerability in Firefox < 76 Memory Corruption Vulnerabilities in Firefox 75 and Firefox ESR 68.7 Memory Corruption Vulnerability in Firefox 75 Email Spoofing Vulnerability in Thunderbird < 68.8.0 Allows Sender Address Spoofing STARTTLS Bypass Vulnerability in Thunderbird < 68.9.0 Timing-based Side Channel Attack in NSS Library Memory Object Handling Vulnerability in Microsoft Excel Allows Remote Code Execution Timing-based Side Channel Attack in Coordinate Conversion of Firefox < 80 and Firefox for Android < 80 ECDSA Signature Generation Vulnerability in Firefox < 80 and Firefox for Android < 80 Electromagnetic Side Channel Attack on RSA Key Generation in Firefox < 78 Vulnerability: Out-of-Bounds Read in CHACHA20-POLY1305 Implementation in NSS Token Leakage Vulnerability in Firefox for iOS < 26 Race Condition in SharedWorkerService: Exploitable Crash Vulnerability in Thunderbird and Firefox Unboxed Objects Removal Vulnerability in Thunderbird and Firefox Arbitrary GPU Memory Leak in Firefox WebRender (CVE-2020-12345) Address Bar Spoofing Vulnerability in Firefox < 77 URL Blank Character Rendering Vulnerability in Firefox < 77 Windows Kernel Security Feature Bypass Vulnerability Memory Corruption Vulnerabilities in Firefox 76 and Firefox ESR 68.8 Memory Corruption Vulnerabilities in Firefox 76: Potential Arbitrary Code Execution Address Bar Spoofing Vulnerability in Firefox < 70 The Raccoon Attack: Timing Vulnerability in DHE Ciphersuites Unintended Persistence of IndexedDB in Firefox for iOS < 27 AppCache Confusion: Subdirectory Manifest Vulnerability in Firefox < 78 Use-after-free vulnerability in VideoStreamEncoder in Firefox < 78 ValueTags Confusion Vulnerability in Firefox on ARM64 Platforms URL Object Out-of-Bounds Read Vulnerability Use-after-free vulnerability in window flushing callback processing Cross-Origin Information Disclosure Vulnerability in Microsoft Edge Race Condition Vulnerability in STUN Server Connection Certificate Chain Rejection Vulnerability in Firefox and Thunderbird JavaScript-Generated JPEG Image Triggers Memory Corruption in Firefox < 78 Arbitrary Code Execution via Malicious webauthn.dll in Firefox on Windows WebRTC Permission Prompt Bypass in Firefox < 78 Hyphen Character Processing Vulnerability in Date.parse() in Firefox < 78 Memory Corruption Vulnerability in Firefox 77 CSRF Vulnerability in Western Digital WD Discovery Application Allows Data Theft and Disk Manipulation Multiple SQL Injections in Online Course Registration 2.0: Database Compromise and Authentication Bypass Vulnerabilities Denial of Service Vulnerability in Microsoft Hyper-V Memory Leak in virDomainListGetStats API in libvirt Windows Privilege Escalation Vulnerability in Splashtop Software Updater Vulnerability: XSS Account Credential Theft via WOPI API Integration XSS Vulnerability in PHP-Fusion 9.03.50 Allows JavaScript Execution via HTML Event Handlers Data Availability Vulnerability in Grin before 3.1.0 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Buffer Overflow Vulnerability in Ivanti Service Manager HEAT Remote Control 7.4 Vulnerability in Ivanti Avalanche 6.3: SQL Injection Exploit (Bug 683250) Arbitrary File Read Vulnerability in BigBlueButton before 2.2.6 Privilege Escalation Vulnerability in G.SKILL Trident Z Lighting Control Onkyo TX-NR585 LFI Vulnerability: Unauthorized Access to Sensitive Files Unauthorized Access to Sensitive Information via NuGet in GitLab EE 12.8 and later Windows Elevation of Privilege Vulnerability Mitel MiVoice Connect Client Remote Code Execution Vulnerability Denial of Service Vulnerability in wolfSSL TLS 1.3 ChangeCipherSpec Message Processing Grafana Information Disclosure Vulnerability World Readable Configuration Files in Red Hat Grafana Packages Windows Kernel Object Handling Elevation of Privilege Vulnerability Heap Overflow Vulnerability in OpenDMARC XML Parsing SQL Injection in PHP-Fusion 9.03.50 via Insufficient Protection Mechanism in maincore.php CSRF with Resultant XSS in Ninja Forms Plugin for WordPress Avira Software Updater 2.0.6.27476 Local Privilege Escalation Vulnerability Use-after-free vulnerability in usb_sg_cancel in Linux Kernel Array Overflow Vulnerability in mt76_add_fragment in Linux Kernel Session Fixation Vulnerability in Subrion CMS 4.2.1 CSV Injection Vulnerability in Subrion CMS 4.2.1 PHP Object Injection and File Deletion Vulnerability in Subrion CMS 4.2.1 Win32k Elevation of Privilege Vulnerability Arbitrary Code Execution via ASPX Template Modification in MonoX Remote Code Execution Vulnerability in MonoX through 5.1.40.5152 via HTML5Upload.ashx and PhotoGallery.aspx Stored XSS Vulnerabilities in MonoX through 5.1.40.5152 Arbitrary Program Execution Vulnerability in MonoX 5.1.40.5152 IDN Homograph Attack: Exploiting Punycode in Telegram URLs Directory Traversal Vulnerability in TP-Link Omada Controller Software 3.2.6 Bypassing IP Address Whitelist Restrictions in TeamPass 2.1.27.36 REST API Unauthenticated File Retrieval Vulnerability in TeamPass 2.1.27.36 TeamPass 2.1.27.36 PHP File Include Vulnerability via Directory Traversal GDI+ Remote Code Execution Vulnerability CSRF Filter Bypass via CORS Simple Requests with Unparseable Content Types Remote Code Execution Vulnerability in Appstore 8.12.0.0 Parameter Length Validation Vulnerability in Frame Touch Module Unauthorized Access to Sensitive Information in jovi Smart Scene Module Windows Runtime Elevation of Privilege Vulnerability Root Access Vulnerability in SWARCOs CPU LS4000 Series: Exploiting Debugging Port for Unauthorized Device Access Memory Disclosure Vulnerability in Beckhoff's TwinCAT RT Network Driver Improper Privilege Management in Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) Firmware V2.0.0 and Earlier Access Control Vulnerability in Endress+Hauser Ecograph T and Memograph M with Firmware V2.0.0 and Above Stack-based Overflow in PLCopen XML File Parsing in Phoenix Contact PC Worx and PC Worx Express v1.87 and Earlier Out-of-Bounds Read Remote Code Execution in Phoenix Contact PC Worx and PC Worx Express Improper Path Sanitation Vulnerability in PHOENIX CONTACT PLCnext Engineer Version 2020.3.1 and Earlier Win32k Information Disclosure Vulnerability Unauthenticated Device Administration Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx Series Undocumented Account Access Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx Devices Unauthenticated Device Administration Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx and ICRL-M Series Multiple Authenticated Command Injection Vulnerabilities in Pepperl+Fuchs P+F Comtrol RocketLinx Devices Active TFTP-Service Vulnerability in Pepperl+Fuchs P+F Comtrol RocketLinx and ICRL-M Devices Authentication Bypass Vulnerability in WAGO 750-8XX Series Firmware <= FW07 Authentication Bypass Vulnerability in WAGO 750-8XX Series with FW Version <= FW03 SQL Injection Vulnerability in s::can moni::tools (<= 4.2) Allows Database Access and Potential Data Loss Path Traversal Vulnerability in s::can moni::tools Image-Relocator Module Path Traversal Vulnerability in s::can moni::tools (Versions below 4.2) Allows Unauthorized Access to Device Files Win32k Elevation of Privilege Vulnerability Insecure Default Installation Path and Execution Vulnerability in TwinCAT XAR 3.1 Software CSRF Vulnerability in Pepperl+Fuchs Comtrol IO-Link Master Version 1.5.48 and Below Authenticated Reflected POST Cross-Site Scripting Vulnerability in Pepperl+Fuchs Comtrol IO-Link Master Version 1.5.48 and Below Authenticated Blind OS Command Injection in Pepperl+Fuchs Comtrol IO-Link Master (Version 1.5.48 and below) NULL Pointer Dereference Vulnerability in Pepperl+Fuchs Comtrol IO-Link Master Version 1.5.48 and Below Denial of Service Vulnerability in WAGO PLC Family 750-88x and 750-352 Firmware Versions FW1-FW10 Local Privilege Escalation Vulnerability in Phoenix Contact PLCnext Control Devices Information Disclosure Vulnerability in Phoenix Contact PLCnext Control Devices Root Privilege Escalation Vulnerability in Phoenix Contact PLCnext Control Devices Remote Code Execution Vulnerability in Windows Vulnerability: Denial of Service and System Reboot via Crafted LLDP Packet on Phoenix Contact PLCnext Control Devices Remote Code Execution Vulnerability in WAGO Series PFC and Touch Panel Devices Vulnerability: Missing Initialization of Resource in Phoenix Contact mGuard Devices Uncontrolled Resource Consumption Vulnerability in Phoenix Contact HMIs BTP 2043W, BTP 2070W, and BTP 2102W Deserialization Vulnerability in M&M Software fdtCONTAINER Component Denial of Service Vulnerability in TwinCAT and IPC Diagnostics OPC UA Servers Improper Access Validation Allows Unauthorized Shutdown and Reboot in MB connect line mymbCONNECT24, mbCONNECT24, and Helmholz myREX24 and myREX24.virtual Improper Access Validation Allows Unauthorized Session Termination SSRF Vulnerability in MB connect line mymbCONNECT24 and mbCONNECT24 Software Win32k Elevation of Privilege Vulnerability XSS Vulnerability in MB connect line mymbCONNECT24 and mbCONNECT24 Software Windows Modules Installer Service Elevation of Privilege Vulnerability Windows Background Intelligent Transfer Service (BITS) IIS Module Content Handling Elevation of Privilege Vulnerability Windows GDI Information Disclosure Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability DirectX Memory Object Handling Vulnerability Hash Logging Vulnerability in Windows Host Guardian Service Information Disclosure Vulnerability in Symantec Endpoint Detection & Response (prior to 4.5) Privilege Escalation Vulnerability in SMG Appliance (Versions prior to 10.7.4) Information Disclosure Vulnerability in SMG Web UI Allows Unauthorized Access to Remote SCP Backup Server Password VBScript Remote Code Execution Vulnerability Excessive Memory Consumption in Envoy Proxy for HTTP/2 Requests and Responses with Small Data Frames HTTP/2 Memory Exhaustion Vulnerability in Envoy Memory Consumption Vulnerability in Envoy HTTP/1.1 Header Processing Arbitrary SQL Command Execution in DB Soft SGLAC Web Frontend Vulnerability: Mishandling of Point at Infinity in ECDSA Implementation Insecure File Permissions in SolarWinds MSP PME Cache Service Leading to Code Execution Windows Error Reporting (WER) Object Handling Information Disclosure Vulnerability Privilege Escalation via Environment Variable Manipulation Privilege Escalation via User Retention in BeyondTrust Privilege Management for Windows Elevation of Privileges Vulnerability in BeyondTrust Privilege Management for Windows Privilege Escalation Vulnerability in BeyondTrust Privilege Management for Windows Automatic S/MIME Certificate Replacement Vulnerability in eM Client S/MIME Certificate Replacement Vulnerability in MailMate Windows Kernel Object Handling Elevation of Privilege Vulnerability Command Injection Vulnerability in Pi-hole 4.4 Allows Privilege Escalation via /etc/pihole/dns-servers.conf Physical Proximity Exploit in Teamwire Application 5.3.0 for Android: Pass-code Component Vulnerability Session Hijacking Vulnerability in League Application on Android Cross-Site Scripting (XSS) Vulnerability in Roundcube Webmail before 1.4.4 CSRF Vulnerability in Roundcube Webmail: Unauthorized Logout via POST Ignorance Authentication Bypass Vulnerability in Calibre-Web 0.6.6 Cross-Site Scripting (XSS) Vulnerability in osTicket before 1.14.2 via SLA Name Windows Error Reporting Memory Object Handling Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in WebForms Pro M2 Extension for Magento 2 Missing SSL Certificate Validation in Zulip Desktop before 5.2.0 Vulnerability: Encryption Bypass via Forged Beacon Frames XSS Vulnerability in phpList before 3.5.3 Allows Privilege Elevation via lists/admin/template.php Windows Kernel Object Handling Elevation of Privilege Vulnerability Local File Inclusion and Code Execution in Roundcube Webmail Plugin API Arbitrary Code Execution in Roundcube Webmail via Configuration Setting Vulnerability XXE and SSRF Vulnerability in Report Portal via JUnit XML Launch Import Incorrect Access Control in OX App Suite 7.10.3 and earlier via /api/subscriptions request SSRF Vulnerability in OX App Suite 7.10.3 and Earlier Improper Input Validation and Memory Consumption Vulnerabilities in OX App Suite 7.10.1 to 7.10.3 Cross-Site Scripting (XSS) Vulnerability in OX App Suite 7.10.3 and Earlier Unisys ALGOL Compiler Multiple Versions Code Emission Vulnerability Arbitrary Web Script Injection Vulnerability in TinyMCE 5.2.1 and Earlier Directory Traversal Vulnerability in Gurbalib through 2020-04-30: Unauthorized Access to Administrative Paths Windows Runtime Object Handling Elevation of Privilege Vulnerability Integer Overflow and Buffer Overflow in SecureCRT: Remote Code Execution Vulnerability Race condition vulnerability in __mptctl_ioctl function in Linux kernel before 5.4.14 (CID-28d76df18f0a) Buffer Overflow Vulnerability in Linux Kernel's mwifiex_cmd_append_vsie_tlv() Function Heap-based Buffer Overflow in mwifiex_ret_wmm_get_status() in Linux Kernel (CVE-2020-12345) Excessive Duration Sync Vulnerability in XFS v5 Image Handling Memory Leak in gss_mech_free Function in Linux Kernel Use-after-free vulnerability in Linux kernel's bfq-iosched.c gssproxy before 0.8.3 Denial of Service Vulnerability Out-of-Bounds Write Vulnerability in xdp_umem_reg Windows Kernel Object Handling Elevation of Privilege Vulnerability NXNSAttack: Unbound DNS Server Vulnerability Allows Insufficient Control of Network Message Volume Infinite Loop Vulnerability in Unbound DNS Server (CVE-2020-12662) Open Redirect Vulnerability in Macaron before 1.3.7 NXNSAttack: Traffic Amplification Vulnerability in Knot Resolver Arbitrary File Disclosure Vulnerability in Jinjava before 2.5.4 Bypassing Access Restrictions in Dolibarr Core/get_menudiv.php LSASS Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Webmin 1.941 and Earlier: Unsanitized SCRIPT Elements in Read User Email Module Heap-Based Buffer Overflow in GraphicsMagick's ReadMNGImage Function Dovecot NTLM Request Out-of-Bounds Read Vulnerability Zero-Length RPA Request Vulnerability in Dovecot Incomplete Fix for Remote Code Execution Vulnerability in Mappress Google Maps for WordPress Plugin FusionAuth SAMLv2 Signature Exclusion Vulnerability Unsanitized Input Vulnerability in Progress MOVEit Automation Web Admin Mitel ShoreTel Conference Web Application 19.50.1000.0 XSS Vulnerability Memory Object Handling Vulnerability in Windows Service Local Credential Discovery in Avira Free Antivirus TLS Certificate Validation Bypass Vulnerability in 3xLogic Infinias eIDC32 Devices Multiple Stored XSS Vulnerabilities in Katyshop2 before 2.12 XXE Injection Vulnerability in i-net Clear Reports 2019 19.0.287 (Designer) Cross-Site Scripting (XSS) Vulnerability in Interchange Admin Help System Unauthenticated User Can Access All Attachments in Serpico OpenStack Keystone Vulnerability: Privilege Escalation via EC2 Credential Creation Windows Kernel Object Handling Elevation of Privilege Vulnerability OAuth1 Access Token Role Assignment Bypass Vulnerability OpenStack Keystone Vulnerability: Unauthorized EC2 Credential Manipulation OpenStack Keystone EC2 API Authorization Header Sniffing Vulnerability Authentication Bypass via Race Condition in Slurm CallStranger: Vulnerability in UPnP Specification Allows Cross-Network Segment Subscription Requests Unsanitized URL Vulnerability in WordPress iframe Plugin Denial of Service Vulnerability in TYPO3 Direct Mail Extension Broken Access Control in TYPO3 Direct Mail Extension Open Redirect Vulnerability in TYPO3 Direct Mail Extension WLAN Service Elevation of Privilege Vulnerability in Windows Information Disclosure Vulnerability in TYPO3 Direct Mail Extension Quick Pairing Mode Vulnerability in eWeLink Mobile App: Eavesdropping on Wi-Fi Credentials and Sensitive Information XSS Vulnerability in UliCMS PackageController Uninstall (pre-2020.2) Stored XSS Vulnerability in UliCMS before 2020.2 LeptonCMS 4.6.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities Multiple Cross-site Scripting Vulnerabilities in PHP-Fusion 9.03.50 XSS Vulnerability in LeptonCMS 4.5.0 Allows Execution of JavaScript via HTML Event Handlers Cross-Site Scripting Vulnerabilities in PHP-Fusion 9.03.50 Windows Backup Service Elevation of Privilege Vulnerability Insecure User/Password Encryption Vulnerability in JOE Component of SOS JobScheduler Privilege Escalation Vulnerability in CipherMail Gateways and Webmail Messenger Insufficient Size Diffie-Hellman Parameter Vulnerability in CipherMail Products RainbowFish PacsOne Server 6.8.4 Incorrect Access Control Vulnerability Bluetooth Advertisement Crash Vulnerability in COVID-19 Contact Tracing Apps Stored XSS Vulnerability in PHP-Fusion 9.03.50's Preview Comment Feature XML External Entity (XXE) Vulnerability in WSO2 Products Windows Installer Insecure Library Loading Elevation of Privilege Vulnerability Incorrect Access Control in vBulletin Versions 5.5.6pl1, 5.6.0pl1, and 5.6.1pl1 Buffer Overflow in regcomp.c Allows Remote Code Execution in Perl Authenticated Server-Side Request Forgery (SSRF) Vulnerability in Redash Open-Source 8.0.0 and Prior Critical Vulnerability: Unrestricted Access to Device Descriptors in MagicMotion Flamingo 2 Windows Kernel Object Handling Elevation of Privilege Vulnerability Unencrypted BLE in MagicMotion Flamingo 2 allows data sniffing and packet forgery Insecure Data Storage Vulnerability in MagicMotion Flamingo 2 Android App Default SSID and Password Vulnerability in DEPSTECH WiFi Digital Microscope 3 Vulnerability: Unauthenticated TELNET Access to DEPSTECH WiFi Digital Microscope 3 Remote Code Execution Vulnerability in DEPSTECH WiFi Digital Microscope 3 Insufficient Entropy in Password Reset Requests in DomainMOD 4.13.0 Allows Account Takeover Remote Code Execution via Email Subject Line Injection Path Traversal Vulnerability in Maxum Rumpus before 8.2.12 on macOS Denial-of-Service Vulnerability in Fanuc i Series CNC: Remote Attackers Can Render CNC Inaccessible Windows Kernel Object Handling Elevation of Privilege Vulnerability Heap-Based Buffer Over-read in Tcprewrite's get_ipv6_next() Function Insecure URL Sanitization in iubenda-cookie-law-solution Plugin for WordPress Unauthenticated Arbitrary PHP File Inclusion in Gazie 7.32 Privilege Escalation Vulnerability in Verint Desktop Resources 15.2 MSI Installer Clipboard Content Access Vulnerability on Samsung Mobile Devices with Q(10.0) Software Heap-based Buffer Overflow Vulnerability in Samsung Mobile Devices with Exynos Chipsets Heap-based Buffer Overflow in Samsung Mobile Devices with Q(10.0) Software Vulnerability: SIM Card Bypass on Samsung Mobile Devices with Q(10.0) Software (SVE-2020-16594) Buffer Overflow Vulnerability in Samsung Mobile Devices with P(9.0) (Exynos Chipsets) Software Windows Kernel Object Handling Elevation of Privilege Vulnerability SPEN Bypass Vulnerability in Samsung Q(10.0) Software Quram Image Codec Library Vulnerability: Memory Overwrite and Arbitrary Code Execution on Samsung Mobile Devices (SVE-2020-16943) Gatekeeper Trustlet Brute-Force Vulnerability on Samsung Mobile Devices LG Mobile Devices Bootloader Arbitrary Code Execution Vulnerability LG Mobile Devices Input Control Vulnerability Unintended KWallet Password Storage Vulnerability in KDE kio-extras GCP Secrets Engine Credential Generation Time-to-Live Lease Duration Misconfiguration Vulnerability Crash Vulnerability in HashiCorp Consul and Consul Enterprise with Abnormally-Formed Service-Router Entry Reflected XSS Vulnerability in Zulip Server via Dropbox Webhook Windows Kernel Object Handling Elevation of Privilege Vulnerability Arbitrary Deserialization Vulnerability in OpenNMS Horizon and Meridian Integer Overflow Vulnerability in imlib2 1.6.0's loader_ico.c Integer Overflow and Out-of-Bounds Write Vulnerability in json-c through 0.14 Unauthenticated Stack-Based Buffer Overflow in TRENDnet ProView Wireless Camera TV-IP512WN 1.0R 1.0.4 Directory Traversal Vulnerability in Gnuteca 3.8 Directory Traversal Vulnerability in Solis Miolo 2.0 SQL Injection Vulnerability in Gnuteca 3.8 via exemplaryStatusId Parameter Divide-by-Zero Error in exif_entry_get_value in libexif 0.6.21 Memory Leak in svm_cpu_uninit in Linux Kernel Linux Kernel Panic Vulnerability in drivers/spi/spi-dw.c (CID-19b61392c5a8) Windows Installer Filesystem Operations Privilege Escalation Vulnerability Missing sg_remove_request call in sg_write function Deadlock Vulnerability in Linux Kernel's btree_gc_coalesce Function Remote Code Execution via Image Tag in Ignite Realtime Spark 2.8.3 Remote Command Execution Vulnerability in Realtek ADSL/PON Modem SoC Firmware Arbitrary Command Injection Vulnerability in D-Link DSL-7740C Command Injection Vulnerability in Hicos Citizen Certificate Client-Side Component Broken Access Control Vulnerability in Openfind Mail2000 Broken Access Control Vulnerability in Combodo iTop Allows Unauthorized Command Injection and System Information Disclosure Unvalidated Input Parameters in Combodo iTop Allow for Command Injection and XSS Attacks Stored Cross-site Scripting Vulnerability in Combodo iTop Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Combodo iTop Security Misconfiguration Vulnerability CSRF Vulnerability in Combodo iTop Allows Command Execution via Malicious Site Request Forgery Command Injection Vulnerability in Openfind MailGates Allows Unauthorized Access to System Files Exim 4.93 Out-of-Bounds Read Vulnerability in SPA Authenticator Remote Bandwidth Suspension Vulnerability in cPanel (SEC-505) Account Backup Directory Disclosure Vulnerability Vulnerability: Bypassing Applet Handling Security Mechanisms in Microchip Atmel ATSAMA5 Products Timing and Power Analysis Vulnerability in Microchip Atmel ATSAMA5 CMAC Verification Functionality Hardcoded Key Vulnerability in Microchip Atmel ATSAMA5 Secure Monitor Spotlight Image Loading Vulnerability in Windows Lockscreen Server-Side Template Injection and Credentials Disclosure in SEOmatic Plugin for Craft CMS Legacy ACL Token Rule Propagation Failure in HashiCorp Consul and Consul Enterprise Cellebrite UFED 5.0 to 7.5.0.845 Vulnerability: Command Prompt Access via Wireless Network Connection Screen Windows Bluetooth Service Elevation of Privilege Vulnerability Unrestricted File Upload and Remote Code Execution in Contact Form 7 Plugin Vulnerability: Unintentional Unencryption of Recovered Documents in LibreOffice Remote Graphic Links Omission Vulnerability in LibreOffice Vulnerability: Arbitrary File Overwrite via Form Submission in LibreOffice Windows OLE Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in FortiManager and FortiAnalyzer Case Insensitive Authentication Bypass in FortiOS SSL VPN Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiAnalyzer Versions 6.0.6 and below, 6.4.4 HTML Injection Vulnerability in FortiTester before 3.9.0 Stored Cross-Site Scripting (XSS) Vulnerability in FortiNAC before 8.7.2 HTML Injection Vulnerability in FortiAnalyzer Storage Connectors Insufficient Logging Vulnerability in FortiGate: Unauthenticated Traffic to Fortinet IP Addresses Goes Unnoticed Windows Runtime Object Handling Elevation of Privilege Vulnerability Vulnerability: Gossipsub 1.0 Susceptible to Eclipse and Sybil Attacks Buffer Overflow Vulnerability in OpenConnect 8.09 RTP Software Abort Vulnerability in Pexip Infinity 23.x before 23.3 Excessive Recursion Vulnerability in libcroco through 0.6.13 Signal Access-Control Issue in Linux Kernel: Integer Overflow Exploitation (CID-7395ea4e65c2) Path Traversal Vulnerability in MJML Prior to 4.6.3 Privilege Escalation via AnchorFree VPN SDK Integer Overflow in SM501 Display Driver Implementation Memory Object Handling Vulnerability in Windows: A Denial of Service Risk Critical Stack Buffer Overflow Vulnerabilities in Western Digital My Cloud Devices World-readable default permissions in FRRouting split-config feature leading to potential information leak Arbitrary File Deletion Vulnerability in WordPress Plugin Simple File List Remote Code Execution in eQ-3 Homematic Central Control Unit (CCU)2 and CCU3 through JSON API Method ReGa.runScript Remote Code Execution via Unsafe Java RMI Configuration in SmartBear ReadyAPI SoapUI Pro 3.2.5 Vulnerability: Malicious File Uploads via Garage Door Image Upload in iSmartGate PRO 1.5.9 Privilege Escalation Vulnerability in iSmartGate PRO 1.5.9 via /cron/mailAdmin.php Privilege Escalation Vulnerability in ismartgate PRO 1.5.9 via /cron/checkExpirationDate.php Windows SMBv3 Denial of Service Vulnerability CSRF Vulnerability in iSmartGate PRO 1.5.9 Allows Remote Sound File Upload CSRF Vulnerability in iSmartGate PRO 1.5.9 Allows Remote Image Upload Privilege Escalation Vulnerability in ismartgate PRO 1.5.9 via /cron/checkUserExpirationDate.php Vulnerability: Malicious File Uploads via Garage Door Sound Upload Form in iSmartGate PRO 1.5.9 Cherokee Server Denial of Service Vulnerability Remote Code Execution via Avatar File Upload in Zimbra Webmail Subsystem Arbitrary Binary Execution in Pydio Cells 2.0.4 Hidden User Account Creation and Unauthorized Access Vulnerability in Pydio Cells 2.0.4 Unauthenticated Profile Image Access Vulnerability in Pydio Cells 2.0.4 Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability Privilege Escalation Vulnerability in Pydio Cells Enterprise OVF 2.0.3 Arbitrary File Write Vulnerability in Pydio Cells 2.0.4 Arbitrary Code Execution via Pydio Cells Update Feature Cross-Site Scripting (XSS) Vulnerability in Pydio Cells 2.0.4 Remote Code Execution Vulnerability in SecZetta NEProfile 3.3.11 via Crafted JPEG File Upload Host Header Injection Vulnerability in SecZetta NEProfile 3.3.11 Bluetooth-based Re-Identification Vulnerability in COVID-19 Contact Tracing Apps Remote Re-identification Vulnerability in COVIDSafe v1.0.15 and v1.0.16 Re-identification of Android Devices in COVIDSafe through Unreinitialized Random Data in Advertising Payload Device Model Identification Vulnerability in OpenTrace/BlueTrace Protocol in COVIDSafe v1.0.17 Windows Shell Remote Code Execution Vulnerability Remote Device Re-identification and Owner Identification Vulnerability in COVIDSafe v1.0.17 Heap Buffer Overflow in SANE Backends: GHSL-2020-080 SANE Backends Out-of-Bounds Read Vulnerability (GHSL-2020-082) SANE Backends Out-of-Bounds Read Vulnerability (GHSL-2020-083) SANE Backends Out-of-Bounds Read Vulnerability (GHSL-2020-081) Heap Buffer Overflow in SANE Backends: Remote Code Execution Vulnerability NULL Pointer Dereference Vulnerability in SANE Backends 1.0.30 and Earlier NULL Pointer Dereference Vulnerability in SANE Backends (GHSL-2020-075) XSS Vulnerability in RainbowFish PacsOne Server 6.8.4 Windows WalletService Elevation of Privilege Vulnerability SQL Injection Vulnerability in RainbowFish PacsOne Server 6.8.4 Signup Page Obsolete TLS Ciphers in Yaws: Sweet32 Vulnerability Arbitrary Code Execution Vulnerability in Alfresco ECM Authentication Bypass Vulnerability in Veritas APTARE versions prior to 10.4 Inadequate Authorization Checks in Veritas APTARE Versions Prior to 10.4 Unintended File Access Vulnerability in Veritas APTARE Versions Prior to 10.4 (Windows Server Only) Unauthenticated Access to Sensitive Information in Veritas APTARE Versions Prior to 10.4 Privilege Escalation via Symlink Attack in Digi ConnectPort X2e Root Shell Access Vulnerability in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance XSS Vulnerability in Submitty 20.04.01 via SVG Document Upload Buffer Over-read Vulnerability in Arm Mbed OS 5.15.3 CoAP Library Buffer Over-read Vulnerability in Arm Mbed OS 5.15.3 CoAP Library Infinite Loop Vulnerability in Arm Mbed OS 5.15.3 CoAP Library Buffer Over-read Vulnerability in Arm Mbed OS 5.15.3 CoAP Library Memory Leak Vulnerability in Arm Mbed OS 5.15.3 CoAP Library VFIO PCI Driver in Linux Kernel: Disabled Memory Space Access Vulnerability MISP MISP-maltego 1.4.4 Remote-Transform Vulnerability Microsoft SharePoint Server Spoofing Vulnerability SMM Pointer Manipulation Vulnerability in AGESA DLL Hijacking Vulnerability in AMD Radeon Software Untrusted Search Path Vulnerability in AMD Radeon Settings Installer Critical Stack Buffer Overflow Vulnerability in AMD Graphics Driver for Windows 10 in Escape 0x15002a Escape 0x40010d: Arbitrary Write Vulnerability in AMD Graphics Driver for Windows 10 AMD Graphics Driver for Windows 10 Escape 0x110037 Vulnerability: Pool/Heap Overflow Kernel Pool Address Disclosure Vulnerability in AMD Graphics Driver for Windows 10: Potential KASLR Bypass Critical Stack Buffer Overflow Vulnerability in AMD Graphics Driver for Windows 10 Critical Vulnerability in AMD Graphics Driver for Windows 10: KASLR Bypass and Denial of Service Risk Kernel Information Disclosure Vulnerability in Win32k Component Escalation of Privileges and Denial of Service Vulnerability in AMD Radeon Graphics Driver for Windows 10 KASLR Bypass and Information Disclosure Vulnerability in AMD Graphics Driver for Windows 10 Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 Escalation of Privilege and Denial of Service Vulnerability in AMD Graphics Driver for Windows 10 AMD Graphics Driver Out of Bounds Read Vulnerability in Windows 10 Escape 0x3004203 AMD Graphics Driver Out of Bounds Read Vulnerability in Windows 10 Escape 0x3004403 Windows Network Connections Service Elevation of Privilege Vulnerability Denial of Service Vulnerability in AMD ATIKMDAG.SYS (Version 26.20.15029.27017) Privilege Escalation Vulnerability in AMD RAPL Interface for Linux hwmon Service OpenSSH for Windows Configuration Access Vulnerability Vulnerability in AMD Display Driver Escape 0x130007 Call Handler Allows for Denial of Service Attack Vulnerability: TPM Reference Software Failure to Track Failed Shutdowns Privilege Escalation Vulnerability in AMD VBIOS Flash Tool SDK Privilege Escalation Vulnerability in AMD Ryzen Master V15 AMD Graphics Driver Local Privilege Escalation Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in AMD Secure Processor (ASP) Drivers Privilege Escalation Vulnerability in AMD Secure Processor (ASP) Kernel Denial of Service Vulnerability in AMD ATIKMDAG.SYS (Version 26.20.15029.27017) Windows WalletService Elevation of Privilege Vulnerability ASP Firmware Vulnerability: Arbitrary Code Execution via Insufficient BIOS Image Length Validation Vulnerability: Insufficient Input Validation in ASP Firmware for Discrete TPM Commands SharePoint Elevation of Privilege Vulnerability ASP Firmware Race Condition Vulnerability Exploiting Integrated Chipset Option to Bypass SPI ROM Protections and Enable Unauthorized Modification Memory Object Handling Vulnerability in Windows Diagnostics & Feedback Settings App Denial of Service Vulnerability in AMD Graphics Driver for Windows 10 Zeroing Privileged Registers: Bypassing SPI ROM Protections in AMD Platform Security Processor (PSP) Privilege Escalation Vulnerability in AMD Graphics Driver for Windows Insufficient Pointer Validation Vulnerability in AMD Graphics Driver for Windows Vulnerability in AMD Radeon Kernel Mode Driver Allows Privilege Escalation and Denial of Service Transient Execution of Non-Canonical Loads and Stores in AMD CPUs: A Potential Data Leakage Vulnerability AMD EPYC™ Processors: Information Disclosure Vulnerability in SEV-ES and SEV-SNP Nested Page Table Vulnerability in AMD SEV/SEV-ES: Potential Arbitrary Code Execution Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint XSS Vulnerability Critical Out of Bounds Write and Read Vulnerability in AMD Graphics Driver for Windows 10 Unprivileged User Exploit: AMD Graphics Driver Vulnerability in Windows 10 AMD Graphics Driver for Windows 10: Invalid Object Pointer Free Vulnerability AMD Graphics Driver for Windows 10 Out of Bounds Write Vulnerability Insufficient Pointer Validation Vulnerability in AMD Graphics Driver for Windows 10 Insufficient Pointer Validation Vulnerability in AMD Graphics Driver for Windows 10 AMD Graphics Driver Vulnerability: Heap Information Leak and KASLR Bypass Integrated Chipset Denial of Service (DoS) Vulnerability: System Hang on Reboot LNK Remote Code Execution Vulnerability in Microsoft Windows Cabinet File Remote Code Execution Vulnerability Windows SMB Remote Code Execution Vulnerability Windows Installer Filesystem Operations Privilege Escalation Vulnerability Windows Runtime Elevation of Privilege Vulnerability Windows Runtime Object Handling Elevation of Privilege Vulnerability Windows State Repository Service Elevation of Privilege Vulnerability Windows Runtime Object Handling Elevation of Privilege Vulnerability Windows Kernel Object Handling Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in DirectX Microsoft Store Runtime Memory Handling Vulnerability Untrusted File Execution Vulnerability in pandas through 1.0.3 Untrusted File Execution via joblib.load() in scikit-learn (aka sklearn) Directory Traversal Vulnerability in iSpyConnect.com Agent DVR before 2.7.1.0 Cross-Site Scripting (XSS) Vulnerability in Dolibarr before 11.0.4 Privilege Escalation Vulnerability in Little Snitch Versions 4.5.1 and Older Win32k Elevation of Privilege Vulnerability Denial of Service Vulnerability in Arista's CloudVision eXchange (CVX) Server XML Signature Validation Bypass in OASIS DSS 1.0 Stack-based Buffer Overflow in Morita Shogi 64 for Nintendo 64 Devices COM Special Case IID Elevation of Privilege Vulnerability Arbitrary Code Execution and Privilege Escalation Vulnerability in Kerberos Package for Node.js Denial of Service Vulnerability in NaviServer 4.99.4 to 4.99.19 Buffer Over-read Vulnerabilities in libexif before 0.6.22 Uninitialized Memory Vulnerability in libexif before 0.6.22 Unrestricted Size Vulnerability in libexif: Potential Denial of Service XSS Vulnerability in OpenText Carbonite Server Backup Portal (CVE-2021-XXXX) Unauthenticated Remote Command Injection in Wavlink WN575A4 and WN579X3 Devices SQL Injection Vulnerability in Mikrotik-Router-Monitoring-System Critical Clickjacking Vulnerability in ismartgate PRO 1.5.9 Windows Installer Filesystem Operations Elevation of Privilege Vulnerability Open Redirect Vulnerability in Submitty 20.04.01 via authentication/login?old= Command Injection Vulnerability in NoviFlow NoviWare CLI Command Injection Vulnerability in SABnzbd Web Configuration Interface Unauthenticated User Creation Vulnerability in Ultimate Addons for Elementor Plugin Arbitrary File Upload Vulnerability in Elementor Pro Plugin SQL Injection Vulnerability in Loway QueueMetrics Denial of Service Vulnerability in Manolo GWTUpload 1.0.3 Sensitive Information Exposure via GET Method in Stashcat App Windows Update Orchestrator Service Elevation of Privilege Vulnerability Vulnerability: Memory Leakage in Yubico libykpiv Denial of Service Vulnerability in Yubico libykpiv Stored XSS Vulnerability in Tufin SecureChange Prior to R19.3 HF3 and R20-1 HF1 Stored XSS Vulnerability in Tufin SecureChange Prior to R19.3 HF3 and R20-1 HF1 Local Network Information Disclosure Vulnerability in D-Link DSP-W215 1.26b03 Devices Obfuscated Hash Disclosure Vulnerability in D-Link DSP-W215 1.26b03 Devices Windows Text Service Framework Elevation of Privilege Vulnerability Out-of-Bounds Read Vulnerability in gadget_dev_desc_UDC_store in Linux Kernel 3.16 through 5.6.13 Arbitrary Code Execution in Open edX Ironwood 2.5 via Custom Python Evaluated Code Stored XSS Vulnerability in Open edX Ironwood 2.5 via SVG File Uploads CSV Injection Vulnerability in Open edX Ironwood 2.5 Privilege Escalation and File Overwrite Vulnerability in Dragon Center Memory Object Handling Vulnerability in Internet Explorer Vulnerability: D-link DSL-2750U Control Panel Access Time Gap Unauthenticated Remote Code Execution in Aerospike Community Edition 4.9.0.5 Memory Leak Vulnerability in Amarok 2.8.0 via Specially Crafted M3U File Cross-Site Scripting (XSS) Vulnerability in MISP before 2.4.126 in resolved_attributes.ctp File Protection Password Disclosure in Zoho ManageEngine Service Plus CSRF and HTML Injection Vulnerability in NukeViet 4.4's clearsystem.php CSRF Vulnerability in NukeViet 4.4 Allows Unauthorized User Account Addition CSRF Vulnerability in NukeViet 4.4 Allows Unauthorized Password Change Directory Traversal Vulnerability in Artica Proxy Community Edition (before 4.30.000000) via fw.progrss.details.php Popup Parameter OS Command Injection in Artica Proxy Community Edition (before 4.30.000000) via Multiple Fields Windows Kernel Object Handling Elevation of Privilege Vulnerability Format String Vulnerability in AnyDesk before 5.5.3 on Linux and FreeBSD Elevated Privileges Exploit in Pulse Secure Client Insecure TLS Certificate Verification in em-imap 0.5 NFS Dissector Crash Vulnerability in Wireshark Arbitrary Code Execution Vulnerability in MyLittleAdmin 3.8 Unauthenticated Remote Code Execution in Netsweeper 6.4.3 Reflected XSS Vulnerability in SysAid 20.1.11b26 via ForgotPassword.jsp accountid Parameter Stored XSS Vulnerability in SolarWinds Orion Platform Allows Information Disclosure and Privilege Escalation Group Policy Access Check Vulnerability Scope Enforcement Vulnerability in HashiCorp Consul and Consul Enterprise Insecure Named Pipe Vulnerability in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows Clickjacking Vulnerability in Teradici Management Console Local File Inclusion Vulnerability in Teradici Cloud Access Connector and Cloud Access Connector Legacy Stored Cross-Site Scripting (XSS) Vulnerability in Teradici Cloud Access Connector Privilege Escalation via Support Bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows Improper Signature Validation in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows Memory Dump Vulnerability in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows Microsoft Office SharePoint XSS Vulnerability Reflected Cross Site Scripting Vulnerability in Teradici PCoIP Management Console (prior to 20.07) Unauthenticated Access to Sensitive Functions in Teradici Cloud Access Connector CSRF Vulnerability in Teradici Cloud Access Connector v31 and Earlier Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Microsoft Office SharePoint XSS Vulnerability Memory Object Handling Vulnerability in Microsoft Office Software Uninitialized Variable Leads to Information Disclosure in Microsoft Project Proxy Environment Variable Leakage in HashiCorp Vault and Vault Enterprise (Fixed in 1.3.6 and 1.4.2) Buffer Overflow Vulnerability in TP-LINK NC200, NC210, NC220, NC230, NC250, NC260, and NC450 Devices Stored XSS Vulnerability in phpIPAM 1.4 User Instructions Widget SSRF Vulnerability in WSO2 API Manager 3.0.0 Allows Unauthorized Access to Intranet Username Disclosure Vulnerability in Sysax Multi Server 6.90 Reflected XSS Vulnerability in Sysax Multi Server 6.90 via /scgi sid Parameter Session Hijacking Vulnerability in Sysax Multi Server 6.90 SharePoint Open Redirect Vulnerability: Exploiting URL Spoofing in Microsoft SharePoint Account Disablement Vulnerability in Cacti 1.2.11 and Earlier CSRF Vulnerability in Cacti before 1.2.11 Allows Admin Email Change Denial of Service Vulnerability in Mitsubishi MELSEC iQ-R Series PLCs with Firmware 33 Dolibarr 11.0.4 DMS/ECM Module XSS Vulnerability Windows Security Health Service Elevation of Privilege Vulnerability Insecure File Extension Renaming Vulnerability in Dolibarr 11.0.4 DMS/ECM Module Unrestricted File Upload Vulnerability in Microweber 1.1.18 Vulnerability: Missing SSL Certificate Validation in NETGEAR Devices Deadlock Vulnerability in Gitea: Repository Ownership Transfer CSV Injection Vulnerability in BooleBox Secure File Sharing Utility Stored XSS Vulnerability in BooleBox Secure File Sharing Utility Improper Validation of OK Packet in MariaDB Connector/C Azure DevOps Server and Team Foundation Services Spoofing Vulnerability: Exploiting Trust in Communication Channels Denial of Service Vulnerability in HashiCorp Consul and Consul Enterprise's HTTP API and DNS Caching Feature Arbitrary OS Command Execution in Centreon before 19.04.15 Out-of-Bounds Read Vulnerability in QEMU 4.2.0's sd_wp_addr Key Collision and Data Leakage in Django Memcached Backend Reflected XSS Vulnerability in Contentful Python SDK Cross-Site Request Forgery (CSRF) Vulnerability in RAD SecFlow-1v Web Management Interface Azure DevOps Server Cross-site Scripting Vulnerability Stored XSS Vulnerability in RAD SecFlow-1v Web Management Interface Amazon EKS Credentials Disclosure in GitLab CE/EE 12.6 and Later: HTML Source Code Vulnerability Client-Side Code Injection Vulnerability in GitLab CE/EE 12.9 and later through 13.0.1 via Specially Crafted Mermaid Payload Project Maintainer Impersonation Vulnerability in GitLab EE 9.5 - 13.0.1 Kubernetes Cluster Token Disclosure in GitLab CE/EE 10.3 and later through 13.0.1 Email Verification Bypass Vulnerability in GitLab CE/EE 12.5 and later through 13.0.1 Vulnerability: Insecure Authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 Stored Cross-Site Scripting Vulnerability in GitLab CE/EE 12.8 and later through 13.0.1 File Existence Disclosure Vulnerability in GitLab CE/EE 12.10 and later through 13.0.1 Reflected Cross-Site Scripting Vulnerability in GitLab CE/EE Static Site Editor (12.10 - 13.0.1) Azure DevOps Server HTML Injection Vulnerability Unauthorized Fork Creation Vulnerability in GitLab CE/EE 11.3 - 13.0.1 Stored Cross-Site Scripting Vulnerability in GitLab CE/EE Versions through 13.0.1 Unverified User Exploitation in OAuth Authorization Code Flow System Resource Exhaustion Vulnerability in GitLab CE/EE 12.0 - 13.0.1 Memory Exhaustion Vulnerability in GitLab Versions 13.0.1 and Earlier Allows Denial of Service Attacks Unverified Email Address Access Vulnerability in GitLab EE 12.2 and later through 13.0.1 Unverified Email Notification Vulnerability in GitLab CE/EE Versions through 13.0.1 Unauthorized Read Access to Private Repositories in GitLab CE/EE 10.6 and Later through 13.0.5 Reflected Cross-Site Scripting Vulnerability in RosarioSIS Student Information System < 6.5.1 Remote Code Execution in GitLab VSCode Extension v2.2.0 Excessive Logging Vulnerability in GitLab Leads to Memory Exhaustion Denial of Service Vulnerability in GitLab Project Import Feature Improper Access Control in GitLab Group Transfer Vulnerability Cross-Site Scripting Vulnerability in GitLab Issues List via Milestone Title Outdated CI Job Token API Authorization Vulnerability in GitLab Cross-Site Scripting (XSS) Vulnerability in GitLab Issue Reference Number Tooltip Server Side Request Forgery (SSRF) vulnerability in GitLab before 13.0.12, 13.1.6, 13.2.3 allows modification of user-controlled git configuration settings. Confidential EPIC Disclosure Vulnerability in GitLab Stored XSS Vulnerability in GitLab CI/CD Jobs Page Invalid Username Acceptance Vulnerability in GitLab with 2FA Bing Search Android App HTML Spoofing Vulnerability Improper Access Control on GitLab Applications Page Temporary Overpermissive Access Vulnerability in GitLab before 13.2.3 Bypassing E-mail Verification in GitLab OAuth Flow Hexadecimal Branch Name Override Vulnerability Access Grants Not Revoked Vulnerability SSRF Vulnerability in GitLab Runner before 13.0.12, 13.1.6, 13.2.3 Improper Access Control for Deploy Tokens in GitLab Authentication Bypass Vulnerability in GitLab Versions Before 13.1.10, 13.2.8, and 13.3.4 Conan Package Upload Parameter Validation Vulnerability Session Token Revocation Vulnerability in GitLab Windows Mobile Device Management (MDM) Diagnostics Junction Handling Information Disclosure Vulnerability OAuth Authorization Scope Change Vulnerability in GitLab CE/EE 13.3.4 and Earlier Stored XSS Vulnerability in GitLab Standalone Vulnerability Page Session Revocation Vulnerability in GitLab Improper Permissions Verification Allows Unauthorized Access to Private Repository in GitLab Persistent Access Vulnerability in GitLab Versions before 13.1.10, 13.2.8, and 13.3.4 Project Invitation Link Not Invalidated Upon User Removal in GitLab GitLab Webhook Feature Denial of Service Vulnerability Session Persistence Vulnerability in GitLab: Bypassing 2-Factor Authentication Access Prohibition Vulnerability in GitLab: Impact on Users without 2 Factor Authentication Blind SSRF Vulnerability in GitLab's Repository Mirroring Feature SCOM Web Request Spoofing Vulnerability Denial of Service Vulnerability in GitLab Runner GitLab Wiki Parser Attack Vulnerability GitLab OAuth Endpoint Brute-Force Vulnerability Unauthorized Project Maintainer Can Edit Subgroup Badges in GitLab GitLab Omniauth Endpoint Content Injection Vulnerability Unrestricted Result Request Vulnerability in GitLab Profile Activity Page GitLab Vulnerability: Unauthorized Access to Disabled Repositories via Deploy-Token Insufficient Check in GitLab GraphQL API Allows Repository Deletion by Maintainer Cross-Account Assume Role Vulnerability in GitLab's EKS Integration Missing Permission Check for Adding Time Spent on an Issue in GitLab Remote Code Execution Vulnerability in Microsoft Excel Software Unauthorized Access to Project Security Dashboard in GitLab HTML Tag Bypass Vulnerability in GitLab Versions Prior to 13.1 Unauthorized Creation and Deletion of Deploy Tokens in GitLab Versions after 12.9 GitLab Vulnerability: Unauthorized Access to Private Merge Requests via Todos API Exposure Vulnerability in GitLab Versions Prior to 13.1 Unrestricted Comment Characters in GitLab Issue Page: Denial of Service Vulnerability Bypassing Github Project Import Restriction in GitLab Versions Prior to 13.1 Insecure Runner Configuration in Kubernetes Environments: GitLab Runner Vulnerability Stored XSS Vulnerability in GitLab PyPi Files API Stored XSS Vulnerability in GitLab Blob View Reparse Point Handling Vulnerability in Group Policy Services Stored XSS Vulnerability in GitLab's Bitbucket Project Import Feature Stored XSS Vulnerability in GitLab Wiki Pages Exponential Backtracking DOS Vulnerability in GitLab 13.1-13.3 Improper Authorization Checks in GitLab Allow Unauthorized Confidentiality Attribute Modification via GraphQL Account Deletion Vulnerability in GitLab >=7.12: Improper Group Membership Validation Stored XSS Vulnerability in GitLab's Error Tracking Feature Stored XSS Vulnerability in GitLab Group Name Stored Cross-Site Scripting Vulnerability in GitLab's Reference Editing XSS Vulnerability in GitLab SVG File Preview Windows Runtime Object Handling Elevation of Privilege Vulnerability Stored XSS Vulnerability in GitLab CI Job Log Insufficient Permission Check Vulnerability in GitLab Allows Unauthorized Deletions Vulnerability: Lack of Rate Limiting at Re-Sending Confirmation Email Unauthorized Access to Custom Project Templates in GitLab Insecure Session Key Storage in GitLab Allows Unauthorized User Authentication Critical Reflected XSS Vulnerability in GitLab: All Versions from 10.8 Affected Confidential Issue Disclosure Vulnerability in GitLab Versions Prior to 13.2.10, 13.3.7, and 13.4.2 Command Injection Vulnerability in Gitlab Runner with Docker Executor on Windows Bypassing CODEOWNERS Approval in GitLab EE Catastrophic Backtracking Vulnerability in GitLab EE Advanced Search Remote Code Execution Vulnerability in Microsoft Excel Software CSRF Vulnerability in GitLab CE/EE Allows Unauthorized Runner Control Insufficient Permission Checks in Scheduled Pipeline API in GitLab CE/EE 13.0+: Variable Disclosure Vulnerability GitLab CE/EE Version 10.2 and Above: Private Group Information Leakage Persistent Storage of One-Time Use Git Credentials in Gitaly 1.79.0 or Above Exponential Backtracking DOS Vulnerability in GitLab CE/EE (Versions 12.6 - 13.3.9) Path Traversal Vulnerability in GitLab CE/EE Allows Server Path Overwrite File Disclosure Vulnerability in GitLab CE/EE Versions 8.8.9 - 13.5.2 Unauthorized User Access to User List in Gitlab CE/EE Unauthorized Access to Private Projects in GitLab CE/EE (CVE-2021-22214) Object Storage Signed URL Exposure in GitLab CE/EE 12.10+ Allows Unauthorized Terraform State Overwrite Windows Kernel Elevation of Privilege Vulnerability Out-of-Bounds Access Vulnerability in QEMU's es1370_transfer_audio Function Out-of-Bounds Read Vulnerability in QEMU's megasas_lookup_frame Function Zyxel Products Backdoor Vulnerability: Remote TELNET Access via CGI Script Undocumented User Account Vulnerability in Zyxel Products Windows Print Spooler Service Elevation of Privilege Vulnerability Arbitrary File Upload and OS Command Execution in SecurEnvoy SecurMail 9.3.503 Directory Traversal Vulnerability in Loadbalancer.org Enterprise VA MAX through 8.3.8 OS Command Injection Vulnerability in Loadbalancer.org Enterprise VA MAX through 8.3.8 SSRF Incorrect Access Control in Grafana's Avatar Feature Microsoft Word Remote Code Execution Vulnerability SQL Injection Vulnerability in openSIS before 7.4 SQL Injection Vulnerability in openSIS through 7.4 Incorrect Access Control in openSIS through 7.4 Directory Traversal Vulnerability in openSIS through 7.4 Arbitrary PHP Code Execution in Monstra CMS 3.0.4 via Unblocked .php7 Filenames Inherited Write Permissions and Scheduled Task Vulnerability in SmartDraw 2020 Temporary Denial of Service Vulnerability in Pexip Infinity before 23.4 via H.323 Arbitrary Code Execution via YAML Configuration Loading in jw.util Package Buffer Overflow Vulnerability in Tenda Router's Web Server Windows Media Audio Codec Remote Code Execution Vulnerability Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server (httpd) Allows Arbitrary Code Execution Buffer Overflow Vulnerability in Tenda Router's Web Server Buffer Overflow Vulnerability in Tenda Router's Web Server Out-of-Bounds Read Vulnerability in FreeRDP's ntlm_read_ChallengeMessage Uninitialized Value OOB Read Vulnerability in FreeRDP Out-of-Bounds Write Vulnerability in FreeRDP's crypto_rsa_common Package Metadata Spoofing Vulnerability in NuGetGallery IPv6 Router Advertisement Spoofing Vulnerability in Docker Engine ATOS/Sips Community Module for Magento: Command Injection Vulnerability Unauthenticated User Database Disclosure in Microweber before 1.1.20 Reflected and Stored XSS Vulnerability in Tufin SecureTrack < R20-2 GA Reflected and Stored XSS Vulnerability in Tufin SecureTrack < R20-2 GA Multiple Cross-Site Scripting (XSS) Vulnerabilities in Tufin SecureTrack Improper Exception Handling in MoscaJS Aedes 0.42.0 CSRF Vulnerability in Aviatrix Controller before 5.4.1204 Observable Response Discrepancy in Aviatrix Controller Allows User Enumeration via Brute Force Unused Credentials Vulnerability XML Signature Wrapping Vulnerability in Aviatrix Controller CSRF Vulnerability in Aviatrix Controller Allows Password Reset Attacks Incomplete Fix for Elevation of Privilege Vulnerability in Aviatrix VPN Client Cross-Site Scripting (XSS) Vulnerability in OpenIAM before 4.2.0.3 - Add New User Feature Directory Traversal Vulnerability in OpenIAM Batch Task (before 4.2.0.3) Microsoft Office Uninitialized Variable Information Disclosure Vulnerability Arbitrary Code Execution in OpenIAM before 4.2.0.3 via Groovy Script Incorrect Access Control for User Actions in OpenIAM before 4.2.0.3 Unauthenticated Administrative Actions in OpenIAM before 4.2.0.3 Multiple XSS Vulnerabilities in Form Builder 2.1.0 for Magento Authenticated Local File Disclosure Vulnerability in XCloner Component for Joomla! Vulnerability: Denial of Service via Battery Exhaustion in TrackR Devices Cross-Site Request Forgery (CSRF) Vulnerability in Multi-Scheduler Plugin 1.0.0 for WordPress Persistent XSS in Victor CMS 1.0 via admin/users.php?source=add_user Heap-Based Buffer Overflow in hxxx_AnnexB_to_xVC Function in VLC Media Player Cross-Site Scripting (XSS) Vulnerability in Pie Chart Panel Plugin for Grafana Token Exposure Vulnerability in Visual Studio Code Live Share Extension Cross-Site Scripting (XSS) Vulnerability in Grafana OpenTSDB Datasource Privilege Escalation Vulnerability in I2P before 0.9.46 Remote Code Execution Vulnerability in rejetto HFS v2.3m Build #300 SQL Injection Vulnerability in Jason2605 AdminPanel 4.0 via editPlayer.php Hidden Parameter Integer Overflow Vulnerability in SQLite's sqlite3_str_vappendf Function Segmentation Fault Vulnerability in SQLite 3.32.0 Invalid Read Vulnerability in ffjpeg's jfif_encode function Heap-Based Buffer Over-Read Vulnerability in ffjpeg's jfif_decode in jfif.c Windows WalletService Elevation of Privilege Vulnerability Invalid Write Vulnerability in ffjpeg's bmp_load function Remote Code Execution Vulnerability in DEXT5Upload Allows PHP File Upload Arbitrary Code Execution via File Upload in ExpressionEngine Information Disclosure Vulnerability in Liferay Portal and Liferay DXP Arbitrary Code Execution via Template API in Liferay Portal Command Injection Vulnerability in QuickBox Community and Pro Editions Gotenberg Markdown Engine Directory Traversal Vulnerability Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Directory Traversal Vulnerability in Gotenberg File Upload Function Gotenberg Office Rendering Engine Incomplete-Cleanup Vulnerability Insecure Permissions in Gotenberg's Tini File: Potential Denial of Service and Code Execution Vulnerability CSRF Vulnerability in Image Resizer Plugin for Craft CMS Stored XSS in Bulk Resize Action of Image Resizer Plugin for Craft CMS Windows Modules Installer File Operations Elevation of Privilege Vulnerability Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Tufin SecureTrack Username Enumeration Vulnerability in Tufin SecureTrack: Vendor Unresponsive Insecure Direct Object Reference (IDOR) Vulnerability in Tufin SecureChange Flash Memory Readout Vulnerability in Apex Microelectronics APM32F103 Devices Exploiting Flash Memory Readout Protection Vulnerability in China Key Systems & Integrated Circuit CKS32F103 Devices Debug Interface Vulnerability in Gigadevice GD32F103 Devices Power Glitch Exploit: Arbitrary Code Execution on STMicroelectronics STM32F103 Devices Exploiting Flash Memory Readout Protection Vulnerability in China Key Systems & Integrated Circuit CKS32F103 Devices Fault Injection Vulnerability in Gigadevice GD32F130 Devices Allows Unauthorized Debug Interface Escalation Exploiting Flash Memory Readout Protection in Gigadevice GD32VF103 Devices: Extracting Firmware via Debug Interface Windows Storage Services File Operations Elevation of Privilege Vulnerability Physical Attack Vector: Data Extraction via Probing and De-Obfuscation of Bonding Wires Power Glitch Exploit: Arbitrary Code Execution on Apex Microelectronics APM32F103 Devices DMA-based Firmware Extraction Vulnerability in Gigadevice GD32F103 Devices Local Privilege Escalation: Cleartext Password Exposure in NCH Express Accounts 8.24 and Earlier Privilege Escalation Vulnerability in NCH Express Accounts 8.24 and Earlier Reflected XSS Vulnerability in NCH Express Invoice 8.06 to 8.24 Quotes List Module Windows GDI Memory Disclosure Vulnerability HTML Injection Vulnerability in Verint Workforce Optimization (WFO) 15.2 via Send Email Feature Insecure TLS Certificate Verification in EM-HTTP-Request 1.1.5 Cross-Site Scripting (XSS) Vulnerability in Bitrix24 Web Application Firewall SSRF Vulnerability in Bitrix24 (CVE-2021-12345) IP Whitelist Bypass Vulnerability in Knock Knock Plugin for Craft CMS Craft CMS Knock Knock Plugin 1.2.8 Vulnerability: Malicious Redirection Stored XSS Vulnerability in bbPress Plugin for WordPress Outlook Object Memory Handling Remote Code Execution Vulnerability Heap Overflow Vulnerability in Pixar OpenUSD 20.05: Compressed Section Parsing in Binary USD Files Heap Overflow Vulnerability in Pixar OpenUSD 20.05 Parsing of Compressed String Tokens in Binary USD Files Arbitrary Out-of-Bounds Memory Access in Pixar OpenUSD 20.05 Arbitrary Out of Bounds Memory Access in Pixar OpenUSD 20.05 Arbitrary Out of Bounds Memory Access in Pixar OpenUSD 20.05 Arbitrary Out of Bounds Memory Access Vulnerability in Pixar OpenUSD 20.05 SQL Injection Vulnerability in eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Critical Remote Code Execution Vulnerability in Windows DNS Server SQL Injection Vulnerability in CHaD.asmx Web Service of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 SQL Injection Vulnerability in eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Unauthenticated SQL Injection Vulnerability in ednareporting.asmx Unauthenticated SQL Injection Vulnerability in ednareporting.asmx WinRing0x64 Driver Privileged I/O Read IRPs Information Disclosure Vulnerability in NZXT CAM 4.8.0 Windows Graphics Component Memory Object Handling Vulnerability WinRing0x64 Driver Privileged I/O Read IRPs Information Disclosure Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver Privileged I/O Read IRPs Information Disclosure Vulnerability in NZXT CAM 4.8.0 Privilege Escalation Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver Privilege Escalation Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver Privilege Escalation Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver Privilege Escalation Vulnerability in NZXT CAM 4.8.0's WinRing0x64 Driver IRP 0x9c40a148 Functionality WinRing0x64 Driver IRP 0x9c406144 Information Disclosure Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver IRP 0x9c406104 Information Disclosure Vulnerability in NZXT CAM 4.8.0 WinRing0x64 Driver IRP 0x9c402084 Information Disclosure Vulnerability in NZXT CAM 4.8.0 Privilege Escalation Vulnerability in NZXT CAM 4.8.0's WinRing0x64 Driver IRP 0x9c402088 Functionality Windows USO Core Worker Elevation of Privilege Vulnerability Out of Bounds Memory Corruption Vulnerability in Pixar OpenUSD 20.05 SoftPerfect RAM Disk 4.1 - Arbitrary File Delete Vulnerability SoftPerfect RAM Disk 4.1 spvve.sys Driver Information Disclosure Vulnerability Pixar OpenUSD 20.05 Out-of-Bounds Memory Corruption Vulnerability SQL Injection Vulnerability in ProcessMaker 3.4.11: Exploiting the sort Parameter in /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax SQL Injection Vulnerability in Sort Parameter Handling in ProcessMaker 3.4.11 Authentication Bypass Vulnerability in Lantronix XPort EDGE Web Manager Information Disclosure Vulnerability in Lantronix XPort EDGE Web Manager and telnet CLI Systemd 245 Denial-of-Service Vulnerability: DHCP ACK Spoofing Attack Windows Runtime Object Handling Elevation of Privilege Vulnerability Denial-of-Service Vulnerability in EIP Stack Group OpENer 2.3 and Development Commit 8c73bf3 Use-after-free vulnerability in Pixar OpenUSD 20.08 allows arbitrary code execution Privilege Escalation Vulnerability in Dream Report 5 R20-2: Exploiting Syncfusion Dashboard Service Binary Replacement Privilege Escalation via Weak Registry Key Permissions in Dream Report 5 R20-2 Privilege Escalation via Weak Privileges in Dream Report 5 R20-2 Privilege Escalation Vulnerability in Kepware LinkMaster 3.0.94.0 Local Privilege Elevation Vulnerability in Moxa MXView Series 3.1.8 Installation Local Privilege Elevation Vulnerability in Moxa MXView Series 3.1.8 Installation Local Privilege Elevation Vulnerability in Win-911 Enterprise V4.20.13 via WIN-911 Mobile Runtime Service Windows UPnP Device Host Memory Handling Elevation of Privilege Vulnerability Win-911 Enterprise V4.20.13 File System Permissions Privilege Escalation Vulnerability Local Privilege Escalation Vulnerability in Mobile-911 Server V2.5 Local Privilege Elevation Vulnerability in LogicalDoc 8.5.1 Installation Remote Code Execution Vulnerability in Webkit WebKitGTK 2.30.0 via WebSocket Use-After-Free Sign Extension Vulnerability in SoftMaker Office 2021's TextMaker Document Parser Heap-based Memory Corruption in SoftMaker Office 2021's TextMaker Application Heap-based Buffer Overflow in SoftMaker Office TextMaker 2021 (revision 1014) Type Confusion Vulnerability in Foxit PDF Reader 10.1.0.37527 Arbitrary Code Execution Vulnerability in Foxit Reader 10.1.0.37527 Local Privilege Escalation Vulnerability in Sytech XL Reporter v14.0.1 Windows Font Driver Host Remote Code Execution Vulnerability Local File Inclusion Vulnerability in Advantech WebAccess/SCADA 9.0.1 Installation Functionality Local Privilege Escalation Vulnerability in Advantech WebAccess/SCADA 9.0.1 via PostgreSQL Executable Local Privilege Escalation Vulnerability in Advantech WebAccess/SCADA 9.0.1 Advantech WebAccess/SCADA 9.0.1 File System Permissions Privilege Escalation Vulnerability Advantech WebAccess/SCADA 9.0.1 File System Permissions Privilege Escalation Vulnerability Advantech WebAccess/SCADA 9.0.1 File System Permissions Privilege Escalation Vulnerability Ethernet/IP Server Remote Code Execution Vulnerability Use After Free Vulnerability in Foxit PDF Reader 10.1.0.37527 Use After Free Vulnerability in WebKitGTK's AudioSourceProviderGStreamer FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028 Denial-of-Service Vulnerability Windows iSCSI Target Service File Operations Elevation of Privilege Vulnerability Use After Free Vulnerability in Foxit PDF Reader 10.1.0.37527 Allows Arbitrary Code Execution Accusoft ImageGear 19.8 TIFF Parser Out-of-Bounds Write Vulnerability Cross-Site Scripting (XSS) Vulnerability in phpGACL 3.3.7 Template Functionality Cross-Site Scripting (XSS) Vulnerability in phpGACL 3.3.7 Template Functionality Cross-Site Scripting (XSS) Vulnerability in phpGACL 3.3.7 Template Functionality Open Redirect Vulnerability in phpGACL, OpenEMR 5.0.2, and OpenEMR 6.0.0 SQL Injection Vulnerability in phpGACL 3.3.7: Remote Code Execution via admin/edit_group.php SQL Injection Vulnerabilities in phpGACL 3.3.7: Exploiting Specially Crafted HTTP Requests SQL Injection Vulnerability in phpGACL 3.3.7: admin/edit_group.php (action=Submit) POST Parameter parent_id SQL Injection Cross-Site Request Forgery Vulnerability in OpenEMR 5.0.2 and 6.0.0 Windows System Events Broker File Operations Elevation of Privilege Vulnerability Use-After-Free Vulnerability in Foxit PDF Reader 10.1.0.37527 Allows Arbitrary Code Execution SGI RLE Decompression Out-of-Bounds Write Vulnerability in Accusoft ImageGear 19.8 Accusoft ImageGear 19.8 GIF Parser Heap Overflow Vulnerability Denial-of-Service Vulnerability in Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3 Ethernet/IP Server Denial-of-Service Vulnerability in Genivia gSOAP 2.8.107 WS-Security Plugin Denial-of-Service Vulnerability in Genivia gSOAP 2.8.107 WS-Addressing Plugin Remote Code Execution Vulnerability in Genivia gSOAP 2.8.107 WS-Addressing Plugin Denial-of-Service Vulnerability in Genivia gSOAP 2.8.107 WS-Security Plugin Denial-of-Service Vulnerability in Genivia gSOAP 2.8.107 WS-Security Plugin Integer Overflow and Heap-Based Buffer Overflow in SoftMaker Office 2021's PlanMaker Application Windows Resource Policy Memory Handling Vulnerability Heap-based Buffer Overflow in SoftMaker Office 2021's PlanMaker Document Parsing Functionality Heap-based Buffer Overflow in SoftMaker Office PlanMaker 2021 (Revision 1014) Denial-of-Service Vulnerability in Micrium uC-HTTP 3.01.00 HTTP Server Denial-of-Service Vulnerability in Micrium uC-HTTP 3.01.00 HTTP Server Use-After-Free Remote Code Execution Vulnerability in WebKitGTK Browser Accusoft ImageGear 19.8 PSD Header Processing Out-of-Bounds Write Vulnerability Heap Buffer Overflow in SoftMaker Office PlanMaker 2021 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 Windows CNG Key Isolation Service Memory Handling Vulnerability SQL Injection Vulnerabilities in Rukovoditel Project Management App 2.7.2 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 SQL Injection Vulnerability in Rukovoditel Project Management App 2.7.2 Bluetooth Low Energy Secure Manager Protocol (SMP) Vulnerability: Unauthenticated Encrypted Session Hijacking Denial of Service Vulnerability in Espressif ESP-IDF 4.2 and Earlier: Bluetooth Low Energy (BLE) Controller Implementation Bluetooth Low Energy (BLE) Controller Vulnerability in Espressif ESP-IDF 4.0-4.2 Improper URL Encoding in Django Admin ForeignKeyRawIdWidget Allows XSS Attack Information Disclosure Vulnerability in Calico and Calico Enterprise Clusters with Unused IPv6 Stack-based Buffer Overflow in Zephyr FAT_FS when Enabling Long File Names and Calling fs_stat Incorrect Default Permissions in Zephyr versions >= 1.14.2, >= 2.3.0 (CWE-276) Windows Profile Service File Operations Vulnerability Heap-based Buffer Overflow in eswifi SPI Response Out-of-bounds Read Vulnerability in Zephyr DNS Read Remote Denial of Service Vulnerability in LwM2M do_write_op_tlv Integer Overflow in Memory Allocating Functions in Zephyr versions >= 1.14.2, >= 2.4.0 (CWE-190) Memory Information Disclosure Vulnerability in Windows WalletService TLS Implementation in Axel before 2.17.8 Lacks Hostname Verification Missing Hostname Verification for X.509 Certificates in Qore Socket Library Lack of TLS Hostname Verification in Pichi before 1.3.0 Improper Memory Handling in Mitel MiVoice SIP Phones Web UI Component Code Execution Vulnerability in Locutus PHP through 2.0.11 via php/exec/escapeshellarg Windows WalletService Elevation of Privilege Vulnerability CSRF Vulnerability in Fastweb FASTGate GPON FGA2130FWB Devices Denial of Service Vulnerability in JerryScript 2.2.0 via Proxy Object Property Key Query Denial of Service Vulnerability in JerryScript 2.2.0 via Proxy Operation PHPMailer File Attachment Double Quote Output Escaping Vulnerability OnePlus App Locker Authorization Bypass Vulnerability Cross-site scripting (XSS) vulnerability in Centreon host-monitoring, service-monitoring, and tactical-overview widgets Cross-site scripting (XSS) vulnerability in Centreon host-monitoring, service-monitoring, and tactical-overview widgets Windows Picker Platform Elevation of Privilege Vulnerability Use-after-free vulnerability in SQLite's fts3EvalNextRow function related to snippet feature Virtual Table Renaming Vulnerability in SQLite NULL Pointer Dereference in SQLite's fts3_snippet.c Cross-Site Scripting (XSS) Vulnerability in Fork CMS before 5.8.3 via navigation_title or title Unvalidated Input Values Vulnerability in Windows Master 7.99.13.604 Cleartext Storage of Encryption Keys in Stashcat App Authentication Bypass and Administrator Account Creation in rConfig 3.9.x before 3.9.7 Stored XSS Vulnerability in OutSystems ECT Provider File Handling Denial of Service Vulnerability in WalletService SQL Injection Vulnerability in gVectors wpDiscuz Plugin 5.3.5 and Earlier for WordPress Unauthenticated Remote Code Execution in Real-Time Find and Replace Plugin for WordPress Unauthenticated Remote Code Execution in SiteOrigin Page Builder Plugin for WordPress Unauthenticated Remote Code Execution in SiteOrigin Page Builder Plugin Unprotected AJAX Action Allows Injection of Malicious JavaScript in Accordion Plugin for WordPress Vulnerability: Insecure TLS Certificate Verification in GNOME glib-networking Unvalidated Input Values in Cheetah Free WiFi 5.1 Driver File (liebaonat.sys) Leading to Denial of Service or Other Impact Out-of-Memory Error Handling Vulnerabilities in JerryScript 2.2.0 Windows Event Logging Service Memory Handling Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in DigDash 2018R2 and 2019R1 Remote Code Execution via Rogue JNLP File in DigDash Cross-Site Scripting (XSS) Vulnerability in DigDash Login Menu XSS Vulnerability in Zimbra Collaboration Suite Webmail Component Improper Escaping in XWiki Platform Property Displayer XSS Vulnerability in Collabtive 3.0 and Later: managefile.php Array Bounds Checking Vulnerability in Morgan Stanley Hobbes through 2020-05-21 Local Privilege Escalation Vulnerability in Avast Free Antivirus and AVG AntiVirus Free CSRF Vulnerability in Lansweeper 8.0.130.17 Web Console Allows Privilege Escalation NULL Pointer Dereference in address_space_map in QEMU 4.2.0 Windows Print Workflow Service Elevation of Privilege Vulnerability XSS Vulnerability in CMS Made Simple through 2.2.14 via Crafted File Picker Profile Name Arbitrary Program Execution Vulnerability in Telerik Fiddler 5.0.20202.18177 Open Redirect Vulnerability in Drupal Core 7.70 and Prior Versions Cross-Site Request Forgery Vulnerability in Drupal Core Form API Arbitrary PHP Code Execution Vulnerability in Drupal Core (CVE-2020-13671) Access Bypass Vulnerability in Drupal Core JSON:API Configuration Drupal Core JSONP Cross-Site Scripting Vulnerability Access Bypass Vulnerability in Drupal Core Workspaces HTML Rendering Vulnerability in Drupal Core XSS Vulnerability in ckeditor of Drupal Core (CVE-2020-13671) Windows Kernel Object Memory Handling Vulnerability Information Disclosure Vulnerability in Drupal Core File Module File Extension Mismatch Vulnerability in Drupal Core Drupal Core XSS Vulnerability in Sanitization API Cross-Site Scripting (XSS) Vulnerability in Entity Embed Module Cross-Site Request Forgery Vulnerability in QuickEdit Module Access Bypass Vulnerability in Drupal's JSON:API and REST/File Modules Unintended Disclosure of Field Data in QuickEdit Module Unintended Access Bypass in Drupal Core JSON:API Module Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability Cross-Site Scripting Vulnerability in Drupal Core Windows WalletService Elevation of Privilege Vulnerability XXE Vulnerability in PostgreSQL JDBC Driver (PgJDBC) before 42.2.13 Unauthenticated Privilege Escalation in bbPress Plugin for WordPress Privilege Escalation: Arbitrary OS Command Execution via sudo mysql Privilege Escalation via Sudo Privileges in QuickBox Community and Pro Edition Unprivileged Filesystem Path Disclosure and Arbitrary File Open Vulnerability in LinuxTV xawtv Reflected XSS Vulnerability in RouterNanoHTTPD Arbitrary Parameter Injection in TeamViewer Desktop for Windows Windows Runtime Object Handling Elevation of Privilege Vulnerability Insecure Direct Object Reference in acf-to-rest-api Plugin for WordPress Rolling Proximity Identifier Vulnerability: Circumvention of Bluetooth Smart Privacy via Secondary Temporary UID Windows Event Logging Service Elevation of Privilege Vulnerability Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Critical Remote Code Execution Vulnerability in Windows Remote Desktop Client Windows COM Server Elevation of Privilege Vulnerability Vulnerability: Sandbox Bypass in WebKitGTK and WPE WebKit Out-of-Bounds Access Vulnerability in QEMU 4.2.0 via Crafted Address in MSI-X MMIO Operation Remote Code Execution in Sabberworm PHP CSS Parser before 8.3.1 via Uncontrolled Data Evaluation Leading Null Byte Ignored in Python-RSA Decryption XSS Vulnerability in Bitrix24 Web Application Firewall through 20.0.950 Memory Access Vulnerability in rust-vmm vm-memory Elevation of Privilege Vulnerability in fdSSDP.dll CSRF Vulnerability in Joomla! before 3.9.19 Cross-Site Scripting (XSS) Vulnerability in Joomla! Modules Cross-Site Scripting (XSS) Vulnerability in Joomla! before 3.9.19 HTML Injection Vulnerability in Joomla! before 3.9.19 Password Leakage in Gravity Forms Plugin for WordPress Invalid Memory Copy Vulnerability in QEMU 4.0 and 4.1.0 Insufficient Access Control in Mitel MiCollab iOS App: Unauthorized File and Folder Access Stack-based Buffer Overflow in MiniShare before 1.4.2 via HTTP PUT Request SQL Injection Vulnerability in Ivanti Endpoint Manager through 2020.1 via LDMS/alert_log.aspx Windows Kernel API Elevation of Privilege Vulnerability Privilege Escalation via Named Pipes in Ivanti Endpoint Manager DLL Hijacking Vulnerability in Ivanti Endpoint Manager Components Information Disclosure Vulnerability in Ivanti Endpoint Manager through 2020.1.1 Cross-Site Scripting (XSS) Vulnerabilities in Ivanti Endpoint Manager Unrestricted File Upload Vulnerability in Ivanti Endpoint Manager ZNC 1.8.0 up to 1.8.1-rc1 Vulnerability: Authenticated Users Can Trigger Application Crash Privilege Escalation via Numerical Usernames in systemd Vulnerability: Incorrect Cryptography in GnuTLS Session Ticket Encryption Authenticated Code Execution Vulnerability in rConfig 3.9.4 and Earlier Windows Kernel API Elevation of Privilege Vulnerability Command Injection Vulnerability in D-Link DIR-865L Ax 1.20B01 Beta Devices Cleartext Storage of Sensitive Information in D-Link DIR-865L Ax 1.20B01 Beta Devices Predictable Seed Vulnerability in D-Link DIR-865L Ax 1.20B01 Beta Devices Weak Encryption Vulnerability in D-Link DIR-865L Ax 1.20B01 Beta Devices CSRF Vulnerability in D-Link DIR-865L Ax 1.20B01 Beta Devices Cleartext Transmission of Sensitive Information in D-Link DIR-865L Ax 1.20B01 Beta Devices SSRF Vulnerability in Harbor Prior to 2.0.1 Allows Port Scanning Windows Media Foundation Memory Corruption Vulnerability Heap-Based Buffer Over-read in libjpeg-turbo and mozjpeg via Malformed PPM Input File Out-of-Bounds Access Vulnerability in QEMU 4.2.0 Local File Inclusion Vulnerability in PlayTube 1.8 via ajax.php?type=../admin-panel/autoload&page=manage-users Static, Hard-Coded Encryption Key Vulnerability in Ivanti DSM Netinst 5.1 Harbor Vulnerability: Unauthorized Exposure of Sensitive Information Directory Traversal Vulnerability in Navigate CMS 2.8.7 Cross-Site Scripting (XSS) Vulnerability in Navigate CMS 2.8.7 Cross-Site Scripting (XSS) Vulnerability in Navigate CMS 2.8.7 Cross-Site Scripting (XSS) Vulnerability in Navigate CMS 2.8.7 Security Vulnerability in RPMB Protocol: Threats to Trusted Firmware and Storage Devices Remote Code Execution Vulnerability in Internet Explorer's Scripting Engine Infinite Recursion Vulnerability in QEMU 4.2.0 ATI VGA Driver OS Command Injection Vulnerability in Rebar3 Dependency Specification Signature Validation Bypass in Foxit PhantomPDF and Foxit Reader for Mac Hardcoded Username and Password Disclosure in Foxit Reader and PhantomPDF DocuSign Plugin Unlimited Login Failures in Foxit Reader and PhantomPDF Use-After-Free Vulnerability in Foxit Reader and PhantomPDF Circular Reference Mishandling Vulnerability in Foxit Reader and PhantomPDF Resource Consumption Vulnerability in Foxit Reader and PhantomPDF Resource Consumption Vulnerability in Foxit Reader and PhantomPDF Windows Graphics Component Elevation of Privilege Vulnerability Signature Validation Bypass in Foxit Reader and PhantomPDF Out-of-Bounds Write Vulnerability in Foxit Studio Photo Local Privilege Escalation Vulnerability in Foxit Studio Photo Privilege Escalation Vulnerability in Foxit Studio Photo Use-after-free vulnerability in Foxit Reader and PhantomPDF before 9.7.1 Stack Consumption Vulnerability in Foxit Reader and PhantomPDF NTPd Vulnerability: Denial of Service via Spoofed Packets Directory Traversal Bypass Vulnerability in Zoho ManageEngine OpManager before 125144 Unauthenticated Reflected XSS Vulnerability in Extreme EAC Appliance 8.4.1.24 Windows Graphics Component Elevation of Privilege Vulnerability Unauthenticated Reflected XSS Vulnerability in Extreme Management Center 8.4.1.24 Reflected Cross-Site Scripting (XSS) Vulnerability in HiveMQ Broker Control Center 4.3.2 ECDSA Signature Malleability in Elliptic Package 6.5.2 for Node.js Cross-Site Scripting (XSS) Vulnerability in i-doit 1.14.2 Arbitrary Command Execution via CSV Injection in i-doit 1.14.2 Cross-Site Scripting (XSS) Vulnerability in phpList before 3.5.4 Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities in Dolibarr 11.0.4 SEAndroid Protection Bypass Vulnerability on Samsung Mobile Devices (SVE-2019-15998) Information Disclosure Vulnerability in RPC with Routing and Remote Access Enabled Samsung One UI HOME Information Leakage Vulnerability Arbitrary Memory Mapping Vulnerability in Samsung Mobile Devices with Exynos 7570 Chipsets Widevine Trustlet Memory Disclosure Vulnerability on Samsung Mobile Devices Arbitrary File Overwrite Vulnerability on Samsung Mobile Devices (SVE-2020-17183) Insecure Use of Android Debug Bridge (adb) in Samsung Secure Folder (SVE-2020-17369) Brute-Force Attack Vulnerability in Samsung Mobile Devices (SVE-2020-16908) Path Traversal Vulnerability in Samsung Mobile Devices (SVE-2020-16954) Lockscreen Bypass Vulnerability on Samsung Mobile Devices with Q(10.0) Software DeX Lockscreen Bypass Vulnerability on Samsung Mobile Devices LG Mobile Devices with Android OS 7.2-10 (MTK Chipsets) Custom AT Command Handler Buffer Overflow Vulnerability Windows CNG Key Isolation Service Memory Handling Vulnerability MTK AT Command Handler Buffer Overflow Vulnerability on LG Mobile Devices LG Mobile Devices with Android OS 9 and 10 (MTK Chipsets) AT Command Bypass Vulnerability LG Mobile Devices with Android OS 7.2-10 (MTK Chipsets) Vulnerability: Dangerous Unused AT Command LG Mobile Devices Denial of Service Vulnerability Straight-Line Speculation Vulnerability in Arm Armv8-A Core Implementations Improper Validation of Image Integrity in Sylabs Singularity 3.0-3.5 Unreported Error in Status Code Handling in Sylabs Singularity 3.5.0-3.5.3 Integrity Check Vulnerability in Sylabs Singularity 3.0 through 3.5 Denial of Service Vulnerability in Portable UPnP SDK (libupnp) 1.12.1 and Earlier Denial of Service Vulnerability in MQTT Protocol 3.1.1 Windows Credential Picker Elevation of Privilege Vulnerability Inadequate Access Controls in Artica Pandora FMS 7.44 Web Folder Remote Command Execution in Artica Pandora FMS 7.44 via Events Feature Arbitrary File Upload Vulnerability in Artica Pandora FMS 7.44 Persistent XSS in Artica Pandora FMS 7.44 Messages Feature Privilege Escalation Vulnerability in Artica Pandora FMS 7.44 Arbitrary File Upload Vulnerability in Artica Pandora FMS 7.44 Unauthenticated Access to Sensitive Information on Mofi Network MOFI4500-4GXeLTE Devices Unauthenticated Reboot Vulnerability in Mofi Network MOFI4500-4GXeLTE Devices Undocumented Administrator Accounts with Non-Unique Passwords on Mofi Network MOFI4500-4GXeLTE Devices Undocumented System Account Allows Unauthorized Access to MOFI4500-4GXeLTE Management Interface Windows Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Predictable One-Time Password Algorithm in Mofi Network MOFI4500-4GXeLTE 4.0.8-std Devices Header Injection Vulnerability in Mitel MiCollab SAS Portal Stored XSS Vulnerability in Elementor Page Builder Plugin for WordPress Multiple Stored XSS Vulnerabilities in Elementor Page Builder Plugin for WordPress Insecure Permissions in WinGate v9.4.1.5998 Installation Directory Allows Privilege Escalation Weak Permissions in Open-iSCSI targetcli-fb for /etc/target and Backup Files CSRF Vulnerability in Comments Plugin for Craft CMS Stored XSS Vulnerability in Comments Plugin for Craft CMS Windows Push Notification Service Elevation of Privilege Vulnerability Stored XSS Vulnerability in Comments Plugin for Craft CMS Use-After-Free Vulnerability in SQLite 3.32.2's resetAccumulator Function 0.0.0.0 Listener Vulnerability in Royal TS before Version 5 SQL Injection Vulnerability in Codoforum Allows Remote Code Execution SQL Injection Vulnerability in ResourceXpress Meeting Monitor 4.9 IrfanView B3D PlugIns Heap-Based Out-of-Bounds Write Vulnerability IrfanView B3D PlugIns Heap-Based Out-of-Bounds Write Vulnerability Windows Elevation of Privilege Vulnerability in psmsrv.dll IrfanView B3D PlugIns Heap-Based Out-of-Bounds Write Vulnerability TACACS+ Shared Secret Leakage via syslog in pam_tacplus Incorrect Access Control due to TOCTOU Race Condition in CISOfy Lynis before 3.0.0 XML External Entity (XXE) Vulnerability in WSO2 API Manager, API Microgateway, and IS Key Manager Insecure Permissions and Unquoted Path Vulnerability in Citrix Workspace App on Windows Insecure Permissions in Citrix Workspace App on Windows Allows Privilege Escalation During Uninstallation Directory Traversal Vulnerability in Intelbras TIP 200, TIP 200 LITE, and TIP 300 Devices Remote Command Execution Vulnerability in Kordil EDMS through 2.2.60rc3 Stored XSS Vulnerability in Kordil EDMS 2.2.60rc3 Cross-Site Scripting (XSS) Vulnerability in Bludit 3.12.0 Administration Panel's showAlert() Function Windows Kernel Memory Initialization Vulnerability XSS Vulnerability in Neon Theme 2.0 for Bootstrap via Add Task Input Operation Unauthorized Access to Authorization Tokens in Mattermost Mobile Apps SportsPress Plugin XSS Vulnerability in WordPress Stored Cross-Site Scripting (XSS) Vulnerabilities in Sage EasyPay 10.7.5.10 through Unicode Transformations Arbitrary File Download Vulnerability in DEXT5 Editor through 3.5.1402961 Weak ECDSA Signature Verification in Crypt::Perl Information Disclosure Vulnerability in Maipu MP1800X-50 7.5.3.14(R) Web Interface Reflected XSS Vulnerability in HESK before 3.1.10 NULL Pointer Dereference in janus-gateway's janus_sdp_process Information Disclosure Vulnerability in Janus WebRTC Server Windows Network Connections Service Elevation of Privilege Vulnerability NULL Pointer Dereference in janus-gateway's janus_sdp_preparse Function Stack-based Buffer Overflow in janus-gateway's janus_sdp_merge Function Heap-Based Buffer Over-read Vulnerability in ImageMagick 7.0.9-27 through 7.0.10-17 Use-after-free vulnerability in FFmpeg 2.8 and 4.2.3 via crafted EXTINF duration in m3u8 file User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000038ed4 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000038eb7 Ignition Component Global Variable Injection Vulnerability Windows Agent Activation Runtime Memory Object Handling Vulnerability Out-of-Bounds Read Vulnerability in Pengutronix Barebox through v2020.05.0 XSS Vulnerability in Online Shop 1.8.0 via Change Name or Change Surname Operation Privilege Escalation Vulnerability in SolarWinds Advanced Monitoring Agent Unauthenticated Remote Code Execution via XSS in Ruckus Wireless Unleashed Ruckus Wireless Unleashed Webserver Denial of Service Vulnerability Remote Code Execution Vulnerability in Ruckus Wireless Unleashed Devices Remote Code Execution Vulnerability in Ruckus Wireless Unleashed Devices Command Injection and Jailbreak Vulnerability in Ruckus Wireless Unleashed (CVE-2021-12345) Unauthenticated Remote Information Leakage in Ruckus Wireless Unleashed Devices Command Injection Vulnerability in Ruckus Wireless Unleashed through 200.7.10.102.92 Windows Delivery Optimization Service Elevation of Privilege Vulnerability Apache ActiveMQ JMX RMI Registry Unauthenticated Rebind Vulnerability SQL Injection Vulnerability in Wildcard Query Cases Apache DolphinScheduler Prior to 1.3.2 API Password Override Vulnerability Apache OFBiz Ecommerce Component Order Processing IDOR Vulnerability Directory Traversal Vulnerability in Apache Ambari Versions 2.6.2.2 and Earlier Remote Code Execution Vulnerability in Kylin Restful API SQL Injection Vulnerability in Kylin 2.0 - 3.0.9 Allows Remote Code Execution Default setting for Airflow's Experimental API allows unauthenticated requests, posing security risks Apache Atlas XSS Vulnerability Apache Zeppelin Authentication Bypass Vulnerability Windows Diagnostics Hub Elevation of Privilege Vulnerability Unauthenticated JMX Port Vulnerability in Apache TomEE with Misconfigured ActiveMQ Broker XSS Vulnerability in Apache ActiveMQ Artemis MQTT Packet Handling Authentication Bypass Vulnerability in Apache Shiro HTTP/2 OutOfMemoryException Denial of Service Vulnerability in Apache Tomcat WebSocket Frame Payload Length Validation Vulnerability Remote Code Execution via Velocity Template Modification Unauthenticated Information Disclosure in Apache Kylin Unprivileged Local Users Can Stop Apache HTTP Server on Windows (Versions 2.4.0 to 2.4.46) Windows Geolocation Framework Elevation of Privilege Vulnerability XML External Entity (XXE) Vulnerability in Apache NiFi 1.0.0 to 1.11.4 Unvalidated Location Parameter in Replication Handler Allows Unauthorized Access and Modification Apache Unomi 1.5.2 Vulnerability: Remote Code Execution via /context.json Endpoint HTTP/2 Header Injection Vulnerability XSS Vulnerability in Apache Airflow < 1.10.12 Trigger Endpoint Vulnerability: Unauthorized Access to Apache APISIX Management Data Apache Cassandra JMX Interface Man-in-the-Middle Vulnerability Cross-Site Scripting Vulnerability in Apache ActiveMQ Administration Console Arbitrary Access to Python's `os` Package in Apache Superset (CVE-2021-38114) Apache Thrift Denial of Service Vulnerability Windows Speech Brokered API Memory Handling Elevation of Privilege Vulnerability Apache HTTP Server Denial of Service Vulnerability Denial of Service Vulnerability in Apache OpenMeetings 4.0.0-5.0.0 via Public NetTest Web Service Vulnerability: Information Disclosure and Privilege Escalation in Apache Superset Apache Tapestry 5.4.0 to 5.5.0 - File Download Vulnerability Apache CXF Reflected Cross-Site Scripting (XSS) Vulnerability via /services Page Vulnerability: Insecure Hostname Verification in HttpUtils#getURLConnection Method Misinterpretation of Malformed Authority Component in Apache HttpClient Unauthenticated Remote Code Execution Vulnerability in Apache Solr Unconditional Hyperlink Execution Vulnerability in Apache OpenOffice Reflected XSS Vulnerability in VelocityView's Default Error Page Windows ALPC Elevation of Privilege Vulnerability Default DNS Resolver Search Path Vulnerability in D-Link DSL 2730-U and DIR-600M Devices Template Injection Vulnerability in Strapi before 3.0.2 Denial of Service Vulnerability in Qt's OpenSSL Error Queue Handling Insecure Access Control in SOPlanning before 1.47 Cross-Site Scripting (XSS) Vulnerability in Roundcube Webmail XSS Vulnerability via Malicious XML Attachment in Roundcube Webmail SQL Injection Vulnerability in CRK Business Platform <= 2019.1 via 'strSessao' Parameter Reflected XSS Vulnerability in CRK Business Platform <= 2019.1 via erro.aspx Windows Imaging Component Memory Object Handling Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in Shopware's Mediabrowser upload by URL Feature Persistent XSS vulnerability in Shopware before 6.2.3 allows authenticated users to upload malicious SVG images containing JavaScript, leading to unauthorized access and execution of code. XSS Vulnerability in Enghouse Web Chat 6.2.284.34 via WebServiceLocation Parameter (CVE-2019-16951) XSS Vulnerability in OWASP json-sanitizer before 1.2.1 Integer Overflow in drivers/tty/vt/keyboard.c Remote Command Execution Vulnerability in DD-WRT Arbitrary Code Execution via Nagios 4.4.5 JSON CGIs Configuration Vulnerability Arbitrary OS Command Execution Vulnerability in Monstra CMS 3.0.4 Windows Lockscreen Elevation of Privilege Vulnerability Cross-Site Scripting (XSS) Vulnerability in OpenCart 3.0.3.3 Image Upload Section Infinite Loop Vulnerability in Contiki's uIP TCP/IP Stack Component Memory Corruption Vulnerability in uIP TCP/IP Stack Component Infinite Loop Vulnerability in Contiki's uIP TCP/IP Stack Component Out-of-Bounds Read Vulnerability in uIP TCP/IP Stack Component Integer Overflow in uIP TCP/IP Stack when Parsing TCP MSS Options Windows Runtime Object Handling Elevation of Privilege Vulnerability Control Flow Hijacking Vulnerability in JerryScript 2.2.0 Stored XSS Vulnerability in Mods for HESK Allows Session Abuse Blind Time-Based SQL Injection Vulnerability in Mods for HESK Remote Code Execution via Improper Access Control in Mods for HESK Buffer Overflow Vulnerability in U.S. Air Force Sensor Data Management System extract75 SQL Injection Vulnerability in J2Store Plugin for Joomla! Database Password Leakage in Shopware 6.2.3 Unauthenticated User Enumeration in Citrix XenApp 6.5 with 2FA Enabled Integer Overflow Vulnerability in ScaleViewPortExtEx Function in libEMF Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution via Untrusted Project.json Files in MIT Lifelong Kindergarten Scratch Unintended Read Access and Code Execution in kramdown Gem (CVE-2021-23456) Observable Discrepancy in PuTTY Algorithm Negotiation Leads to Information Leak Arbitrary File Permission Change Vulnerability in Icinga2 Arbitrary Code Execution Vulnerability in SolarWinds Orion SolarWinds Orion XSS Vulnerability via Responsible Team Cross-Site Scripting (XSS) Vulnerability in Solarwinds Orion Alert Definition Name Remote Code Execution Vulnerability in Zoho ManageEngine Applications Manager Email Attachment Bypass Vulnerability in Proofpoint Enterprise Protection Jet Database Engine Remote Code Execution Vulnerability Reflected XSS Vulnerability in Laborator Xenon Theme 1.3 for WordPress Default Installation Vulnerability in Lansweeper 6.0.x through 7.2.x XSS Vulnerability in osTicket 1.14.2: Agent-level Attack via Knowledgebase Category Name or Description Reflected XSS Vulnerability in Navigate CMS 2.8 and 2.9 r1433 Unauthenticated Password Reset Vulnerability in Navigate CMS 2.9 r1433 User Enumeration Vulnerability in Navigate CMS 2.9 r1433 Clear-text Storage of Sessions in Navigate CMS 2.9 r1433 Stored XSS Vulnerability in Navigate CMS 2.9 r1433: User and E-Mail Fields Weak Permissions for saveconfig.json in Open-iSCSI rtslib-fb through 2.1.72 Windows ActiveX Installer Service Elevation of Privilege Vulnerability ASP.net SMS Module Path Traversal Vulnerability Unrestricted File Upload Vulnerability in Ozeki NG SMS Gateway SSRF Vulnerability in Ozeki NG SMS Gateway 4.17.6 via SMS WCF or RSS To SMS Multiple Authenticated Stored and Reflected XSS Vulnerabilities in Ozeki NG SMS Gateway 4.17.6 CSRF Vulnerabilities in Ozeki NG SMS Gateway 4.17.6 CSV Injection in Export of Contacts Feature in Ozeki NG SMS Gateway Vulnerability: Unsafe Database Connection Strings in Ozeki NG SMS Gateway Path Traversal Vulnerability in Ozeki NG SMS Gateway Autoreply Module's Script Name XML External Entity (XXE) Vulnerability in Ozeki NG SMS Gateway VBScript Engine Memory Object Handling Remote Code Execution Vulnerability Arbitrary Code Execution via Deserialization in Ozeki NG SMS Gateway Vulnerability: File Deletion via Ozeki NG SMS Gateway's TXT File Module Privilege Escalation Vulnerability in ASRock 4x4 BOX-R1000 BIOS (before P1.40) via SMM Code Execution Buffer Overflow in janus-gateway: Exploiting a Crafted RTSP Server Buffer Overflow Vulnerability in janus-gateway (aka Janus WebRTC Server) through 0.10.0 Incomplete X.509 Certificate Verification in Go (CVE-2020-28362) Windows Runtime Object Handling Elevation of Privilege Vulnerability Infinite Loop Vulnerability in x/text Package for Go Codiad v1.7.8 and Later: Unsanitized Folder Name XSS Vulnerability CSRF Vulnerability in Codiad v1.7.8 and Later: Remote Code Execution via Marketplace Plugin Download Server-Side Request Forgery (SSRF) Vulnerability in Unsupported Codiad Versions Remote Unauthenticated Attackers Can Manipulate Installation Status in Zoho ManageEngine ServiceDesk Plus Viber for Windows Custom URI Handler Vulnerability Windows Mobile Device Management (MDM) Diagnostics Junction Handling Elevation of Privilege Vulnerability SQL Injection Vulnerability in SOKKIA GNR5 Vanguard WEB Version 1.2 Stored Cross-Site Scripting Vulnerability in Monsta FTP 2.10.1 or Below Server-Side Request Forgery Vulnerability in Monsta FTP 2.10.1 and Below Arbitrary File Read/Write Vulnerability in Monsta FTP 2.10.1 and Below Denial of Service Vulnerability in Squid's TLS Connection Handling Denial of Service Vulnerability in Squid 5.x Windows Network List Service Elevation of Privilege Vulnerability Vulnerability: FasterXML jackson-databind 2.x Deserialization RCE via JNDIConnectionPool Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Stored Cross-Site Scripting (XSS) Vulnerability in TC Custom JavaScript Plugin for WordPress Incorrect Access Control in IceWarp Email Server 12.3.0.1: A Critical Vulnerability IceWarp Email Server 12.3.0.1 File Upload and Disk Space Consumption Vulnerability IceWarp Email Server 12.3.0.1 Remote JavaScript File Upload Vulnerability ZIP Archive File Upload Vulnerability in Navigate CMS 2.9 SQL Injection Vulnerability in MK-AUTH 19.01's Web Login Functionality SQL Injection Vulnerabilities in MK-AUTH 19.01 Jet Database Engine Remote Code Execution Vulnerability Authentication Bypass Vulnerability in MK-AUTH 19.01 XSS Vulnerabilities in MK-AUTH 19.01 Allow Arbitrary JavaScript Code Execution Command Execution Vulnerability in MK-AUTH 19.01 Cross-Site Scripting (XSS) Vulnerability in PRTG Network Monitor 20.1.56.1574 via Crafted Map Properties Stack-based buffer overflow in TRENDnet TEW-827DRU ssi binary allows arbitrary code execution Command Injection Vulnerability in TRENDnet TEW-827DRU Devices (2.06B04) Stack-based Buffer Overflow in TRENDnet TEW-827DRU Devices (2.06B04) via ssi Binary Stack-based Buffer Overflow in TRENDnet TEW-827DRU ssi Binary Stack-based Buffer Overflow in TRENDnet TEW-827DRU ssi Binary Stack-based Buffer Overflow in TRENDnet TEW-827DRU ssi Binary Windows Font Library Remote Code Execution Vulnerability Stack-based Buffer Overflow in TRENDnet TEW-827DRU ssi Binary Command Injection Vulnerability in TRENDnet TEW-827DRU Devices (CVE-2021-XXXX) DirectWrite Object Memory Handling Remote Code Execution Vulnerability SQL Injection Vulnerability in CodePeople Payment Form for PayPal Pro Plugin IMAP Man-in-the-Middle Attack in Mutt before 1.14.3 Xiaomi Router R3600 ROM <1.0.20 Web Interface Injection Vulnerability Xiaomi Router R3600 Web Interface Injection Vulnerability Memory Overflow Vulnerability in Xiaomi AI Speaker Rom Version <1.59.6 during OTA Firmware Verification Unauthorized Path Download Vulnerability in Xiaomi Router AX6 ROM version < 1.0.18 Time Synchronization Vulnerability in Xiaomi Router AX1800rom and RM1800 Root Hard-coded Encryption Key Vulnerability in Xiaomi Router AX1800 and RM1800 Windows Address Book Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Xiaomi Router R3600 ROM Version<1.0.66 Token Leakage Vulnerability in Xiaomi Router AX1800rom and RM1800 Root Command Injection Vulnerability in Xiaomi Router AX1800rom and RM1800 Root SNO Information Disclosure Vulnerability in Xiaomi 10 MIUI < 2020.01.15 Race Condition Vulnerability in XQBACKUP Leads to Decompression Path Error on Xiaomi Router AX3600 (ROM Version 1.0.50) SNO Information Disclosure Vulnerability in Xiaomi 10 MIUI < 2020.01.15 Unauthorized Access to Running Processes in Xiaomi Mobile Phone MIUI < 2021.01.26 LAN Crash Vulnerability: Exploiting Stack Overflow in Cast's HTTP Server Command Injection Vulnerability in Xiaomi Router AX3600 (ROM version =< 1.1.12) Allows Remote Command Execution with Administrator Privileges Windows Kernel Object Handling Elevation of Privilege Vulnerability AX3600 Router Luci Interface Vulnerability: Unauthorized Access to Sensitive Information and Web Background Command Injection Vulnerability in Xiaomi Router AX3600 Xiaomi Router AX6000: Information Leak Vulnerability Xiaomi SmartHome APP: Information Leakage Vulnerability Command Injection Vulnerability in Xiaomi Router AX3600 Intent Redirection Vulnerability in Mi Browser: Exploiting Unverified Incoming Data for Sensitive Operations Improper Permission Configuration Vulnerability in Xiaomi Content Center APP Intent Redirection Vulnerability in Mi App Store Allows Automatic Installation of Apps Command Injection Vulnerability in Xiaomi Router AX3600 (rom< 1.1.12) - Remote Code Execution Memory Object Handling Vulnerability in Microsoft Graphics Components Xiaomi Models Vulnerable to Privilege Escalation via Third-Party App Parameter Manipulation Mi App Store Business Logic Vulnerability Allows Silent Local Installation Xiaomi Phones Vulnerability: Information Leakage and Identity Forgery Pointer Double Free Vulnerability in Some MIUI Services: Elevation of Privileges Code Execution Vulnerability in Xiaomi Router AX3600 (ROM < 1.1.12) via Buffer Overflow in librsa.so Out-of-Bound Read/Write Vulnerability in Xiaomi Phones Enables Denial of Service Attacks Mi Sound APP Information Leakage Vulnerability Xiaomi Phone Heap Overflow Vulnerability: Remote Denial of Service Exploit Identity Verification Failure in Xiaomi Product: Exploitable Logic Vulnerability with Privilege Elevation Windows Runtime Object Handling Elevation of Privilege Vulnerability Critical Vulnerability: Unauthorized Access to Sensitive Functions in Xiaomi Community App (Version <3.0.210809) Title: Xiaomi Security Center Acknowledges ADLab of VenusTech for Identifying Critical Vulnerability Windows Runtime Object Handling Elevation of Privilege Vulnerability Unauthenticated API Reveals WIFI Password and Enables Command Injection in Xiaomi Router Firmware Update (2020) Authenticated Remote Code Execution in Gitea's Git Hook Feature Observable Discrepancy Vulnerability in OpenSSH 5.7 through 8.6 Allows Information Leak Cross-Site Scripting (XSS) Vulnerability in KumbiaPHP Development Mode Integer Overflow in Redis Lua Struct Library Out-of-Bounds Access Vulnerability in ngIRCd Server-Server Protocol Implementation NULL Pointer Dereference Vulnerability in uftpd before 2.12 Windows Runtime Object Handling Elevation of Privilege Vulnerability Denial of Service Vulnerability in GNU Bison Excessive Memory Consumption Vulnerability in IJG JPEG (libjpeg) Out-of-Bounds Array Read Vulnerability in IJG JPEG (libjpeg) jdhuff.c Mutt before 1.14.3 Vulnerability: Connection Proceeds Despite Rejected Expired Intermediate Certificate Integer Overflow Vulnerability in libpcre prior to version 8.44 via (?C substring Weak File Permissions in OpenBMC Phosphor-Host-IPMID's User Channel Password Manager Unencrypted Wireless Communication Vulnerability in ABUS Secvest FUBE50001 Device RF Packet Vulnerability in ABUS Secvest FUMO50110 Hybrid Module Allows for wAppLoxx Authentication-Bypass Attacks SQL Injection Vulnerability in ConnectWise Automate's Automate API (CVE-2020-XXXX) Dependency Loading Elevation of Privilege Vulnerability in Visual Studio and Visual Studio Code Gotenberg 6.2.1 SSRF Vulnerability: Remote File Read and Intranet Resource Fetch HTML and JavaScript Injection Vulnerability in Gotenberg PDF Conversion (CVE-2021-XXXX) Privilege Escalation via Sudo Vulnerability in Pi-Hole Improper Memory Access in JerryScript 2.2.0 Cross Site Scripting (XSS) Vulnerability in Jira Server and Data Center WYSIWYG Editor Improper Authorization Vulnerability in Jira Server and Data Center Allows Information Disclosure of Custom Project Avatars Arbitrary HTML and JavaScript Injection via File Upload in Jira Service Desk Server and Data Center Jira Server and Data Center MessageBundleResource Denial of Service Vulnerability Jira Server and Data Center Email Client Man-in-the-Middle (MITM) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center before 8.9.1 Windows Kernel Elevation of Privilege Vulnerability Server-Side Request Forgery (SSRF) Vulnerability in Atlassian Bitbucket Server Unencrypted Repository Import Requests Vulnerability in Atlassian Bitbucket Server Remote Code Execution via Insecure Deserialization in Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Insecure Direct Object References (IDOR) Vulnerability in Atlassian Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Confluence Server and Data Center Regex-based Denial of Service (DoS) Vulnerability in JQL Version Searching in Atlassian Jira Server and Data Center Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Allows Project Key Enumeration Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Windows Diagnostics Hub Elevation of Privilege Vulnerability Information Disclosure Vulnerability in Atlassian Jira Service Desk Server and Data Center (CVE-2021-26084) Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Jira Server & Data Center Information Disclosure Vulnerability: Unauthorized Access to Support Entitlement Number (SEN) Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server Jira Server Vulnerability: Issue Key Enumeration via Missing Permissions Check Arbitrary Code Execution in Atlassian gajira-create GitHub Action (CVE-2021-12345) Arbitrary Code Execution in Atlassian Gajira-Comment GitHub Action Windows Kernel Memory Initialization Vulnerability Regex Denial of Service in Atlassian Fisheye/Crucible EyeQL (Versions before 4.8.4) Denial of Service (DoS) Vulnerability in Atlassian Fisheye/Crucible Information Disclosure Vulnerability in Atlassian Fisheye and Crucible Allows Remote Attackers to Access SEN Template Injection Vulnerability in Automation for Jira - Server Reverse Tabnapping Vulnerability in Zulip Server before 2.1.5 Deserialization Vulnerability in FasterXML Jackson-databind 2.x Improper Enforcement of ACL in PowerDNS Recursor Versions up to 4.3.1, 4.2.2, and 4.1.16 Remote Denial of Service Vulnerability in Bitcoin Core 0.20.0 BIP-143 Vulnerability: Exploiting Segwit Transaction Signing in Bitcoin Protocol Windows Error Reporting File Operations Vulnerability Arbitrary File Upload Vulnerability in Dolibarr CRM (CVE-2021-12345) XSS Vulnerability in WebFOCUS Business Intelligence 8.0 (SP6) via Arbitrary URL Parameters Cross-Site Request Forgery (CSRF) Vulnerability in WebFOCUS Business Intelligence 8.0 (SP6) XML External Entity (XXE) Injection Vulnerability in WebFOCUS Business Intelligence 8.0 (SP6) Administration Portal Improper Access Control in DiveBook Plugin 1.1.4 for WordPress Allows Unauthorized Manipulation of Dive Logs Unauthenticated XSS Vulnerability in DiveBook Plugin 1.1.4 for WordPress SQL Injection Vulnerability in DiveBook Plugin 1.1.4 for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in SuiteCRM 7.11.13 Documents Preview Functionality Arbitrary Code Execution and Access Control Bypass in Dolibarr LNK Remote Code Execution Vulnerability in Microsoft Windows Reflected Cross-Site Scripting (XSS) Vulnerability in MONITORAPP WAF: Execution of Script in Response to Request URL Information Heap-Based Buffer Overflow in FFmpeg's avio_get_str Function Customer Ticket Access Vulnerability Arbitrary Organization Access Vulnerability in Zammad Incorrect Access Control in Zulip Server: Administrator Role Added to Invitations Windows Runtime Object Handling Elevation of Privilege Vulnerability Server Information Exposure in HCL Digital Experience 8.5, 9.0, and 9.5 Reflected XSS Vulnerability in HCL Digital Experience 8.5, 9.0, 9.5 Cross-Site Scripting (XSS) Vulnerability in HCL Digital Experience 8.5, 9.0, 9.5 Stack Buffer Overflow in HCL Notes v9 MIME Message Handling Tabnabbing Vulnerability in HCL iNotes Allows for Phishing Attacks and Credential Theft Windows Subsystem for Linux File Handling Elevation of Privilege Vulnerability HCL Domino Denial of Service Vulnerability Stack Buffer Overflow Vulnerability in HCL Client Application Access v9 Stack Buffer Overflow Vulnerability in HCL Notes v9 Input Parameter Handling Denial of Service Vulnerability in HCL Domino Server Windows Update Stack Elevation of Privilege Vulnerability Stored Cross-site Scripting (XSS) Vulnerability in HCL Notes Versions Prior to 9.0.1 FP10 IF8, 10.0.1 FP6, and 11.0.1 FP1 Stack Buffer Overflow Vulnerability in Domino Server MIME Message Handling (Versions 9 and 10) Unauthenticated Access to Critical Functionality in HCL OneTest UI V9.5, V10.0, and V10.1 Weak Basic Authentication in HCL OneTest Performance V9.5, V10.0, V10.1 Inadequate Session Timeout in HCL OneTest Performance V9.5, V10.0, V10.1 Insecure Session Cookie Handling in BigFix Inventory v10.0.2 Windows Codecs Library Remote Code Execution Vulnerability TLS-RSA Cipher Suites Not Disabled in HCL BigFix Inventory: Passive Traffic Recording and Decryption Vulnerability Container-based vulnerabilities in HCL Digital Experience 9.5 expose sensitive data to unauthorized parties via crafted requests Denial of Service Vulnerability in HCL Notes Versions 9-11: Remote Email Exploit Windows Kernel Object Memory Handling Vulnerability Buffer Overflow Vulnerability in HCL Domino DXL Input Validation Critical Vulnerability: HCL Traveler Companion Exposes iOS Devices to Weak Cryptographic Process via MobileIron AppConnect SDK Critical Vulnerability: HCL Traveler Companion Exposes iOS Devices to Weak Cryptographic Process via MobileIron AppConnect SDK Stack Buffer Overflow Vulnerability in Notes Client MIME Message Handling (Versions 9 and 10) Windows Network Connections Service Elevation of Privilege Vulnerability Information Disclosure Vulnerability in HCL Domino XPages Stored Cross-Site Scripting (XSS) Vulnerability in HCL iNotes v9, v10, and v11 HCL Domino Public API Input Validation DoS Vulnerability User Personal Data Disclosure Vulnerability in HCL Commerce 9.0.1.9 - 9.0.1.14 and 9.1 - 9.1.4 HCL Commerce Multiple Vulnerabilities: Denial of Service, User Data Disclosure, and Unauthorized Administrative Operations Windows Network Connections Service Elevation of Privilege Vulnerability Windows Error Reporting Manager Elevation of Privilege Vulnerability Bluetooth BR/EDR Transport Vulnerability in COVIDSafe Application Arbitrary Command Execution in Secudos DOMOS 5.8 via Shell Metacharacters in conf_datetime Zone Field Persistent XSS Vulnerability in Secudos Qiata FTA 1.70.19 Comment Feature Remote Command Execution via SQL Injection in Cacti 1.2.12 Server-Side Request Forgery (SSRF) Vulnerability in Red Hat CloudForms 4.7 and 5 Denial of Service Vulnerability in Wildfly's EJB Client Vulnerability: Docker version 1.13.1-108.git4ef4b30.el7 Missing Fix for CVE-2019-5736 Authentication Bypass Vulnerability in JBoss EAP Windows UPnP Device Host Memory Handling Elevation of Privilege Vulnerability Vulnerability: Security Regression in Docker Packages for Red Hat Enterprise Linux 7 Extras Information Disclosure Vulnerability in libvirt: Exposing HTTP Cookies in XML Dump Replay Attack Vulnerability in Keycloak's External Identity Provider Endpoint Samba AD DC NBT Server Crash Vulnerability Linux Kernel Ethernet Driver Memory Disclosure Vulnerability Linux Kernel H.323 Connection Tracking Denial of Service Vulnerability Incorrect Access Control Flaw in openshift-service-mesh/istio-rhel8-operator Allows Unauthorized Deployment of Custom Gateway/Pod Denial of Service Vulnerability in Wildfly's Enterprise Java Beans (EJB) Grub2 Memory Allocator Arithmetic Overflow Vulnerability Arithmetic Overflow and Heap-Based Buffer Overflow in Grub2 with Squashfs Symbolic Link Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Heap-based Buffer Overflow in grub2 read_section_as_string() Function Arithmetic Overflow Vulnerability in Grub2 Handling Symlink on Ext Filesystems Open Resolver Vulnerability in Dnsmasq Allows DDoS Attacks Information Disclosure Vulnerability in Red Hat Quay: Exposing Robot Account Names and Private Repositories Linux Kernel Memory Out-of-Bounds Read Vulnerability in ext3/ext4 File System Memory Corruption Vulnerability in bspatch Allows Arbitrary Write Vulnerability in kubevirt 0.29 and earlier allows unauthorized access to host filesystem Vulnerability Title: JBoss EAP-CD PID File Manipulation Privilege Escalation Samba File and Directory Permissions Vulnerability Vulnerability: Cross-Site Request Forgery (CSRF) in AMQ Online Console Skype for Business Internet Explorer Information Disclosure Vulnerability Reflected XSS Vulnerability in Moodle Admin Task Log Filter Self-Assignment of Manager Role Vulnerability in Moodle Denial of Service Vulnerability in Moodle's yui_combo Null Pointer Dereference Vulnerability in Samba's Winbind Service Out of Band OS Command Injection Vulnerability in Red Hat CloudForms User Impersonation Authorization Flaw in Red Hat CloudForms before 5.11.7.0 RESTEasy Vulnerability: Hash Flooding Denial of Service Server-side Request Forgery (SSRF) Vulnerability in Ansible Tower Server Side Request Forgery (SSRF) Vulnerability in Ansible Tower Sensitive Data Exposure in Ansible Tower: Unauthorized Access to Labels and Organization Names Memory Object Handling Vulnerability in Microsoft Edge PDF Reader Improper Output Neutralization in Ansible uri Module Exposes Sensitive Data Vulnerability: Linux Kernel VGA Console Resize Privilege Escalation Sensitive Data Exposure in Ansible Engine's Module Args Unfiltered User-Controllable Parameters in Ovirt Engine Web Interface Enable Reflected Cross-Site Scripting Attack Cache File Privilege Escalation Vulnerability in Red Hat Satellite 6 Red Hat Satellite OMAPI Secrets Disclosure Vulnerability Denial of Service Vulnerability in Restricted Security Context Constraints (SCC) Allows Pod-based Network Packet Manipulation Tower Data Exposure Vulnerability Vulnerability in Wildfly's Xerces Implementation: XMLSchemaValidator Manipulation Privilege Escalation Vulnerability in libvirt Allows Unauthorized Access to Host Operating System Windows Sync Host Service Elevation of Privilege Vulnerability XNIO File Descriptor Leak Vulnerability Unauthorized SMTP Connection Scanning Vulnerability in Red Hat Single Sign On v7.x Arbitrary Command Injection Vulnerability in cifs-utils' mount.cifs Arbitrary Code Execution Vulnerability in PyYAML Library (CVE-2021-28918) Integer Overflow and Heap-Buffer Overflow Vulnerability in libX11 Privilege Escalation Vulnerability in X.Org Server's XkbSetNames Function Integer Underflow Vulnerability in xorg-x11-server Xorg-Server Memory Initialization Vulnerability AMQ Online 1.5.2 User AddressSpace Configuration Injection Vulnerability PostgreSQL Logical Replication Search_Path Sanitization Vulnerability GDI+ Remote Code Execution Vulnerability Insecure search_path Handling in PostgreSQL Extension Installation Script Use-After-Free Memory Flaw in Linux Kernel's Perf Subsystem Allows Privilege Escalation Directory Traversal Vulnerability in librepo: Remote Repository Metadata Path Sanitization Flaw Use-after-free and Double-free Vulnerability in c-ares lib Version 1.16.0 Buffer Overflow Vulnerabilities in SPICE Remote Display System Linux Kernel cgroupv2 Subsystem Null Pointer Dereference Vulnerability Vulnerability: Bypassing Keycloak Gatekeeper with Lower Case HTTP Headers Windows Font Library Remote Code Execution Vulnerability X.Org Server Privilege Escalation Vulnerability Integer Underflow Leading to Heap-Buffer Overflow Privilege Escalation Vulnerability in X.Org Server Integer Underflow Leading to Heap-Buffer Overflow Privilege Escalation Vulnerability in X.Org Server Title: Integer Overflow Vulnerability in libX11 Allows for Arbitrary Code Execution USB Emulator Out-of-Bounds Read/Write Access Vulnerability in QEMU Vulnerability: GPG Signature Bypass in Ansible Engine Path Traversal Vulnerability in Keycloak: Limited Exposure of Specific Folder Hierarchies Path Traversal Vulnerability in chrony Cross-Site WebSocket Hijacking (CSWH) Vulnerability in Eclipse Che Title: Red Hat CloudForms Cross Site Request Forgery Vulnerability Allows Unwanted Actions Execution Windows Network Location Awareness Service Elevation of Privilege Vulnerability Information Disclosure Vulnerability in Containers/Podman: Leakage of Environment Variables between Containers Red Hat Satellite Credential Leak Vulnerability Exposes Compute Resource Credentials Vulnerability: Grub2 Secure Boot Bypass via ACPI Command Use After Free Vulnerability in igc_reloc_struct_ptr() of Ghostscript-9.25 Allows Denial of Service Buffer Overflow Vulnerability in dpdk's copy_data Function Vulnerability in DPDK Allows Unauthorized Memory Modification in Virtual Machines Buffer Overflow Vulnerability in dpdk Versions before 18.11.10 and 19.11.5 Buffer Over Read Vulnerability in DPDK Integer Underflow in `move_desc` Function in DPDK Versions before 18.11.10 and 19.11.5 Vulnerability: XEE Attack in Red Hat AMQ Broker via Configuration Files Windows Network Connections Service Elevation of Privilege Vulnerability Account Takeover Vulnerability in Red Hat Satellite 6.7.2 and Later Versions Vulnerability: Privilege Escalation and Memory Corruption in Linux Kernel's Futex Implementation Vulnerability: Memory Overflow in LUKS2 Format Validation Code Samba DNS Server Vulnerability: Authenticated User Can Crash RPC Server Incomplete Fix for Denial of Service Vulnerability in JBossWeb XFS File System Metadata Validator Failure Vulnerability Linux Kernel Memory Corruption Vulnerability Rsync Host Mismatch Vulnerability Bypassing Member Permissions in Red Hat 3scale API Management Platform Account Console Access Control Bypass in Keycloak PerformancePoint Services Remote Code Execution Vulnerability Linux Kernel Out-of-Bounds Memory Write Vulnerability with Screen Size Change Vulnerability: Unauthorized Access to Red Hat Customer Portal Credentials in GNOME Control Center Untrusted Pointer Dereference Vulnerability in Perl-DBI < 1.643 Buffer Overflow Vulnerability in perl-DBI < 1.643 in DBI.xs Denial of Service Vulnerability in QEMU USB xHCI Controller Emulation NULL Pointer Dereference in LibVNCServer before 0.9.13 NULL Pointer Dereference in LibVNCServer's rfbregion.c Infinite Loop Vulnerability in LibVNCServer Vulnerability in LibVNCServer: Byte-aligned Data Access Issue Tampering Vulnerability in Microsoft SharePoint Server Allows Unauthorized Modification of User Profiles Byte Alignment Vulnerability in LibVNCServer Integer Overflow in LibVNCServer's scale.c Out-of-Bounds Access Vulnerability in LibVNCServer Out-of-Bounds Access Vulnerability in LibVNCServer Out-of-Bounds Access Vulnerability in LibVNCServer's rre.c Unbounded TextChat Size Vulnerability in LibVNCServer Reflected XSS Vulnerability in Agentejo Cockpit 0.10.2 Integer Overflow and Heap Corruption in SDL_BlitCopy via Crafted .BMP File Heap-Based Buffer Over-read Vulnerability in SDL (Simple DirectMedia Layer) 2.0.12 Remote Command Execution Vulnerability in NeDi 1.9C via System-Snapshot.php XSS Vulnerability in NeDi 1.9C: Incorrect Implementation of sanitize() in inc/libmisc.php Remote Command Execution Vulnerability in NeDi 1.9C via pwsec.php POST Request Buffer Position Mishandling in QEMU's audio/ossaudio.c (CVE-2020-13754) Race condition in slip and slcan line discipline leads to use-after-free vulnerability in Linux kernel (CVE-2020-12345) TOCTOU Vulnerability in madCodeHook Allows Privilege Escalation via Directory Junctions Office Web Apps Server Spoofing Vulnerability Arbitrary Command Execution in aaPanel through 6.6.6 via Add Cron Job Screen Improper Hash Computation in IPv4Interface and IPv6Interface Classes in Python Predictable CONVOS_LOCAL_SECRET value in Convos before 4.20 XSS Vulnerability in Cacti Template Import for Midwinter Theme Remote Command Execution Vulnerability in Foxit Reader 9.x and earlier Administrative Credentials Disclosure Vulnerability in Certain NETGEAR Devices Disclosure of Administrative Credentials in Certain NETGEAR Devices Disclosure of Administrative Credentials in Certain NETGEAR Devices Administrative Credentials Disclosure Vulnerability in Certain NETGEAR Devices Microsoft SharePoint Spoofing Vulnerability Disclosure of Administrative Credentials in Certain NETGEAR Devices Disclosure of Administrative Credentials in Certain NETGEAR Devices CSRF Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices SharePoint Email Parsing Remote Code Execution Vulnerability Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Certain NETGEAR Devices SQL Injection Vulnerability in Dolibarr 11.0.3: Remote Code Execution via id Parameter Reflected Cross-Site Scripting (XSS) Vulnerability in WSO2 Identity Server and Key Manager Reflected Cross-Site Scripting (XSS) Vulnerability in WSO2 Identity Server and Key Manager Management Console Basic Policy Editor Open Redirect Vulnerability in WSO2 Identity Server and Key Manager Denial of Service Vulnerability in Mattermost Server (MMSA-2020-0021) Denial of Service Vulnerability in Mattermost Server (MMSA-2020-0020) Disclosure of Authorization Tokens in Mattermost Mobile Apps (MMSA-2020-0018) Microsoft Office Memory Disclosure Vulnerability Denial of Service Vulnerability in Mattermost Server Markdown Renderer (MMSA-2020-0017) Persistent Single Sign-On Cookies and Local Storage after Logout in Mattermost Mobile Apps Directory Traversal Vulnerability in Mattermost Server (MMSA-2020-0014) Improper Socket Read Restriction in Mattermost Server (MMSA-2020-0005) Server Redirection Vulnerability in Mattermost Desktop App (MMSA-2020-0008) Mattermost Desktop App HTTP Basic Authentication Phishing Vulnerability Mattermost Desktop App Same Origin Policy Mishandling Vulnerability Broadcasted Team Details Disclosure Vulnerability in Mattermost Server Mattermost Server Information Disclosure Vulnerability (MMSA-2020-0004) Channel Renaming Vulnerability in Mattermost Server (MMSA-2020-0002) Microsoft Word Remote Code Execution Vulnerability (CVE-2020-1449) Unprivileged Creation of Trusted OAuth Application in Mattermost Server (MMSA-2020-0001) Directory Traversal Vulnerability in Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 Devices Cross-Site Scripting (XSS) Vulnerability in CALDERA 2.7.0 via Operation Name Box Microsoft Word Remote Code Execution Vulnerability (CVE-2020-1447) Helm Chart Repository Password Leakage Vulnerability in Octopus Deploy Command-Injection Vulnerabilities in Draytek Vigor Routers Critical Stack-Based Buffer Overflow Vulnerability in Vigor3900, Vigor2960, and Vigor300B Firmware Hardcoded Key Material Vulnerability in Cellebrite UFED Physical Device Reflected Cross-Site Scripting (XSS) Vulnerability in Dolibarr 11.0.3 via public/notice.php Unauthenticated Access and Modification Vulnerability in Philips Ultrasound Systems XML External Entity (XXE) Attack: Exploiting Weakly Configured XML Files for Arbitrary File Access Unauthenticated Querying of Server Allows Unauthorized Access to Sensitive Serialized Data Microsoft Word Remote Code Execution Vulnerability (CVE-2020-1448) Plaintext Storage of Credentials in RAM Vulnerability Weak Encryption Algorithm in DeskLock Tool Allows for Credential Decryption and Unauthorized Access Heap Overflow Vulnerability in Delta Industrial Automation DOPSoft TLS Handshake Timeout Vulnerability Account Lockout Bypass Vulnerability in OpenClinic GA Versions 5.09.02 and 5.89.05b Vulnerability: Bypassing Client-side Access Controls and Execution of Admin Functions in OpenClinic GA Versions 5.09.02 and 5.89.05b Bypassing Permission/Authorization Checks in OpenClinic GA 5.09.02 and 5.89.05b: Unauthorized Command Execution Hidden Default User Account Vulnerability in OpenClinic GA 5.09.02 Arbitrary File Upload Vulnerability in OpenClinic GA 5.09.02 and 5.89.05b Inadequate Hashing Complexity in OpenClinic GA 5.09.02 and 5.89.05b Unvalidated Source Markup in Microsoft Project Enables Remote Code Execution Arbitrary Local File Inclusion and File Execution Vulnerability in OpenClinic GA 5.09.02 and 5.89.05b SQL Injection Vulnerability in OpenClinic GA Versions 5.09.02 and 5.89.05b Cross-Site Scripting (XSS) Vulnerability in OpenClinic GA 5.09.02 and 5.89.05b Arbitrary File Write and Command Execution Vulnerability in OpenClinic GA 5.09.02 and 5.89.05b Insufficient Complexity in Authentication Mechanism of OpenClinic GA Versions 5.09.02 and 5.89.05b Privilege Escalation and Remote Code Execution Vulnerability in Mitsubishi Electric Factory Automation Engineering Software Products Multiple SQL Injection Vulnerabilities in Advantech iView 5.6 and Prior Versions Stack-Based Buffer Overflow in HMS Industrial Networks AB eCatcher (Versions Prior to 6.5.5) Improper Access Control Vulnerability in Advantech iView 5.6 and Prior Microsoft Office SharePoint XSS Vulnerability Arbitrary Data Overwrite Vulnerability in Secomea GateManager (Versions prior to 9.2c) Improper Authentication in Advantech iView Allows Unauthorized Access and Account Manipulation Stored XSS Vulnerability in 1734-AENTR Communication Module's Web Interface Remote Code Execution Vulnerability in Advantech iView 5.6 and Prior Authentication Bypass Vulnerability in 1734-AENTR Communication Module Command Injection Vulnerability in Advantech iView 5.6 and Prior Input Validation Vulnerability in Philips Clinical Collaboration Platform Multiple Path Traversal Vulnerabilities in Advantech iView 5.6 and Prior Versions Off-by-One Error in GateManager Prior to 9.2c: Remote Code Execution and Denial-of-Service Vulnerability Memory Corruption Vulnerabilities in CodeMeter Packet Parser Microsoft Office SharePoint XSS Vulnerability Hard-coded Telnet Credential Vulnerability in GateManager Versions Prior to 9.2c Stack-based Buffer Overflow Vulnerability in EDR-G902 and EDR-G903 Series Routers (Versions prior to 5.4) via Crafted Web Browser Cookie Weak Hash Type Vulnerability in GateManager Versions Prior to 9.2c CodeMeter License File Processing Vulnerability Vulnerability: Sniffing Trailer Power Line Communications from a Distance Arbitrary License File Forgery in CodeMeter Improper Password Hashing Vulnerability in Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 and 6.11.00 Remote Code Execution Vulnerability in CodeMeter Protocol Encryption Information Leakage in Philips DreamMapper, Version 2.24 and prior WebSockets API Vulnerability in CodeMeter: License File Alteration and Creation Remote Code Execution Vulnerability in Microsoft SharePoint Ignition 8 (all versions prior to 8.0.13) Information Leak Vulnerability Critical Malicious Code Execution Vulnerability in Mitsubishi Electric Factory Automation Software Uncontrolled Resource Consumption Vulnerability in Softing Industrial Automation Arbitrary Code Execution Vulnerability in Mitsubishi Electric Factory Automation Products Heap-Based Buffer Overflow in Softing Industrial Automation Cross-Site Scripting (XSS) Vulnerability in Philips Clinical Collaboration Platform Unauthenticated Remote Code Execution Vulnerability in Primavera Portfolio Management Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Remote Code Execution Vulnerability in Microsoft SharePoint Unauthenticated Access Vulnerability in Oracle Security Service of Oracle Fusion Middleware (CVE-2021-12345) Vulnerability in Oracle Siebel CRM: Unauthorized Access and Data Compromise in Siebel UI Framework Vulnerability in Oracle Commerce Platform: Unauthorized Data Manipulation Vulnerability in Oracle Commerce Platform: Unauthorized Data Access and Manipulation Vulnerability in Oracle Applications Framework: Unauthorized Access and Data Compromise Oracle Commerce Service Center Unauthenticated Access Vulnerability Oracle Commerce Guided Search / Oracle Commerce Experience Manager Unauthorized Access Vulnerability Vulnerability in Oracle Solaris Packaging Scripts Allows Unauthorized Denial of Service MySQL Server Denial of Service Vulnerability Microsoft SharePoint Reflective XSS Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Hyperion Financial Close Management Allows Unauthorized Data Manipulation Oracle Solaris libsuri Vulnerability: Unauthorized Data Access Critical Vulnerability in Oracle Hospitality Reporting and Analytics: Takeover Risk Unauthorized Data Access Vulnerability in Oracle Transportation Management 6.4.3 Oracle Solaris Device Driver Utility Vulnerability Vulnerability in Oracle Hyperion Financial Close Management Allows Unauthorized Data Manipulation MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Business Intelligence Enterprise Edition Unauthenticated Remote Code Execution Vulnerability in Primavera Portfolio Management Microsoft SQL Server Management Studio Denial of Service Vulnerability Vulnerability in Oracle MySQL Client: Unauthorized Denial of Service (DoS) Unauthorized Data Manipulation Vulnerability in Oracle AutoVue Oracle WebCenter Portal Security Framework Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Manipulation Vulnerability in Oracle Application Object Library Allows Unauthorized Data Manipulation Oracle Marketing Unauthenticated Remote Code Execution Vulnerability Java SE and Java SE Embedded Vulnerability: Unauthorized Access and Data Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle WebLogic Server Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools MySQL Server Information Schema Unauthorized Read Access Vulnerability Microsoft Office SharePoint XSS Vulnerability Unauthorized Access Vulnerability in Oracle Hyperion BI+ (Version 11.1.2.4) Critical Vulnerability in Oracle Hospitality Reporting and Analytics: Takeover Risk Vulnerability in Oracle Java SE ImageIO Component: Unauthorized Partial Denial of Service Vulnerability in Oracle Enterprise Communications Broker: Unauthorized Data Access and Manipulation High Privilege Unauthorized Data Manipulation Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Oracle Unified Directory Product Vulnerability: Unauthorized Data Access and Denial of Service Unauthenticated Remote Code Execution Vulnerability in Primavera Portfolio Management MySQL Server Replication Vulnerability: Unauthorized Hang and Crash Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Vulnerability in Oracle FLEXCUBE Investor Servicing Allows Unauthorized Data Access and Modification Microsoft Windows Codecs Library Remote Code Execution Vulnerability Oracle BI Publisher Vulnerability: Unauthorized Access and Data Compromise Oracle BI Publisher Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle WebLogic Server Console Allows Unauthorized Data Access and Manipulation Unauthenticated Access Vulnerability in Oracle Java SE Oracle Communications Interactive Session Recorder Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server UDF Vulnerability: Unauthorized Hang and Crash Attacks Java SE, Java SE Embedded Vulnerability: Unauthorized Read Access via TLS Java SE and Java SE Embedded Vulnerability: Unauthorized Partial Denial of Service Java SE and Java SE Embedded Vulnerability: Unauthorized Partial Denial of Service Microsoft Office DLL Loading Remote Code Execution Vulnerability Vulnerability in Oracle Communications Session Border Controller Allows Unauthorized Access and Data Manipulation Java SE, Java SE Embedded 2D Vulnerability: Unauthorized Data Access Oracle iStore User Registration Vulnerability Vulnerability in Oracle Java SE and Java SE Embedded: Remote Code Execution Oracle BI Publisher Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Vulnerability in Oracle PeopleSoft Enterprise FIN Expenses: Unauthorized Data Access and Manipulation Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Denial of Service Vulnerability ARM Speculative Execution Information Disclosure Vulnerability Oracle Applications Framework Page Request Unauthorized Read Access Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Server Crash Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Java SE and Java SE Embedded: Unauthorized Data Access Highly Exploitable Vulnerability in Oracle Hospitality Reporting and Analytics: Takeover Risk Oracle iLearning Assessment Manager Unauthenticated Remote Access Vulnerability Oracle iStore Address Book Unauthenticated Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability Oracle CRM Gateway for Mobile Devices Unauthenticated Access Vulnerability Oracle CRM Gateway for Mobile Devices Unauthenticated Access Vulnerability Remote Code Execution Vulnerability in Microsoft SharePoint Server Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access and Manipulation Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access and Modification Oracle Financial Services Analytical Applications Infrastructure Unauthorized Read Access Vulnerability Oracle Financial Services Analytical Applications Infrastructure Unauthorized Read Access Vulnerability Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access Oracle SD-WAN Edge User Interface Unauthenticated Remote Code Execution Vulnerability Oracle Fusion Middleware MapViewer Tile Server Unauthenticated Access Vulnerability Oracle Fusion Middleware MapViewer Tile Server Unauthenticated Access Vulnerability Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Microsoft Defender MpSigStub.exe Elevation of Privilege Vulnerability Vulnerability in Oracle Applications Framework: Unauthorized Access and Data Compromise Vulnerability in Oracle WebCenter Portal: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle PeopleSoft Enterprise HRMS (Time and Labor Component) Allows Unauthorized Data Access and Manipulation Vulnerability in Oracle WebCenter Sites: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access and Manipulation Oracle Hospitality Reporting and Analytics: Unauthorized Data Access Vulnerability Vulnerability in Primavera Unifier Allows Unauthorized Access to Critical Data Title: Critical Unauthenticated Access Vulnerability in Oracle Primavera Unifier Mobile App (Prior to 20.6) MySQL Server Denial of Service Vulnerability Skype for Business EdgeHTML-based Information Disclosure Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Java SE (JAXP Component): Unauthorized Data Manipulation Oracle WebLogic Server Core Vulnerability Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Vulnerability in Oracle MySQL Server: JSON Component Allows for Denial of Service (DoS) Attacks Oracle WebLogic Server Remote Code Execution Vulnerability Unauthenticated Takeover Vulnerability in Oracle Business Intelligence Enterprise Edition Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Oracle VM VirtualBox Allows Takeover (CVE-2020-14628) Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data SharedStream Library Elevation of Privilege Vulnerability Vulnerability in Oracle Enterprise Session Border Controller: File Upload Component Vulnerability in Oracle MySQL Server: Unauthorized Server Crash MySQL Server Denial of Service Vulnerability Title: High Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) MySQL Server InnoDB Component Unauthorized Read Access Vulnerability Oracle E-Business Suite Application Object Library Unauthorized Read Access Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Windows File Signature Validation Spoofing Vulnerability Oracle WebLogic Server Sample Apps Unauthenticated Remote Code Execution Vulnerability Critical Vulnerability in Oracle MySQL Server: Unauthorized Access to Critical Data Oracle Coherence CacheStore Denial of Service Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Oracle WebLogic Server Remote Code Execution Vulnerability Oracle WebLogic Server Unauthenticated Takeover Vulnerability Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox: High Privileged Takeover (CVE-2020-XXXX) Arbitrary File Deletion Vulnerability in Microsoft OneDrive Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle MySQL Server: Unauthorized Access and Denial of Service Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability Oracle Security Service SSL API Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle CRM Technical Foundation of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Marketing Product Vulnerability: Unauthorized Access and Data Manipulation Oracle CRM Technical Foundation Preferences Unauthenticated Remote Code Execution Vulnerability Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability Vulnerability in Oracle CRM Technical Foundation: Unauthorized Access and Data Compromise Oracle CRM Technical Foundation Preferences Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Access and Data Manipulation Privilege Escalation Vulnerability in Oracle MySQL Server Java SE Product Vulnerability: Unauthenticated Takeover via JavaFX (CVE-2020-14781) Oracle Trade Management Invoice Vulnerability Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle CRM Technical Foundation of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle E-Business Intelligence of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Configurator Vulnerability in UI Servlet (12.1 and 12.2) - Unauthorized Access and Data Compromise Windows Hard Links Elevation of Privilege Vulnerability Vulnerability in Oracle Advanced Outbound Telephony Allows Unauthorized Access and Data Manipulation Oracle Advanced Outbound Telephony User Interface Unauthenticated Remote Code Execution Vulnerability MySQL Server Stored Procedure Denial of Service Vulnerability Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox: High Privileged Takeover Vulnerability in Oracle VM VirtualBox: High Privileged Takeover Vulnerability in Oracle VM VirtualBox: High Privileged Takeover Privilege Escalation Vulnerability in Oracle MySQL Server Oracle CRM Technical Foundation Denial of Service Vulnerability Windows GDI Memory Disclosure Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle E-Business Intelligence of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Manipulation Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Data Access Oracle iSupport Product Vulnerability: Unauthorized Access and Data Compromise Oracle WebLogic Server Remote Code Execution Vulnerability Vulnerability in Oracle Common Applications of Oracle E-Business Suite: Unauthorized Access and Data Compromise Bond Denial of Service Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Access and Data Compromise Vulnerability in Oracle Financial Services Liquidity Risk Management: Unauthorized Data Access and Modification Oracle Financial Services Loan Loss Forecasting and Provisioning User Interface Unauthorized Data Manipulation Vulnerability Vulnerability in Oracle Insurance Accounting Analyzer: Unauthorized Data Access Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access and Data Compromise Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Oracle BI Publisher Layout Templates Unauthenticated Access Vulnerability Privilege Escalation Vulnerability in Oracle MySQL Server Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access and Data Compromise Vulnerability in Oracle VM VirtualBox Allows Takeover Windows Work Folders Service Memory Handling Elevation of Privilege Vulnerability Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Oracle SD-WAN Aware User Interface Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Hang or Crash Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Oracle GoldenGate Process Management Vulnerability Unauthenticated Remote Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management Vulnerability in Oracle VM VirtualBox: Unauthorized Hang or Crash Vulnerability in Oracle Retail Applications' Customer Management and Segmentation Foundation: Unauthorized Data Manipulation Oracle Retail Applications Customer Management and Segmentation Foundation Card Component Unauthorized Data Access Vulnerability Elevation of Privilege Vulnerability in Microsoft Windows CloudExperienceHost Oracle Retail Applications Customer Management and Segmentation Foundation Unauthorized Data Access Vulnerability Vulnerability in Oracle VM VirtualBox: Privilege Escalation and Takeover (CVE-2020-14711) Vulnerability in Oracle VM VirtualBox: Unauthorized Data Access Vulnerability in Oracle VM VirtualBox Allows Takeover Oracle VM VirtualBox Prior to 5.2.44, 6.0.24, and 6.1.12 Denial of Service Vulnerability Oracle VM VirtualBox Prior to 5.2.44, 6.0.24, and 6.1.12 Denial of Service Vulnerability Vulnerability in Oracle Common Applications of Oracle E-Business Suite: Unauthorized Data Manipulation Vulnerability in Oracle Common Applications of Oracle E-Business Suite: Unauthorized Data Manipulation Oracle GraalVM Enterprise Edition Vulnerability: Remote Takeover Vulnerability in Oracle Internet Expenses: Unauthorized Data Access and Modification Netlogon Elevation of Privilege Vulnerability Vulnerability in Oracle Internet Expenses: Unauthorized Access to Critical Data Vulnerability in Oracle Enterprise Communications Broker: Unauthorized Data Access and Partial Denial of Service Oracle Enterprise Communications Broker WebGUI Unauthenticated Access Vulnerability Oracle Help Technologies Product Vulnerability Oracle Solaris Device Driver Utility Vulnerability: Unauthorized Takeover of Oracle Solaris MySQL Server Denial of Service Vulnerability Vulnerability in SuiteCommerce Advanced (SCA) component of Oracle NetSuite: Unauthorized Data Access and Manipulation Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service prior to 2020.1.4 Windows Jet Database Engine Remote Code Execution Vulnerability Oracle Retail Customer Management and Segmentation Foundation Unauthorized Data Access Vulnerability Oracle Retail Customer Management and Segmentation Foundation: Unauthorized Data Access Vulnerability Oracle Text Component Takeover Vulnerability Oracle Database Server Scheduler Component Vulnerability Database Vault Privilege Escalation Vulnerability Windows Image Acquisition (WIA) Service Memory Disclosure Vulnerability SQL Developer Install Component Vulnerability in Oracle Database Server Oracle Database Server Database Filesystem Component Vulnerability Oracle Database Server Core RDBMS Component Unauthorized Data Manipulation Vulnerability Java VM Component Vulnerability in Oracle Database Server Oracle REST Data Services Vulnerability: Unauthorized Access to Critical Data Oracle REST Data Services Unauthorized Read Access Vulnerability Vulnerability in Oracle Applications Framework: Unauthorized Data Manipulation Elevation of Privilege Vulnerability in srmsvc.dll Oracle WebLogic Server Console Unauthenticated Takeover Vulnerability High Privilege Vulnerability in Oracle Hyperion Lifecycle Management (Shared Services Component) Vulnerability in Oracle Hospitality Reporting and Analytics: Unauthorized Access to Critical Data Oracle Solaris Filesystem Vulnerability: Unauthorized Hang and Crash Exploit Oracle Coherence Unauthenticated Network Access Vulnerability Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Oracle Solaris Kernel Vulnerability: Unauthorized Access and Partial Denial of Service Oracle Solaris Kernel Vulnerability: Unauthorized Data Access and Manipulation Improper Access Control in ASP.NET and .NET Web Applications on IIS Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Server Crash Oracle Applications Manager Vulnerability: Unauthorized Access and Data Manipulation Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express Quick Poll Component of Oracle Database Server (CVE-2020-XXXX) High Privilege Vulnerability in Oracle Hyperion Planning (11.1.2.4) Allows Unauthorized Data Manipulation MySQL Server Vulnerability: Unauthorized Hang and Crash Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability High Privilege Network Access Vulnerability in Oracle Hyperion BI+ (IQR-Foundation Service) Vulnerability in Oracle Hyperion Analytic Provider Services: Unauthorized Data Access and Partial Denial of Service MySQL Server Denial of Service Vulnerability Windows Media Foundation Memory Corruption Vulnerability Unauthorized Read Access Vulnerability in Oracle Hyperion BI+ (IQR-Foundation Service) LDAP Auth Vulnerability in Oracle MySQL Server High Privilege Vulnerability in Oracle Hyperion Lifecycle Management (Shared Services Component) MySQL Server Denial of Service Vulnerability Oracle CRM Technical Foundation Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle PeopleSoft Enterprise HCM Global Payroll Core (9.2) Allows Unauthorized Data Access and Partial Denial of Service Java SE, Java SE Embedded Serialization Vulnerability Windows Media Foundation Memory Corruption Vulnerability Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Unauthenticated Access Vulnerability in Oracle Java SE (JNDI Component) Unauthenticated Access Vulnerability in Oracle Java SE and Java SE Embedded Unauthenticated Network Access Vulnerability in Oracle Hospitality RES 3700 (CAL Component) Oracle BI Publisher Unauthenticated Remote Code Execution Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Communications Diameter Signaling Router (DSR) User Interface Vulnerability in Oracle Communications Diameter Signaling Router (DSR) User Interface MySQL Server Denial of Service Vulnerability Elevation of Privilege Vulnerability in DirectX Allows Arbitrary Code Execution MySQL Server Denial of Service Vulnerability MySQL Server Vulnerability: Unauthorized Partial Denial of Service via InnoDB Component Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Java SE and Java SE Embedded Unauthenticated Network Access Vulnerability Unauthenticated Access Vulnerability in Oracle Java SE and Java SE Embedded Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE MySQL Server Denial of Service Vulnerability Windows Graphics Device Interface (GDI) Elevation of Privilege Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Server Crash Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Java SE Libraries Unauthorized Read Access Vulnerability MySQL Server FTS Component Denial of Service Vulnerability Vulnerability in Oracle E-Business Suite Secure Enterprise Search: Unauthorized Access and Data Manipulation Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Oracle Hospitality Suite8 WebConnect Unauthenticated Remote Code Execution Vulnerability Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise MySQL Server Denial of Service Vulnerability ESLint Extension Remote Code Execution Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle Hospitality Suite8 Unauthenticated Read Access Vulnerability in Oracle Applications Manager MySQL Server Denial of Service Vulnerability Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation MySQL Server Denial of Service Vulnerability Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Access and Data Compromise Oracle Marketing Product Vulnerability in Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Marketing Product Vulnerability in Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle Solaris Utility Component Allows Unauthorized Data Access Oracle One-to-One Fulfillment Print Server Vulnerability Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Oracle WebLogic Server Unauthenticated Network Access Vulnerability Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Oracle Installed Base API Vulnerability Oracle CRM Technical Foundation Vulnerability: Unauthorized Data Access and Modification Oracle Financial Services Analytical Applications Infrastructure Unauthenticated Remote Code Execution Vulnerability Oracle WebLogic Server Remote Code Execution Vulnerability Oracle Applications Manager SQL Extensions Unauthenticated Read Access Vulnerability LDAP Auth Vulnerability in Oracle MySQL Server MySQL Server Takeover Vulnerability Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Remote Code Execution Vulnerability in Microsoft Outlook MySQL Server Denial of Service Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle PeopleSoft Integration Broker: Unauthorized Data Access and Manipulation Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise Vulnerability in Oracle Marketing Administration of Oracle E-Business Suite: Unauthorized Access and Data Compromise MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthorized Read Access Vulnerability in Oracle MySQL Server (CVE-2020-14300) MySQL Server Denial of Service Vulnerability Windows Work Folders Service Memory Handling Elevation of Privilege Vulnerability Vulnerability in Oracle Application Object Library: Unauthorized Data Manipulation Oracle WebLogic Server IIOP Unauthenticated Takeover Vulnerability Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Partial Denial of Service MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Windows Image Acquisition (WIA) Service Memory Disclosure Vulnerability Vulnerability in Oracle CRM Technical Foundation: Unauthorized Access and Data Compromise Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise MySQL Server Vulnerability: Unauthorized Hang and Crash Vulnerability in Oracle MySQL Cluster: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Hyperion Infrastructure Technology: Unauthorized Data Access and Modification Oracle Universal Work Queue Remote Code Execution Vulnerability Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise Vulnerability in Oracle Trade Management User Interface: Unauthorized Access and Data Compromise Vulnerability in Oracle Hospitality OPERA 5 Property Services: Logging Compromise Oracle WebLogic Server Unauthenticated Takeover Vulnerability Windows Kernel Elevation of Privilege Vulnerability MySQL Server Vulnerability: Unauthorized Data Manipulation via Roles MySQL Server Denial of Service Vulnerability Oracle Universal Work Queue Takeover Vulnerability Vulnerability in Oracle One-to-One Fulfillment Print Server: Unauthorized Access and Data Compromise Oracle Business Intelligence Enterprise Edition Installation Unauthenticated Remote Access Vulnerability Vulnerability in Oracle PeopleSoft Enterprise SCM eSupplier Connection: Unauthorized Data Access and Modification MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability MySQL Server LDAP Auth Vulnerability Media Foundation Information Disclosure Vulnerability MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Vulnerability in Oracle Solaris Pluggable Authentication Module (PAM) Allows Unauthorized Takeover Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: High Privileged Takeover MySQL Server Logging Vulnerability Oracle Cloud Infrastructure Identity and Access Management: High Privilege Network Access Vulnerability Oracle Marketing Product Vulnerability: Unauthorized Access and Data Manipulation Oracle Trade Management User Interface Unauthenticated Access Vulnerability Vulnerability in Oracle Hospitality OPERA 5 Property Services: Unauthorized Access and Data Manipulation Vulnerability in Oracle MySQL Server: LDAP Auth Security Compromise Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Windows AppX Deployment Extensions Privilege Escalation Vulnerability Vulnerability in Oracle BI Publisher: Unauthorized Access and Data Compromise Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Oracle WebLogic Server Console Unauthenticated Takeover Vulnerability Oracle WebLogic Server Console Remote Code Execution Vulnerability Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Vulnerability in Oracle FLEXCUBE Universal Banking Allows Unauthorized Access to Critical Data MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.16 Vulnerability: Unauthorized Access to Critical Data Windows CSC Service Memory Handling Elevation of Privilege Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle FLEXCUBE Direct Banking MySQL Server Denial of Service Vulnerability Oracle VM VirtualBox Prior to 6.1.16 Denial of Service Vulnerability MySQL Server Denial of Service Vulnerability Title: Oracle Banking Corporate Lending Product Vulnerability Allows Unauthorized Access to Critical Data Vulnerability in Oracle Utilities Framework Allows Unauthorized Data Access and Manipulation Oracle Banking Payments: Unauthorized Access and Data Compromise Vulnerability Unauthenticated Remote Code Execution Vulnerability in Oracle FLEXCUBE Direct Banking Vulnerability in Oracle Application Express Packaged Apps component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express Data Reporter component of Oracle Database Server (CVE-2020-2950) Elevation of Privilege Vulnerability in Storage Service Vulnerability in Oracle Application Express Group Calendar component of Oracle Database Server (CVE-2020-2950) Oracle Database Server RDBMS Security Component Unauthorized Access Vulnerability Elevation of Privilege Vulnerability in Windows Function Discovery Service Windows Media Foundation Memory Corruption Vulnerability Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple 2.2.14 via Search Term in admin/moduleinterface.php?mact=ModuleManager XSS Vulnerability in Navigate CMS 2.9 via Alias or Real URL Field STARTTLS Buffering Vulnerability in evolution-data-server (eds) Insecure Connection Persistence Vulnerability in Alpine before 2.23 Outlook File Attachment Link Sharing Vulnerability Password-Reset Vulnerability in BT CTROMS Terminal OS Port Portal CT-464 Remote Code Execution Vulnerability in DMitry 1.3a via Mishandled WHOIS Response Unauthenticated Remote Code Execution in SquirrelMail 1.4.22 via unserialize in compose.php Potential PHP Object Injection Vulnerability in SquirrelMail 1.4.22 via unserialize in compose.php Buffer Overflow Vulnerability in Contiki-NG SNMP Agent Buffer Overflow Vulnerability in Contiki-NG SNMP Bulk Get Request Response Encoding Function Buffer Overflow Vulnerability in Contiki-NG SNMP Agent Contiki-NG 4.4-4.5 SNMP BER Encoder/Decoder Buffer Overflow Vulnerability Heap-based Buffer Overflow in map.c of FreedroidRPG 1.0rc2 Arbitrary Code Execution Vulnerability in FreedroidRPG 1.0rc2 Remote Code Execution Vulnerability in Microsoft Excel Software XML External Entity (XXE) Vulnerability in TuxGuitar 1.5.4 Unrestricted Deserialization Vulnerability in Tendenci 12.0.10 Stored Cross-Site Scripting (XSS) Vulnerability in Global RADAR BSA Radar 1.6.7234.24750 and Earlier via Update User Profile Authorization Bypass Vulnerability in Global RADAR BSA Radar 1.6.7234.24750 and Earlier Privilege Escalation Vulnerability in Global RADAR BSA Radar 1.6.7234.24750 and Earlier Arbitrary File Disclosure in Global RADAR BSA Radar 1.6.7234.24750 and earlier Remote Command Execution in OCS Inventory NG 2.7 via Shell Metacharacters in CommandLine.php Microsoft Excel Remote Code Execution Vulnerability Arbitrary Command Execution in aaPanel Software Store STARTTLS Buffering Vulnerability in Mutt and NeoMutt: Evaluation of Additional Data in TLS Context (Response Injection) Denial of Service Vulnerability in Jiangmin Antivirus 16.0.13.129 Denial of Service Vulnerability in Windows Cleaning Assistant 3.2 Denial of Service Vulnerability in Windows Cleaning Assistant 3.2 Lack of Ownership Check in MakeEmailPrimary Function in Gogs 0.11.91 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Easy Testimonials Plugin for WordPress Microsoft Excel Remote Code Execution Vulnerability SQL Injection Vulnerability in PHP-Fusion 9.03.50: Exploiting ctype Parameter in administration/comments.php Endpoint Unrestricted Sort Direction Vulnerability in Concrete5 Multiple XSS Vulnerabilities in Final Tiles Gallery Plugin for WordPress HTML Injection and CSRF Vulnerability in TP-Link TL-WR740N v4 and TL-WR740ND v4 Devices ECDSA Signature Malleability Vulnerability in jsrsasign Package RSA PKCS1 v1.5 Decryption Ciphertext Modification Vulnerability Vulnerability: Signature Manipulation and Memory Corruption in RSASSA-PSS Implementation Unauthenticated Metadata Disclosure in MISP 2.4.127 Microsoft Excel Memory Disclosure Vulnerability Pi-hole 5.0 Vulnerability: Code Injection via Teleporter Backup Files Multiple SQL Injection Vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0: Bypass Authentication and Remote Code Execution Reflected XSS Vulnerability in webTareas 2.0p8 Login Form Privilege Escalation and Process Termination Vulnerability in IOBit Unlocker 1.1.2 Arbitrary File Manipulation Vulnerability in IOBit Unlocker 1.1.2 Arbitrary File Read Vulnerability in GNS3 uBridge Privilege Escalation via PID Reuse Attack in F-Secure SAFE 17.7 on macOS Privilege Escalation Vulnerability in F-Secure SAFE 17.7 on macOS Arbitrary Memory Read/Write Vulnerability in EVGA Precision X1 Microsoft Excel Remote Code Execution Vulnerability Missing SSL Certificate Validation in Sophos Secure Email Application for Android Critical Security Flaw: Missing SSL Certificate Validation in ThreatTrack VIPRE Password Vault App for iOS Blind SQL Injection Vulnerability in Kronos WebTA 3.8.x and Later Buffer Overflow Vulnerability in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 Server Arbitrary Code Execution Vulnerability in Bloomreach Experience Manager (brXM) Cross-Site Scripting (XSS) Vulnerabilities in Bloomreach Experience Manager (brXM) CSRF Vulnerability in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2 SharePoint Server Cross-Site Scripting and Identity Spoofing Vulnerability Privilege Escalation via File Deletion in IOBit Advanced SystemCare Free 13.5.0.263 Stack-based Buffer Overflow in DrayTek Vigor Routers Bypassing Windows Memory Protection: Logic Bug in Acronis Agent Monitoring Driver SharePoint Server Cross-Site Scripting and Identity Spoofing Vulnerability Yubico YubiKey 5 Devices OpenPGP PIN Management Vulnerability Yubico YubiKey 5 NFC Information Leak Vulnerability SSRF Vulnerability in OX App Suite through 7.10.3 via /ajax/messaging/message API Information Exposure in OX App Suite: IP Address and User-Agent Disclosure Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.3 Caching Server Vulnerability in MediaWiki's img_auth.php Image Authorization Stored XSS Vulnerability in Bludit 3.12.0 via SVG Document in bl-kernel/ajax/logo-upload.php Arbitrary Code Execution Vulnerability in id Tech 1 (Doom Engine) SQL Injection Vulnerability in Connectwise Automate Probe Code Unsigned Code Execution Vulnerability in ASUS ScreenPad2_Upgrade_Tool.msi V1.0.3 for ScreenPad 1.0 (UX450FDX, UX550GDX, and UX550GEX) SharePoint Server Cross-Site Scripting and Identity Spoofing Vulnerability Arbitrary Content Injection in GNU Mailman Cgi/private.py Login Page Directory Traversal Vulnerability in Sonatype Nexus Repository Manager 2.x CSRF Vulnerability in pramodmahato BlogCMS (admin/changepass.php) XSS Vulnerability in GleamTech FileUltimate 6.1.5.0 FileExplorer Component Reflected Cross-Site Scripting Vulnerability in NeDi 1.9C Reflected Cross-Site Scripting Vulnerability in NeDi 1.9C Devices-Config.php Session Fixation Vulnerability in playSMS 1.4.3 Microsoft Word Memory Disclosure Vulnerability Stored XSS Vulnerability in Elementor Plugin for WordPress WPS PIN Offline Brute-Force Cracking Vulnerability in Askey AP5100W Devices Persistent Password Storage Vulnerability in Avast Antivirus 20.1.5069.562 Denial of Service Vulnerability in ntpd (CVE-2020-11868) Arbitrary File Download Vulnerability in Bludit 3.12.0 Authentication Bypass Vulnerability in ConnectWise Automate through 2020.x Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Topology-Map.php xo Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Assets-Management.php sn Parameter Microsoft Word Memory Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Topology-Routes.php rtr Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Assets-Management.php chg Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Monitoring-Incidents.php Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via snmpget.php ip Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Monitoring-Setup.php Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Monitoring-Map.php hde Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Topology-Linked.php dv Parameter Cross-Site Scripting (XSS) Vulnerability in NeDi 1.9C via Reports-Devices.php XSS Vulnerability in SeedProd Coming-Soon Plugin for WordPress (<=5.1.1) Microsoft Excel Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in PHP-Fusion 9.03.60 via administration/site_links.php Add Site Link Field iBall WRB303N Devices Vulnerable to CSRF Attacks CSRF Vulnerability in Supermicro X10DRH-iT Motherboards Allows Unauthorized User Addition SMTP Server Spoofing Vulnerability in Trojita HTTP Request Smuggling and Poisoning Vulnerability in Squid Proxy Server Microsoft SharePoint Server Information Disclosure Vulnerability Directory Traversal Vulnerability in Suprema BioStar 2 Video Extension Stored XSS Vulnerability in Artica Proxy SQL Injection in Artica Proxy CE: Netmask, Hostname, and Alias Fields Vulnerability Reflected XSS Vulnerability in Artica Proxy CE 4.28.030.418 Privilege Escalation via Unencrypted UDP Traffic Sniffing in TP-Link USB Network Server TL-PS310U Devices Authentication Bypass in TP-Link USB Network Server TL-PS310U Devices Persistent XSS Vulnerability in TP-Link USB Network Server TL-PS310U (CVE-2021-XXXX) Denial-of-Service Vulnerability in TP-Link USB Network Server TL-PS310U Devices Privilege Escalation via Unencrypted UDP Traffic in Lindy 42633 Network Server Authentication Bypass Vulnerability in Lindy 42633 Network Server Elevation of Privilege Vulnerability in Wininit.dll Persistent XSS Vulnerability in Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 Denial-of-Service Vulnerability in Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 Devices Privilege Escalation Vulnerability in DIGITUS DA-70254 4-Port Gigabit Network Hub Authentication Bypass Vulnerability in DIGITUS DA-70254 4-Port Gigabit Network Hub Persistent XSS Vulnerability in DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 Denial-of-Service Vulnerability in DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 Buffer Overflow and Remote Code Execution in Sophos XG Firewall 17.x through v17.5 MR12 via HTTP/S Bookmarks Elevation of Privilege Vulnerability in Microsoft COM for Windows Eval Injection Vulnerability in Zulip Server 2.x before 2.1.7 Cross-Site Scripting (XSS) Vulnerability in Symphony CMS 3.0.0 via fields['name'] in content.blueprintsevents.php SQL Injection Vulnerability in phpList Import Administrators Section XSS Vulnerability in phpList 3.5.4: Import Administrators and Subscriber Lists OpenVPN Access Server Vulnerability: Token Expiry Circumvention OpenVPN Connect Installer for macOS Vulnerability: System File Corruption via Symlinks Critical File Corruption Vulnerability in Private Tunnel Installer for macOS OpenVPN Access Server 2.8.7 and Earlier Versions Authentication Bypass Vulnerability OpenVPN Authentication Bypass and Data Access Vulnerability Improper Access Control in PrestaShop Carrier Page, Module Manager, and Module Positions (CVE-2020-15160) Windows Media Audio Decoder Remote Code Execution Vulnerability File Access Vulnerability in PrestaShop Versions 1.7.4.0 to 1.7.6.6 Information Exposure in PrestaShop Upload Directory Configuration Variable Rewrite Vulnerability in PrestaShop Versions 1.6.0.1 and Earlier Reflected XSS Vulnerability in PrestaShop Versions 1.7.0.0 - 1.7.6.5 Authorization Bypass Vulnerability in express-jwt (NPM package) up to version 5.3.3 Insecure Caching of Customer Authentication Data in Saleor Storefront Arbitrary Checksum Generation Vulnerability in TYPO3 mediace Extension (Versions 7.6.2 - 7.6.4) Allows Remote Code Execution Bypassing Authorization Checks in Presto Server with Secure Internal Communication Elevation of Privilege Vulnerability in LSASS via Crafted Authentication Requests Block Proposers Signature Vulnerability in TenderMint 0.33.0 - 0.33.6 XSS Vulnerability in TimelineJS Versions Prior to 3.7.0 Vulnerability in Tough Library Allows Signature Duplication (CVE-2020-6174) Remote Code Execution Vulnerability in Symfony's CachingHttpClient Information Exposure Vulnerability in npm CLI: Passwords Printed in Log Files Context Isolation Bypass Vulnerability in Electron Path Traversal Vulnerability in loklak Server Application Arbitrary Data Injection and Remote Code Execution Vulnerability in TYPO3 CMS Arbitrary File Retrieval and Database Manipulation in TYPO3 CMS Win32k Information Disclosure Vulnerability Denial of Service Vulnerability in freewvs before 0.1.1 Directory Structure Recursion Limit Vulnerability in freewvs Improper Authorization in PrestaShop Dashboard Productions before 2.1.0 Integer Overflow Vulnerability in FreeRDP 2.1.2 Improper Validation of Wildcard DNS Subject Alternative Name in Envoy Django Two-Factor Authentication Password Storage Vulnerability Panic Vulnerability in etcd's decodeRecord Method Vulnerability: Tampering and Side-Channel Attack in x87 FPU Operations in OpenEnclave SQL Injection Vulnerability in GLPI's 'Clone' Feature (Fixed in 9.5.1) Address Validation Bypass in Solidus Checkout Elevation of Privilege Vulnerability in Connected User Experiences and Telemetry Service Usernames with Matching Names Vulnerability in JupyterHub-KubeSpawner CRLF Injection Vulnerability in Fiber 1.12.6 and Earlier Arbitrary Consensus Participant Panic Vulnerability in etcd Insecure Directory Permissions in etcd Denial of Service Vulnerability in etcd Gateway Weak Password Length Validation in etcd Versions 3.3.23 and 3.4.10 Synergy Server Crash Vulnerability with Large Client Name Length Unescaped HTML Rendering in Wagtail Form Page Help Text Cross-Site Scripting (XSS) Vulnerability in Auth0-Lock Versions <= 11.25.1 Windows State Repository Service Information Disclosure Vulnerability Privilege Escalation and Unauthorized Access in 'I hate money' (before version 4.1.5) PDB Server Path Shell Injection Vulnerability in radare2 (CVE-XXXX-XXXX) Command Injection Vulnerability in Codecov (npm package) Upload Method Path Traversal Vulnerability in Goobi Viewer Core (CVE-2021-12345) Authorization Header Sanitization Vulnerability in Auth0 npm Package Authenticated User Bypasses Read Security in parser-server (Versions 3.5.0 - 4.3.0) Unauthenticated Shutdown Vulnerability in Contour Ingress Controller Vulnerability: Unauthenticated Cookie Tampering in OctoberCMS Open Redirect Vulnerability in Traefik's Handling of X-Forwarded-Prefix Header Windows CSC Service Memory Handling Elevation of Privilege Vulnerability False-positive validation vulnerability for NFT1 Child Genesis transaction type in SLPJS (npm package slpjs) before version 0.27.4 False-Positive Validation Vulnerability in SLP Validate (npm package slp-validate) Prior to Version 1.2.2 User Enumeration and Email Address Exposure in Sulu Lack of Certificate Validation in TLS Handshakes in faye-websocket Lack of Certification Validation in Faye TLS Handshakes CSRF Vulnerability in save-server (npm package) Allows Unauthorized Actions and Privilege Escalation Vulnerability: Incomplete TLS Authentication for Gateway Endpoints HoRNDIS Integer Overflow Vulnerability Cross-Site Scripting Vulnerability in Prism's Easing Preview Plugin DOM-based XSS vulnerability in MyBB before version 1.8.24 through custom MyCode rendering Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Critical Remote Code Execution (RCE) Vulnerability in Red Discord Bot Trivia Module Path Traversal Vulnerability in openapi-python-client Arbitrary Code Execution in openapi-python-client (CVE-2021-12345) Unsanitized Request Parameter Remote Code Execution in SyliusResourceBundle Vulnerability: Privilege Escalation and DLL Hijacking in Composer-Setup for Windows Unsanitized Request Parameter Remote Code Execution in SyliusResourceBundle Remote Code Execution Vulnerability in Red Discord Bot Streams Module Remote Code Execution Vulnerability in Yii 2 (yiisoft/yii2) before version 2.0.38 Privilege Escalation via Password Change Vulnerability in NodeBB Elevation of Privilege Vulnerability in Windows Telephony Server Vulnerability in Paginator (Elixir/Hex package) allows Remote Code Execution (RCE) via paginate() function Circumvention of fromkey protection in OpenMage LTS before versions 19.4.6 and 20.0.2, leading to increased CSRF attack surface Server-Side Request Forgery in ftp-srv npm package (versions 2.19.6, 3.1.2, and 4.3.4) allows arbitrary IP connections through PORT command Unauthenticated SQL Injection in Ampache Cross Site Scripting (XSS) Vulnerability in baserCMS 4.3.6 and Earlier Cross Site Scripting (XSS) Vulnerability in baserCMS 4.3.6 and Earlier via toolbar.php XSS Vulnerability in nodebb-plugin-blog-comments Allows Unauthorized Forum Posting Credential Leaking Vulnerability in containerd Heap Buffer Overflow in libIEC61850 baserCMS 4.3.6 and earlier - Cross Site Scripting (XSS) and Remote Code Execution (RCE) Vulnerability Windows Work Folders Service Memory Handling Elevation of Privilege Vulnerability Blind SQL Injection Vulnerability in PrestaShop Catalog Product Edition Page Contact Form JavaScript Injection Vulnerability in PrestaShop (Versions 1.6.0.4 - 1.7.6.8) XSS Vulnerability in PrestaShop Versions 1.5.0.0 to 1.7.6.8 Root Metadata Trust Chain Vulnerability in Python TUF (The Update Framework) before version 0.12 Username Trimming Vulnerability in Scratch Login Extension Vulnerability: Tampered Sources and Permissions in Chameleon Mini Live Debugger v1.1.6-free Denial-of-Service Vulnerability in ZeroMQ TCP Transport with CURVE/ZAP Arbitrary Code Execution via Malicious .mlrrc File in Miller 5.9.0 Vulnerability: Failure to Honor Size Option in Redirects Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers Elevation of Privilege Vulnerability in Windows File Server Resource Management Service Lack of Access Controls in Apollo-AdminService Allows Unauthorized Access to Application Configurations Arbitrary Code Execution Vulnerability in XWiki Remote Code Execution Vulnerability in Red Discord Bot's Act Module Buffer Overflow Vulnerability in ACCEL-PPP when Receiving L2TP Control Packet with String AVP Bypass of `will-navigate` Event in Electron Arbitrary File Deletion and Unauthorized Access in GLPI Plugin Image Endpoint SQL Injection Vulnerability in GLPI (versions prior to 9.5.2) Allows Unauthorized Data Extraction Insecure Storage of User Input in GLPI (CVE-2021-12345) Arbitrary JavaScript Injection in PrestaShop Contact Form Stored Cross-Site Scripting Vulnerability in ScratchSig Extension for MediaWiki Elevation of Privilege Vulnerability in Windows File Server Resource Management Service Command Injection Vulnerability in MariaDB's mysql-wsrep Component Alfresco Reset Password Add-On Untrusted Input Security Vulnerability CSRF and RCE Vulnerabilities in SOY Inquiry Component of SOY CMS Reflected Cross-Site Scripting (XSS) in SoyCMS 3.0.2 and earlier leading to Remote Code Execution (RCE) Unsanitized `alias` Field in Helm Chart.yaml Allows Information Injection Helm Repository Compromise Vulnerability Improper Sanitization of Plugin Names in Helm Helm Plugin Duplicate Entry Vulnerability Unauthenticated Remote Code Execution (RCE) in SOY CMS 3.0.2.327 and earlier Remote Code Execution (RCE) and Cross-Site Scripting (XSS) Vulnerabilities in SOY CMS 3.0.2 and Earlier Elevation of Privilege Vulnerability in Windows UPnP Device Host Segmentation fault vulnerability in TensorFlow's `tf.raw_ops.Switch` operation Null Pointer Dereference in Tensorflow's `dlpack.to_dlpack` Argument Validation Memory Leak in Tensorflow's dlpack.to_dlpack when Passing a List of Strings Uninitialized Memory Corruption in Tensorflow's dlpack.to_dlpack Implementation Incomplete Validation of Arguments in SparseFillEmptyRowsGrad Implementation in TensorFlow Heap Buffer Overflow in SparseFillEmptyRowsGrad in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 Unvalidated Shape Mismatch in SparseCountSparseOutput and RaggedCountSparseOutput in TensorFlow 2.3.0 Unvalidated Rank in SparseCountSparseOutput Vulnerability Unvalidated Shape Mismatch in SparseCountSparseOutput Implementation in TensorFlow Unvalidated Input in `RaggedCountSparseOutput` Leads to SIGABRT Signal Windows Font Driver Host Remote Code Execution Vulnerability Heap Buffer Overflow in RaggedCountSparseOutput Implementation in TensorFlow (CVE-2020-26262) Heap Buffer Overflow in RaggedCountSparseOutput Implementation in TensorFlow Integer Truncation Vulnerability in TensorFlow Shard API Format string vulnerability in TensorFlow's tf.strings.as_string function (CVE-2020-15258) Null Pointer Dereference in TensorFlow Eager Mode Heap Overflow and Memory Leak Vulnerability in TensorFlow's `tf.raw_ops.StringNGrams` Denial of Service and Data Corruption Vulnerability in TensorFlow's SavedModel Loading Out-of-Bounds Access Vulnerability in TensorFlow-Lite TensorFlow-Lite Common Dimension Size Vulnerability Null Pointer Dereference Vulnerability in TensorFlow-Lite Models Elevation of Privilege Vulnerability in Windows Speech Runtime Vulnerability: Segmentation Fault and Memory Corruption in TensorFlow-Lite Double Array Indexing Vulnerability in TensorFlow Lite Out-of-Bounds Write Vulnerability in TensorFlow Lite's Segment Sum Denial of Service Vulnerability in TensorFlow Lite's Segment Sum Implementation Out-of-Bounds Write Vulnerability in TensorFlow Lite's Segment Sum Context Isolation Bypass in Electron XML Signature Bypass Vulnerability in goxmldsig User Information Leakage through Public FAQ in GLPI (Versions 9.5.0 to 9.5.1) Caching of Admin Pages Allows Unauthorized Access in iTop SQL Query Disclosure in iTop User Portal Elevation of Privilege Vulnerability in Windows Speech Runtime Session Hijacking Vulnerability in iTop Cross-Site Scripting (XSS) Vulnerability in iTop Console Breadcrumb Uniqueness of `jti` Value Not Checked in ORY Fosite Ignored Storage Errors in ORY Fosite TokenRevocationHandler Open Enclave Information Disclosure Vulnerability Potential DoS Vulnerability in django-filter 2.3.0 and below SQL Injection in GLPI API's Search Function Allows for Information Disclosure Nette Framework Code Injection Vulnerability Untrusted Data Injection in `@actions/core` npm module before v1.2.6 Path Traversal and File Overwrite Vulnerability in Singularity 3.1.1 - 3.6.3 Tampering Vulnerability in Microsoft SharePoint Server Allows Unauthorized Modification of User Profiles Arbitrary Filesystem Path Access Vulnerability in Vapor Web Framework JSONP Support Allows Cross-Site Scripting in Mapfish-Print (Versions < 3.24) XML External Entity (XXE) Vulnerability in Mapfish-Print SDL Style Parsing Redirect URL Override Vulnerability in ORY Fosite (CVE-2021-12345) Improper Redirect URL Comparison in ORY Fosite OAuth2 Framework (CVE-2021-12345) Unauthenticated Access to Sensitive Config Keys in RACTF (Pre-Commit f3dc89b) Directory Traversal Vulnerability in Wiki.js Timing Attack Vulnerability in Shrine's `derivation_endpoint` Plugin Blueman DhcpClient Argument Injection Vulnerability Directory Traversal and Information Disclosure in xmpp-http-upload Elevation of Privilege Vulnerability in Windows Speech Shell Components Improper JWT Token Signature Validation in omniauth-auth0 (rubygems) Cross-Site Scripting (XSS) Vulnerability in TYPO3 Fluid Engine Open Redirect Vulnerability in Next.js versions >=9.5.0 and <9.5.4 Missing WebApi Authentication Attribute in Smartstore 4.0.0 & 4.0.1 RCE via PHP Object Injection in Magento (rubygems openmage/magento-lts package) Email Address Manipulation Vulnerability in Sylius Local File Disclosure Vulnerability in October CMS Arbitrary PHP Execution Vulnerability in October CMS User Escalation Vulnerability in October CMS Unsanitized SVG File Upload Vulnerability in October CMS Windows Media Foundation Memory Corruption Vulnerability Local Information Disclosure Vulnerability in JUnit4 TemporaryFolder ACL Bypass Vulnerability in Channelmgnt Plug-in for Sopel (CVE-2023-4339) Arbitrary Code Execution Vulnerability in XWiki Cross-Site Scripting Vulnerability in Grocy <= 2.7.1 via Create Shopping List Module Unsound Deallocation Vulnerability in Crossbeam-Channel CSV Export Formula Injection Vulnerability in Anuko Time Tracker Prototype Pollution Vulnerability in `object-path` <= 0.11.4 (set() Method) Privilege Escalation in containerd-shim API Socket Unsanitized URL Execution Vulnerability in Wire CSRF Vulnerability in ad-ldap-connector Admin Panel (<=5.0.12) Windows Network Connection Broker Memory Handling Vulnerability Insecure Transport Reuse Vulnerability in PJSIP Unquoted Service Path Vulnerability in Veyon Service (Windows) Invalid Integrity Hash for Dynamically Loaded Chunks in webpack-subresource-integrity (CVE-2021-23456) XSS Vulnerability in Inline Attribute Escaping Privilege Escalation via Boxstarter Installer Path Configuration Vulnerability Invalid `axis` Value Vulnerability in TensorFlow's `tf.quantization.quantize_and_dequantize` Segmentation fault vulnerability in TensorFlow's `tf.image.crop_and_resize` when `boxes` argument has a large value Vulnerability: Expired User Tokens Grant Access to Storefront API v2 Endpoints Windows Custom Protocol Engine Memory Handling Elevation of Privilege Vulnerability Unauthenticated Subscription Object Access in Parse Server Automatic Execution of Malicious Shell Commands in lookatme (Python/PyPI Package) Prior to 2.3.0 Arbitrary Shell Command Execution in git-tag-annotation-action Cross-Site Scripting Vulnerability in baserCMS versions before 4.4.1 XSS Vulnerability in Wiki.js Search Results Cross-Site Scripting (XSS) Vulnerability in MoinMoin Wiki Engine Cross-Site Scripting (XSS) Vulnerability in baserCMS 4.4.1 and Earlier Versions Remote Code Execution (RCE) Vulnerability in baserCMS 4.4.1 and Earlier Unauthorized Privilege Escalation Exploit in Red Discord Bot Mod Module (CVE-2021-XXXX) Improper Access Control in Bitdefender Endpoint Security Tools: Exclusion Path Disclosure Elevation of Privilege Vulnerability in Windows Radio Manager API Windows Graphics Device Interface (GDI) Elevation of Privilege Vulnerability Memory Read Vulnerability in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol, and IntLixTaskDumpTree Functions Insufficient Input Validation in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry, and IntLixFileGetPath: Memory Corruption Vulnerability Race-condition vulnerability in IntPeParseUnwindData() in Bitdefender Hypervisor Introspection versions prior to 1.132.2 Bypassing In-Place Mitigations in Bitdefender Endpoint Security Tools: Insufficient Validation Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in KingComposer WordPress Plugin Windows Remote Access Memory Handling Elevation of Privilege Vulnerability Open Redirect Vulnerability in SuiteCRM Documents Module via Crafted SVG Document CSV Injection in SuiteCRM Registration Fields Vulnerability: Lack of Signature Requirement in Argent RecoveryManager Allows for Denial of Service and Takeover XML Entity Expansion Vulnerability in Infoblox NIOS before 8.5.2 NULL Pointer Dereference in TiledInputFile Constructor in OpenEXR Use-after-free vulnerability in OpenEXR before 2.5.2 in DeepScanLineInputFile::DeepScanLineInputFile() Heap Buffer Overflow in getChunkOffsetTableSize() in OpenEXR Stored XSS Vulnerability in Nozomi Guardian before 19.0.4 via Crafted Custom Field Name SQL Injection Vulnerabilities in Support Incident Tracker (SiT!) 3.67 p2 Cache-timing attack vulnerability in wolfSSL before 4.5.0 Elevation of Privilege Vulnerability in Windows Accounts Control Hardcoded DSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded ECDSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded RSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded DSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded ECDSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded RSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded DSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded RSA SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Windows InstallService Memory Handling Elevation of Privilege Vulnerability Root Account Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Vulnerability: Insecure Default Password for Livedbuser Account in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded Password Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Default Credentials Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded Credentials Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded Erlang Cookie Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded Certificate Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated ZODB Storage Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Weak Permissions in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Weak Data.fs Permissions in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Elevation of Privilege Vulnerability in Windows WalletService Hardcoded APP_KEY Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Hardcoded OAUTH_SECRET_KEY in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Weak Permissions in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Account Discovery Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Escape-sequence injection vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated Access to /registerCpe in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated Access Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 - Vulnerability in /registerCpe Endpoint Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 - Use of GET Request Method With Sensitive Query Strings Vulnerability Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 XSS Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Hardcoded SSH Key Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated API in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Allows Unauthorized License Updates Unauthenticated zy_install_user API Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated API Access in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated API Access in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated API Access Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Unauthenticated Access to Zyxel CloudCNM SecuManager API with CLOUDCNM Key Insecure Default Password Vulnerability in Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 Eval Injection Vulnerability Local Privilege Escalation Vulnerability in BinaryNights ForkLift 3.x Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Buffer Overflow in RIOT 2020.04 Base64 Decoder Privilege Escalation via Weak Folder Permissions and Service Substitution in IDrive for Windows XML External Entity (XXE) Vulnerability in Pulse Connect Secure and Pulse Policy Secure Allows Server-Side Request Forgery (SSRF) Attacks Arbitrary Command Execution Vulnerability in Askey AP5100W_Dual_SIG SQLite MultiSelectOrderBy Heap Overflow Vulnerability Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Privilege Escalation in Docker Desktop 2.3.0.3 due to Lack of Client Verification in com.docker.vmnetd Code Injection Vulnerability in thingsSDK WiFi Scanner 1.0.1 SQL Injection Vulnerability in Nexos WordPress Theme 1.7 Reflected XSS Vulnerability in Nexos WordPress Theme 1.7 Out-of-Bounds Write Vulnerability in LibRaw's parse_exif() Function Prototype Pollution Vulnerability in Ajv 6.12.2 Allows Code Execution Unlimited Authentication Attempts Vulnerability in Venki Supravizio BPM 10.1.2 Vulnerability: Unrestricted User Space Access in ASRock RGB Driver (ASrDrv103.sys) Unobfuscated Password Exposure in Brocade Fabric OS CLI Windows Remote Access Elevation of Privilege Vulnerability Cleartext User Password Logging Vulnerability in Brocade Fabric OS Versions Code Injection and Privilege Escalation Vulnerability in Brocade Fabric OS Versions Command-Line Interface Vulnerability in Brocade Fabric OS Buffer Overflow Vulnerabilities in Brocade Fabric OS REST API Multiple Instances of Reflected Input Vulnerability in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c Command Injection Vulnerability in Brocade Fabric OS Versions LDAP Weakness in Brocade Fabric OS Versions Before v9.0.0 and After v8.1.0 Allows Remote Login with User Privileges Server-Side Request Forgery (SSRF) vulnerability in Brocade SANnav before version 2.1.1 allows unauthenticated remote attackers to make requests to arbitrary hosts. Exposure of Docker Container Ports in Brocade SANnav OVA Installation with IPv6 Networking Denial-of-Service Vulnerability in Brocade SANnav Before v.2.1.0a Elevation of Privilege Vulnerability in Windows UPnP Device Host Account Credentials Logging Vulnerability in Brocade SANnav Cleartext Transmission of Authentication Credentials in Brocade SANnav Hard-coded Administrator Account with Weak Password in Brocade SANnav Denial of Service Vulnerability in Brocade Fabric OS v9.0.0 and Earlier Information Disclosure Vulnerability in Brocade SANNav Unauthenticated Directory Listing and File Access Vulnerability in Brocade SANnav High CPU Load Vulnerability in Brocade Fabric OS Insecure SSH Key Length Vulnerability in Brocade Fabric OS and Brocade SANnav Arbitrary Content Write Vulnerability in Brocade Fabric OS Use-after-free and Double-Free Vulnerability in OpenJPEG's jp2/opj_decompress.c Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Improper Access Control Vulnerability in pyActivity via GetWebInfo in Pega Platform 8.4.0.237 WebSocket Protocol Authentication Bypass in DevSpace 4.13.0: Enabling Remote Code Execution on Pods User Enumeration Vulnerability in Venki Supravizio BPM 10.1.2 Memory Leak in usbtest_disconnect Function in Linux Kernel 4.4 through 5.7.6 (CID-28ebeb8db770) Unauthenticated SQL Injection and Remote Code Execution in Zoho ManageEngine Applications Manager REST API Stack-Based Buffer Over-Read Vulnerability in MediaInfoLib Privilege Escalation via Race Condition in HylaFAX+ and HylaFAX Enterprise's faxsetup Utility Privilege Escalation via Unprivileged User-Writable Directories in HylaFAX Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability CSRF Token Generation Vulnerability in CakePHP before 4.0.6 Privilege Escalation via File Deletion in IOBit Malware Fighter Pro 8.0.2.547 Authenticated Attacker Can Access Admin Page Console via End-User Web Interface in Pulse Secure Pulse Connect Secure Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Insufficient ACL Checks in Attachment Downloader in MISP 2.4.128 Unauthenticated User Can Send Event Contact Form in MISP 2.4.128 Remote Command Execution Vulnerability in DrayTek Vigor Routers Unauthenticated Remote Code Execution in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Stack-based Buffer Overflow in NETGEAR R6700 V1.0.4.84_10.0.58 Router XXE vulnerability in Veeam ONE 10.0.0.750_20200415 allows remote information disclosure XXE vulnerability in Veeam ONE 10.0.0.750_20200415 allows remote information disclosure Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-EL7-0.9.8.891) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mod_security.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mod_security.php Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mod_security.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mod_security.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_disk_usage.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_list_accounts.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel CWP-e17.0.9.8.923 Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Linux Kernel Use-After-Free Vulnerability in fs/block_dev.c NULL Pointer Dereference Vulnerability in Linux Kernel's serial8250_isa_init_ports() Function Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Infinite Loop Vulnerability in Wireshark 3.2.0 to 3.2.4 GVCP Dissector Authenticated Remote Code Execution Vulnerability in Cohesive Networks vns3:vpn Appliances SQL Injection Vulnerability in Persian VIP Download Script 1.0 via cart_edit.php Active Parameter NULL Pointer Dereference in MemoryRegionOps Object in QEMU 4.2.0 Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Heap-Based Buffer Overflow in ffjpeg's jfif_decode Function Heap-based Buffer Over-read Vulnerability in nDPI through 3.2 Heap-based Buffer Over-read Vulnerability in nDPI H.323 Dissector Heap-based Buffer Over-read Vulnerability in nDPI OpenVPN Dissector Stack Overflow Vulnerability in nDPI's extractRDNSequence Function Use-after-free vulnerability in nDPI through 3.2 due to incomplete reinitialization in ndpi_reset_packet_line_info Heap-Based Buffer Over-Read Vulnerability in nDPI Oracle Protocol Dissector Remote Code Execution Vulnerability in RaspberryTortoise WebControl SQL Error Exposure Vulnerability in Journal Theme for OpenCart Buffer Overflow Vulnerability in PassMark BurnInTest, OSForensics, and PerformanceTest Windows WaasMedic Service Memory Disclosure Vulnerability Arbitrary Ring-0 Code Execution and Privilege Escalation via IOCTL in PassMark BurnInTest, OSForensics, and PerformanceTest Arbitrary Physical Memory Mapping Vulnerability in PassMark Software Default TELNET Service with Blank Password on Nescomed Multipara Monitor M1000 Devices Unauthenticated Shell Access via Physical UART Debug Port on Nescomed Multipara Monitor M1000 Devices Cleartext Storage Vulnerability in Nescomed Multipara Monitor M1000 Devices Cleartext Data Storage Vulnerability on Nescomed Multipara Monitor M1000 Devices Unsecured Bluetooth LE Implementation in Dr Trust ECG Pen 2.00.08 Devices Allows Data Sniffing and Man-in-the-Middle Attacks Blind Unauthenticated SQL Injection Vulnerability in Re:Desk 2.3 Insecure File Upload Vulnerability in Re:Desk 2.3 Multiple Shell Metacharacter Injection Vulnerabilities in Wavlink WL-WN530HG4 M30HG4.V5030.191116 Devices Elevation of Privilege Vulnerability in Windows CDP User Components Multiple Buffer Overflow Vulnerabilities in Wavlink WL-WN530HG4 M30HG4.V5030.191116 Devices: Remote Code Execution with Root Privileges Directory Traversal Vulnerability in INNEO Startup TOOLS 2017-2018 Insecure XPC Service Configuration in Acronis True Image 2019-2020 on macOS: Local Privilege Escalation Vulnerability Insecure Folder Permissions in Acronis True Image for Mac: Local Privilege Escalation Vulnerability XSS Vulnerability in jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 Arbitrary Server Certificate Vulnerability in ASUS RT-AC1900P Routers XSS Vulnerability in ASUS RT-AC1900P Routers Elevation of Privilege Vulnerability in Windows CDP User Components Reflected XSS Vulnerability in TileServer GL Unauthenticated Firmware Replacement Vulnerability in Legacy Smarter Coffee Maker Models DuckDuckGo Application HTTPS .ico Request Vulnerability Unvalidated Thumbnail Size in LibRaw Before 0.20-RC1 Remote Code Execution Vulnerability in Sophos XG Firewall v18.0 MR1 and Older Remote Code Execution Vulnerability in MobileIron Core & Connector, Sentry, and Monitor and Reporting Database Authentication Bypass Vulnerability in MobileIron Core & Connector Arbitrary File Reading Vulnerability in MobileIron Core Versions 10.3.0.3 and Earlier, 10.4.x, 10.5.x, and 10.6.x Unencrypted Communication Vulnerability in Nordic Semiconductor Android BLE Library Windows Backup Engine Memory Handling Elevation of Privilege Vulnerability Default Signup Page Bypasses SAML Enforcement in HashiCorp Terraform Enterprise up to v202006-1 Incorrect Access Control in TYPO3 Forum Extension (before 1.2.1) TYPO3 jh_captcha Extension XSS Vulnerability Remote Code Execution Vulnerability in TYPO3 Turn Extension (0.3.2) Cross-Site Scripting (XSS) Vulnerability in mm_forum Extension for TYPO3 with CSRF Exploitation Cross-Site Scripting (XSS) Vulnerability in ke_search Extension for TYPO3 Unprivileged Users Exploit Total Control Over Filesystem I/O Requests in Veeam Availability Suite and Veeam Backup & Replication Elevation of Privilege Vulnerability in Windows Work Folder Service Cross-site Scripting (XSS) Vulnerability in Zoho ManageEngine Applications Manager Timing Vulnerability in Bouncy Castle EC Math Library Invalid Search Path Vulnerability in Embedded CPython on Windows Incorrect Access Control in GitLab EE 11.3 through 13.1.2 via Maven Package Upload Endpoint TLS Security Certificate Check Bypass in Redgate SQL Monitor Local Privilege Escalation in GOG Galaxy Client 2.0.17 Local Privilege Escalation via Weak File Permissions in GOG Galaxy Client 2.0.17 Windows Runtime Elevation of Privilege Vulnerability Privilege Escalation Vulnerability in Valve Steam Client Buffer Overflow Vulnerability in Silicon Labs Bluetooth Low Energy SDK Buffer Overflow Vulnerability in Silicon Labs Bluetooth Low Energy SDK Unauthenticated SQL Injection Vulnerability in Zoho ManageEngine Application Manager 14.7 Build 14730 Persistent XSS Vulnerability in bestsoftinc Car Rental System Plugin for WordPress Persistent XSS Vulnerability in Hotel Booking System Pro Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Vanguard Plugin 2.1 for WordPress Cross-Site Scripting (XSS) Vulnerability in We-com Municipality Portal CMS 2.1.x via Cerca/Search Bar SQL Injection Vulnerability in We-com Municipality Portal CMS 2.1.x via cerca/ keywords field Windows Media Foundation Memory Corruption Vulnerability SQL Injection Vulnerability in We-com OpenData CMS 2.0 via Username Field SolarWinds Serv-U FTP Server Remote Command Execution Vulnerability SolarWinds Serv-U FTP Server CHMOD Command Mishandling Vulnerability Path Validation Vulnerability in SolarWinds Serv-U FTP Server Remote Code Execution Vulnerability in Microsoft Edge (HTML-based) Allows Arbitrary Code Execution Elevation of Privilege Vulnerability in Windows WalletService XSS Vulnerability in Roundcube Webmail Versions 1.2.11, 1.3.x, and 1.4.x Hypervisor Crash Vulnerability in Xen for x86 HVM Guests Xen Arm Guest OS Hypervisor Crash Vulnerability Insufficient Cache Write-Back Vulnerability in Xen Incorrect Error Handling in Event-Channel Port Allocation Vulnerability in Xen Vulnerability: Non-Atomic Modification of Live EPT PTE in Xen TerraMaster TOS before 4.1.29: Code Injection Vulnerability in include/exportUser.php Use-after-free vulnerability in PlayerGeneric destructor in MilkyTracker through 1.02.00 Windows Jet Database Engine Remote Code Execution Vulnerability Memory Allocation Failure Vulnerability in Whoopsie's parse_report() Function Remote Denial-of-Service Vulnerability in Tor with Mozilla Network Security Services (NSS) Cross-script Vulnerability in SolarWinds Serv-U File Server (CVE-00041778, CVE-00306421) SolarWinds Serv-U File Server Same-Site Cookie Attribute Mishandling Vulnerability SolarWinds Serv-U File Server XSS Vulnerability (Case Number 00484194) SolarWinds Serv-U File Server Information Disclosure Vulnerability Cameralyzer Vulnerability: Unauthorized File Writing on Samsung Mobile Devices (SVE-2020-16830) Samsung Mobile Devices with O(8.x) Software: FactoryCamera Runtime Permissions Vulnerability (SVE-2020-17270) Bypassing Factory Reset Protection (FRP) via KNOX API on Samsung Mobile Devices (SVE-2020-17318) Windows Jet Database Engine Remote Code Execution Vulnerability Samsung Mobile Devices Factory Reset Protection Bypass Vulnerability Kernel Logging Vulnerability on Samsung Mobile Devices (SVE-2020-17605) Buffer Overflow Vulnerability in Samsung Mobile Devices with Exynos 7885 Chipsets Directory Traversal Vulnerability in Samsung StickerProvider (SVE-2020-17665) Samsung Mobile Devices with Q(10.0) Software Out-of-Bounds Access and Device Reset Vulnerability (SVE-2020-18056) Data race vulnerability in net/http servers when using httputil.ReverseProxy Handler Remote Code Execution Vulnerability in Zoho ManageEngine Desktop Central 10.0.552.W TLS Certificate Validation Bypass and Man-in-the-Middle Attack in Zoho ManageEngine Desktop Central and Remote Access Plus Elevation of Privilege Vulnerability in Windows Storage Services Vulnerability: Bypassing VPN Kill Switch in Private Internet Access (PIA) Client for Linux Unauthenticated Remote Code Execution in F*EX (Frams' Fast File EXchange) Directory Traversal Vulnerability in SteelCentral Aternity Agent Privilege Escalation and Arbitrary Code Execution in SteelCentral Aternity Agent 11.0.0.120 on Windows SSRF Vulnerability in Zoho Application Control Plus: Unauthorized Port and Network Discovery Information Disclosure Vulnerability in Zoho Application Control Plus Path Disclosure Vulnerability in ALPS ALPINE Touchpad Driver Persistent XSS in SOPlanning 1.46.01 via Project Name, Statutes Comment, Places Comment, or Resources Comment Field Denial of Service Vulnerability in Trustwave ModSecurity 3.x through 3.0.4 XSS Vulnerability in Victor CMS (register.php) User Firstname/Lastname Field Remote Code Execution Vulnerability in Microsoft Windows Codecs Library CSRF Vulnerability in CMSUno Allows Unauthorized Password Change LDAP Authentication Bypass Vulnerability in Trend Micro Deep Security 10.x-12.x Untrusted Search Path Remote Code Execution (RCE) Vulnerability in Trend Micro Security 2020 Invalid Memory Read Vulnerability in Trend Micro Security 2020 (v16.0.0.1302 and below) Driver Insecure SSL Server Certification Validation in Trend Micro Security 2019 (v15) Products LDAP Authentication Bypass Vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Remote Code Execution Vulnerability in Microsoft Graphics Components Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_dashboard.php Arbitrary Code Execution in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_ftp_manager.php Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Arbitrary Code Execution Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_ftp_manager.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_list_accounts.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_list_accounts.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_list_accounts.php Remote Code Execution Vulnerability in Microsoft Graphics Components Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP) Arbitrary File Write Vulnerability in CentOS Web Panel (CWP-E17.0.9.8.923) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_new_account.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_add_mailbox.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP-E17.0.9.8.923) via ajax_mail_autoreply.php Unauthenticated Remote Information Disclosure in CentOS Web Panel (CWP) Arbitrary Code Execution via TIF File Handling in Foxit Studio Photo 3.6.6.922 Title: Microsoft Office Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via PNG File Handling HNAP Service Authentication Bypass and Code Execution Vulnerability in D-Link DAP-1860 WiFi Extenders (ZDI-CAN-10084) Authentication Bypass Vulnerability in D-Link DIR-842 3.13B05 Routers Authentication Bypass Vulnerability in D-Link DIR-867, DIR-878, and DIR-882 Routers Arbitrary Code Execution Vulnerability in NETGEAR R6700 Router Firmware 1.0.4.84_10.0.58 Unauthenticated Remote Code Execution in NETGEAR R6700 V1.0.4.84_10.0.58 Routers Unauthenticated Remote Code Execution in NETGEAR Routers Remote Code Execution Vulnerability in Foxit PhantomPDF 9.7.1.29511 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.7.2.29539 (ZDI-CAN-10950) Arbitrary Code Execution in Marvell QConvergeConsole 5.5.0.64 Windows Jet Database Engine Remote Code Execution Vulnerability Unauthenticated Remote Information Disclosure in Marvell QConvergeConsole 5.5.0.64 Unauthenticated Remote Information Disclosure in Marvell QConvergeConsole 5.5.0.64 Remote Code Execution in Marvell QConvergeConsole 5.5.0.64 via isHPSmartComponent Method Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Thunderbird Autodiscovery Vulnerability: Unauthorized Disclosure of Credentials Remote Code Execution Vulnerability in Firefox for Android Cross-Origin Frame Injection Vulnerability File Picker Vulnerability in Firefox ESR < 68.11 for Android: Unauthorized File Theft and Upload Elevation of Privilege Vulnerability in Windows Junction Handling File Picker Application Exploit: Overwriting Firefox Settings in Firefox ESR < 68.11 for Android Unicode RTL Order Character File Extension Manipulation Vulnerability in Firefox for iOS < 28 Cross-Origin Redirect Leakage in JavaScript Errors in Web Workers Bypassing iframe Sandbox with Allow-Popups Flag and Noopener Links CSS Custom Cursor Endless Loop Vulnerability CORS Bypass Vulnerability in Firefox ESR, Firefox, and Thunderbird JIT Optimization Vulnerability in JavaScript Arguments Object DLL Hijacking Vulnerability in Firefox and Thunderbird File Type Spoofing Vulnerability in Firefox ESR, Firefox, and Thunderbird Memory Corruption Vulnerability in Firefox 78 and Firefox ESR 78.0 Windows Kernel Elevation of Privilege Vulnerability CSRF Vulnerability in geckodriver before 0.27.0 with Missing Content-Type Header Checks Password Leakage Vulnerability in Firefox for iOS < 28 via Rogue Webpage Unintended File Download Exploit in Firefox for iOS < 28 Arbitrary Code Execution with System Privileges in Mozilla Maintenance Service Remote Code Execution and Extension Installation Vulnerability in Firefox and Thunderbird Address Bar Persistence Vulnerability in Firefox < 80 MediaError Message Information Leakage Vulnerability Heap Overflow Vulnerability in Firefox < 80 Allows Arbitrary Code Execution Missing Lock Vulnerability in Firefox and Firefox for Android Use-after-free vulnerability in Firefox ESR and Thunderbird versions prior to 68.12 MSHTML Engine Remote Code Execution Vulnerability Memory Corruption Vulnerabilities in Firefox for Android 79 Race Condition Vulnerability in Firefox for Android < 80 Memory Corruption Vulnerabilities in Firefox 80 and Firefox ESR 78.2 Memory Corruption Vulnerabilities in Firefox 80 Buffer Overflow Vulnerability in Firefox < 81: Lifetime Mismatch in Surface Processing SVG onload Handler Execution Vulnerability in Firefox Open Redirect Vulnerability Allows Spoofing of Downloaded File Dialog Use-after-free vulnerability in APZCTreeManager::ComputeClippedCompositionBounds OAuth Session Fixation Vulnerability in Mozilla VPN Microsoft Edge PDF Reader Remote Code Execution Vulnerability External Protocol Handler Enumeration in Firefox < 82 Shared Stub Table Overwrite Vulnerability in Firefox < 82 External Protocol Prompt Spoofing Vulnerability in Firefox < 82 Memory Corruption Vulnerabilities in Firefox 81 and Firefox ESR 78.3 Memory Corruption Vulnerabilities in Firefox 81: Potential Arbitrary Code Execution STARTTLS Plaintext Injection Vulnerability in Thunderbird < 78.7 Hypervisor Component of ACRN Project: Root Access DoS via PCIe Assign/De-assign Hypercalls HTTP Digest Authentication Vulnerability in GoAhead Web Server NULL Pointer Dereference Denial of Service Vulnerability in Appweb Microsoft Edge Remote Code Execution Vulnerability Missing Newline Character Check in Nim's asyncftpclient Library Arbitrary Command Execution through browsers.openDefaultBrowser in Nim 1.2.4 CR-LF Injection Vulnerability in Nim 1.2.4's httpClient Library Vulnerability in Nim 1.2.4: Improper Server Response Validation in httpClient CSRF Vulnerability in Joomla! com_privacy XSS Vulnerability in Joomla! mod_random_image User table class vulnerability allows unauthorized modification of internal read-only fields Inadequate Filtering on Joomla! System Information Screen Exposes Redis or Proxy Credentials Usergroups Table Object Validation Vulnerability Remote Code Execution Vulnerability in Internet Explorer's Scripting Engine CSRF Vulnerability in Joomla! com_installer's ajax_install Endpoint Denial of Service Vulnerability in apport/report.py Race Condition Privilege Escalation Vulnerability in Apport Privilege Escalation via Unvalidated Locale Property in apt Transaction Local Privilege Escalation via modprobe Child Process Secure Boot Bypass Vulnerability in GRUB2 Race Condition in GRUB2's grub_script_function_create() Leads to Use-After-Free Vulnerability and Arbitrary Code Execution Heap-based buffer overflow vulnerability in GRUB2's efilinux component allows for arbitrary code execution and bypass of UEFI Secure Boot World Read/Write Permissions in Ubuntu's libvirt Control Socket: A Path to Arbitrary File Overwrite and Code Execution Vulnerability: Terminal Content Modification via PPA Description in add-apt-repository Windows Setup Elevation of Privilege Vulnerability Double Free Vulnerability in Bluez 5 Module of PulseAudio CSRF Vulnerability in MISP before 2.4.129 Allows Unauthorized Homepage Modification Directory Traversal Vulnerability in rConfig 3.9.5 SQL Injection Vulnerability in rConfig 3.9.5 Allows Remote Attackers to Manipulate Database SQL Injection Vulnerability in rConfig 3.9.5 Allows Remote Attackers to Manipulate Database Arbitrary Code Execution Vulnerability in rConfig 3.9.5 via search.crud.php Cross-Site Scripting (XSS) Vulnerability in RosarioSIS 6.7.2 Preferences.php Script Cross-Site Scripting (XSS) Vulnerability in RosarioSIS 6.7.2 Search.inc.php Script XSS Vulnerability in RosarioSIS 6.7.2 PrintSchedules.php Script Certificate-validation flaw in libldap with RFC6125 support Vulnerability: Lack of Certificate Validation in Dogtag PKI XSS Vulnerability in RosarioSIS 6.8-beta: Modules/Custom/NotifyParents.php Local Privilege Escalation Vulnerability in 360 Total Security (Version 12.1.0.1004 and below) Local Privilege Escalation Vulnerability in 360 Total Security Version 12.1.0.1004 and Below Local Privilege Escalation Vulnerability in 360 Total Security Version 12.1.0.1005 and Below Cross-Site Scripting (XSS) Vulnerability in Microsoft SharePoint Server Arbitrary File Write Vulnerability in Bitdefender Engines Improper Certificate Validation Vulnerability in Bitdefender Total Security Origin Validation Error Vulnerability in Bitdefender Antivirus Plus SafePay Component Origin Validation Error Vulnerability in Bitdefender Safepay: Unauthorized File Access Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Remote Code Execution via Stack-based Buffer Overflow in Victure PC420 Smart Camera Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Remote Code Execution Vulnerability in Microsoft SharePoint Insecure CSRF Prevention Token Transmission in Gradle Enterprise Unrestricted HTTP Header Reflection in Gradle Enterprise and Gradle Enterprise Build Cache Node Cross-Site Scripting (XSS) Vulnerability in Gradle Enterprise 2020.2 - 2020.2.4 DirectWrite Memory Disclosure Vulnerability Lack of Lock-out after Excessive Failed Logins in Gradle Enterprise 2018.5 Cross-Site Transmission of CSRF Token in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1 XML External Entity (XXE) Vulnerability in Gradle Enterprise Unrestricted Cross-Origin Read Access in Gradle Enterprise Export API Browser Session Hijacking Vulnerability in Gradle Enterprise Unauthenticated Access to High-Level Build Information in Gradle Enterprise CSRF Vulnerability in Gradle Enterprise 2018.2 - 2020.2.4 Unrestricted Deserialization Vulnerability in Maven Extension Plugin Command Injection Vulnerability in OpenSSH's scp.c toremote Function Path Traversal Vulnerability in socket.io-file Package Windows Kernel Information Disclosure Vulnerability ACPI Table Injection Vulnerability in Linux Kernel Cross-Site Scripting (XSS) Vulnerability in SICAM WEB Firmware for SICAM A8000 RTUs (All versions < V05.30) Memory Protection Bypass Vulnerability in Siemens Industrial Controllers and Drives Denial-of-Service Vulnerability in SIMATIC S7-300, SIMATIC TDC CPU555, and SINUMERIK 840D sl Insecure Storage of Sensitive Information in Spectrum Power 4 Configuration Files Cleartext Transmission of Usernames in Siveillance Video Client: NTLM Authentication Vulnerability Insufficient Authentication Blocking in SIMATIC HMI Panels Allows Brute-Force Attacks Authentication Bypass Vulnerability in SIMATIC HMI Unified Comfort Panels (<= V16) Cross-Site Scripting (XSS) Vulnerability in Polarion Subversion Webclient Cross-Site Request Forgery (CSRF) Vulnerability in Polarion Subversion Webclient Windows Function Discovery SSDP Provider Memory Handling Vulnerability Directory Listing Vulnerability in Spectrum Power 4 (All versions < V4.70 SP8) Insufficient Authentication Protocol Protection in SIMATIC S7 and SINUMERIK PLCs Desigo Insight Web Service Content-Based Blind SQL Injection Vulnerability Desigo Insight Clickjacking Vulnerability Information Disclosure Vulnerability in Desigo Insight Web Application DNS Domain Name Label Parsing Vulnerability in APOGEE and TALON Building Automation Systems Denial-of-Service Vulnerability in SIMATIC ET 200SP Open Controller and SIMATIC S7-1500 Software Controller Improper Access Control Vulnerability in DCA Vantage Analyzer Allows Escape from Restricted Environment Unauthenticated Remote Access Vulnerability in Siemens Industrial Devices Unauthenticated Remote Reboot Vulnerability in SCALANCE X-200 and X-200IRT Switches Cross-Site Scripting (XSS) Vulnerability in Microsoft SharePoint Server Heap Overflow Vulnerability in SCALANCE X-200 and X-300 Switches Bypassing sys.path Restrictions in Python 3.8.4 BLURtooth: Cross Transport Key Derivation Vulnerability in Bluetooth Core Specification v4.2 and v5.0 Stored XSS Vulnerability in Zabbix URL Widget Uncontrolled Memory Allocation in CODESYS Control Runtime System NULL Pointer Dereference Vulnerability in GNU LibreDWG before 0.11 SSRF and Path Traversal Vulnerability in SpinetiX Devices Elevation of Privilege Vulnerability in Microsoft Office Click-to-Run Components HTTP Request Smuggling Vulnerability in Squid Proxy Server HTTP Request Splitting and Cache Poisoning Vulnerability in Squid Proxy Server Lack of SSL Certificate Validation in Graylog LDAP Integration Vulnerability: Code Execution via DYLD Environment Variable Injection in Western Digital WD Discovery Arbitrary Issue Command Execution in JetBrains YouTrack Disclosure of Issue Existence in JetBrains YouTrack Subtasks Workflow SSRF Vulnerability in JetBrains YouTrack Allows Scanning Internal Ports Title: Microsoft Access Remote Code Execution Vulnerability Disclosure of Hidden File Existence in JetBrains YouTrack Markdown Parser Unauthenticated User Can Create Article Draft in JetBrains YouTrack SSRF Vulnerability in JetBrains YouTrack before 2020.2.10514 Allows URL Filtering Escape SSRF Vulnerability in JetBrains YouTrack Workflow Component Script-Cache Privilege Escalation Vulnerability in JetBrains Kotlin 1.4-M1 to 1.4-RC Privilege Escalation Vulnerability in JetBrains TeamCity Privilege Escalation Vulnerability in JetBrains TeamCity Missing Signature Verification for jetbrains-toolbox.exe in JetBrains ToolBox Version 1.17 Unauthorized Access to Project Parameter Values in JetBrains TeamCity Sensitive Password Disclosure in JetBrains TeamCity Build Logs Microsoft Word Memory Disclosure Vulnerability Stored XSS Vulnerability in JetBrains TeamCity Administration UI Reflected XSS Vulnerability in JetBrains TeamCity Administration UI Undocumented Remote Reboot Capability in Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Hard-coded Path Vulnerability in Dropbear SSH Daemon on Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Exposure of Wireless Network Password in QR Encoded Picture on Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Undocumented Authentication Bypass Vulnerability in Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Arbitrary Command Execution Vulnerability in Mofi Network MOFI4500-4GXeLTE 4.1.5-std Devices Weak Permissions in ConnectWise Automate Agent Update System Allow Privilege Escalation Unrestricted Size Denial-of-Service Vulnerability in Liferay Portal Elevation of Privilege Vulnerability in dnsrslvr.dll Bypassing 'portlet.resource.id.banned.paths.regexp' Property in Liferay Portal Versions 6.2 EE, DXP 7.2, DXP 7.1, and DXP 7.0 LDAP Server Password Disclosure Vulnerability Insecure Deserialization Vulnerability in Liferay Portal and Liferay DXP Privilege Escalation Vulnerability in ActFax Version 7.10 Build 0335 (2020-05-25) Blind Authenticated SQL Injection Vulnerability in Re:Desk 2.3 Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Insecure Permissions in Nakivo Backup & Replication Director v9.4.0.r43656 on Linux: Local Privilege Escalation Remote Access to Unencrypted Backup Repositories and Controller Configuration in Nakivo Backup & Replication Transporter version 9.4.0.r43656 I/O Port Permissions Synchronization Vulnerability in Linux Kernel 5.5 through 5.7.9 Vulnerability: Denial of Service in supybot-fedora 'refresh' Command Bodhi 5.6.1 Patched: Critical Cross-Site Scripting Vulnerabilities Resolved Directory Traversal Vulnerability in Thales DIS Devices Use-After-Free Vulnerability in QEMU 4.2.0's e1000e_core.c Business Logic Error in Parallels Remote Application Server (RAS) 17.1.1 Enables Unauthorized Remote Code Execution and Internal Domain Access Escalation of Privileges via UNIX Symbolic Link (Symlink) Following in Net-SNMP Arbitrary Command Execution via SNMP WRITE Access to EXTEND MIB in Net-SNMP 5.8 Buffer Overflow Vulnerability in XGMAC Ethernet Controller in QEMU XSS Vulnerability in Quali CloudShell 9.3 Login Page Stimulsoft Reports 2013.1.1600.0 Remote Code Execution Vulnerability Heap-Based Buffer Overflow in mrb_yield_with_class Function in mruby through 2.1.2-rc Authenticated Remote Code Execution via Git Hook in Gogs Incorrect Access Control in Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 Windows Ancillary Function Driver for WinSock Memory Handling Vulnerability Cross-Site Scripting (XSS) Vulnerability in Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 Remote Code Execution in Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 SQL Injection in LibreNMS via customoid.inc.php device_id parameter Insufficient Access Control in LibreNMS before 1.65.1 Bitwarden Server 1.35.1 Vulnerability: Inadequate Filtering of IPv6 and IPv4 Addresses Leading to SSRF Cross-Site Scripting (XSS) Vulnerability in MunkiReport's munki_facts Module CSRF Vulnerability in MunkiReport Allows Arbitrary Machine Deletion Cross-Site Scripting (XSS) Vulnerability in MunkiReport's managedinstalls Module SQL Injection Vulnerability in MunkiReport's TableQuery.php Allows Arbitrary SQL Command Execution Cross-Site Scripting (XSS) Vulnerability in MunkiReport Comment Module SQL Injection Vulnerability in MunkiReport's reportdata_controller.php Arbitrary SQL Command Execution in MunkiReport Software Update Module Heap-based Buffer Overflow in Lua through 5.4.0 due to Mishandling of Stack Resizes and Garbage Collection Heap-based Buffer Over-read in Lua 5.4.0: Insufficient Marking in youngcollection Windows Kernel Information Disclosure Vulnerability Out-of-Bounds Read Vulnerability in LuaJit through 2.1.0-beta3 Stack-based buffer overflow vulnerability in D-Link DAP-1520 devices before 1.10b04Beta02 Command Injection Vulnerability in D-Link DIR-816L Devices Exposed Administration Function in D-Link DIR-816L Devices Allows Retrieval of Sensitive Information Cross-Site Scripting (XSS) Vulnerability in D-Link DIR-816L Devices Authentication Bypass Vulnerability in D-Link DAP-1522 Devices Remote Traffic Loss and Incorrect Forwarding in Arista EOS Unidirectional Traffic Forwarding Vulnerability in Arista EOS Insufficient Data Validation in Grin 3.0.0 before 4.0.0: A Mimblewimble Vulnerability Elevation of Privilege Vulnerability in Connected User Experiences and Telemetry Service Memory Corruption Vulnerability in Artifex Ghostscript 9.50 and 9.52 Arbitrary Command Execution in Nagios XI before 5.7.3 via ajaxhelper.php Cross-Site Scripting (XSS) Vulnerability in Graph Explorer of Nagios XI before 5.7.2 Privilege Escalation Vulnerability in Nagios XI Backend Scripts Buffer Overflow in bsdiff4 Patching Routine: Heap Memory Write Vulnerability Blank Admin Password Vulnerability in Tiki before 21.2 JavaScript Execution in Mahara File and Folder Names Directory Traversal Vulnerability in Cauldron cbang (C-Bang or C!) before 1.6.0 Session Hijacking Vulnerability in SolarWinds N-central 2020.1 Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) SolarWinds N-Central Version 12.3 GA and Lower - HTTPOnly Cookie Vulnerability Vulnerability: Unauthorized Door Access in Tesla Model 3 Vehicles via NFC Relay Cross-Site Scripting (XSS) Vulnerability in Origin Client for Mac and PC 10.5.86 or Earlier Remote Command Execution via goform/AdvSetLanip Endpoint on Tenda AC15 AC1900 15.03.05.19 Devices Protocol Violation in Claws Mail: Mishandling of Suffix Data after STARTTLS Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Mida eFramework 2.9.0 Reflected Cross Site Scripting (XSS) Vulnerability in Mida eFramework 2.9.0 Windows Kernel Information Disclosure Vulnerability Mida eFramework OS Command Injection Vulnerability Backdoor Vulnerability in Mida eFramework 2.9.0 Allows Unauthorized Administrative Access and Code Execution Mida eFramework 2.9.0 OS Command Injection Vulnerability with Remote Code Execution Unauthenticated Directory Traversal Vulnerability in Mida eFramework 2.9.0 SQL Injection Vulnerability in Mida eFramework 2.9.0 Allows Information Disclosure SQL Injection Vulnerability in Loway QueueMetrics (before 19.10.21) via TPF_XPAR1 Parameter Rocket.Chat XSS Vulnerability Allows Remote Code Execution on Client Side Authenticated SQL Injection in Zoho ManageEngine Applications Manager SAP Module Directory Traversal Vulnerability in Ortus TestBox 2.4.0 through 4.1.0 Remote Code Execution Vulnerability in Ortus TestBox 2.4.0 through 4.1.0 Windows Media Audio Decoder Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in Joplin Desktop 1.0.190 to 1.0.245 via Malicious HTML Embed Tag Remote Capture of Domain Administrator Net-NTLMv1/v2 Authentication Challenge Hash Vulnerability Elevation of Privileges Vulnerability in Overwolf before 0.149.2.30 Information Disclosure Vulnerability in Fortinet FortiMail Cleartext Storage of Sensitive Information in FortiADC GUI Sensitive Information Disclosure via SNI Client Hello TLS Packets in Fortinet FortiGate Stored Cross-Site Scripting (XSS) Vulnerability in FortiGate IPS and WAF Logs Dashboard Vulnerability: Non-HTTP/S Traffic Bypasses Transparent Proxy Policy in FortiGate Versions Below 6.2.5 and 6.4.2 Improper Access Control Vulnerability in FortiSandbox Versions 3.2.1 and below and 3.1.4 and below Allows Unauthorized Download of Configuration File Remote Code Execution Vulnerability in Microsoft Excel Software Remote Code Injection Vulnerability in FortiClientEMS FortiClientEMS Path Traversal Vulnerability in Deployment Packages Password Disclosure Vulnerability in Fortinet FortiWeb Web Vulnerability Scan Profile Privilege Escalation and Cross-Site Scripting (XSS) Vulnerability in Gantt-Chart Module for Jira Persistent XSS Vulnerability in Gantt-Chart Module for Jira Segmentation Fault Vulnerability in Lua 5.4.0: Incorrect Expectation of Updated oldpc Value Arbitrary SQL Command Execution in Loway QueueMetrics Cross-Site Scripting (XSS) Vulnerability in eGain Chat 15.5.5 via Name Field Insecure Permissions in Immuta v2.8.2: User Account Takeover Vulnerability Remote Code Execution Vulnerability in Microsoft SharePoint Improper Session Management in Immuta v2.8.2: User Sessions Not Revoked Upon Logout HTML Injection Vulnerability in Immuta v2.8.2 Allows for Phishing Attacks Stored and Reflected XSS Vulnerabilities in Immuta v2.8.2 STARTTLS Buffering Vulnerability in LibEtPan Unencrypted POP3 Communication Vulnerability in KDE KMail 19.12.3 Arbitrary Command Injection Vulnerability in s/qmail STARTTLS Encryption Buffer Overflow Vulnerability in ACTi NVR3 Standard Server 3.0.12.42 JWT Signature Bypass Vulnerability in DP3T-Backend-SDK Insecure Direct Object Reference Vulnerability in 1CRM System Information Disclosure via Social Engineering in Google Chrome Weak Hash Algorithm Information Disclosure Vulnerability Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Sandbox Escape Vulnerability in Google Chrome Extensions Out of Bounds Memory Access Vulnerability in Google Chrome (prior to 85.0.4183.121) Sandbox Escape Vulnerability in Google Chrome Extensions Heap Corruption Vulnerability in Google Chrome (prior to 85.0.4183.121) via Crafted HTML Page Type Confusion Vulnerability in V8: Remote Out of Bounds Memory Access in Google Chrome (CVE-2020-15999) Insufficient Policy Enforcement in Google Chrome Extensions: Exploiting Sensitive Information Leakage Remote Code Execution via Use After Free in Google Chrome Payments Remote Code Execution Vulnerability in Google Chrome Prior to 86.0.4240.75 WebRTC Use After Free Vulnerability in Google Chrome (CVE-2020-15999) ASP.NET Core Denial of Service Vulnerability NFC Use After Free Vulnerability in Google Chrome Prior to 86.0.4240.75 Sandbox Escape via Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in Google Chrome Prior to 86.0.4240.75 via Crafted HTML Page Bypassing Same Origin Policy via Crafted Chrome Extension in Google Chrome (CVE-2020-15999) Bypassing Site Isolation via Integer Overflow in Google Chrome SwiftShader Integer Overflow Vulnerability in Google Chrome WebXR Use After Free Vulnerability in Google Chrome on Android Information Disclosure Vulnerability in Google Chrome on OS X Remote Code Execution via Navigation Bypass in Google Chrome on Android Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-15999) Elevation of Privilege Vulnerability in Windows Universal Plug and Play (UPnP) Service Bypassing Navigation Restrictions via Crafted Intents in Google Chrome on Android Audio Out of Bounds Read Vulnerability in Google Chrome Remote Information Disclosure Vulnerability in Google Chrome Bypassing Content Security Policy in Google Chrome on ChromeOS Omnibox Spoofing Vulnerability in Google Chrome on iOS Remote Security UI Spoofing Vulnerability in Google Chrome Heap Corruption via Crafted HTML Page in Google Chrome Remote Code Execution via Use After Free in WebRTC Stream Arbitrary Code Execution via Insufficient Policy Enforcement in Google Chrome Downloads Uninitialized Data Vulnerability in PDFium in Google Chrome (CVE-2020-15999) Windows Identity Spoofing Vulnerability Sandbox Escape via Use After Free Vulnerability in Google Chrome Autofill Sandbox Escape via Use After Free Vulnerability in Google Chrome's Password Manager Bypassing Same Origin Policy in Google Chrome prior to 86.0.4240.75 via Insufficient Policy Enforcement Remote Code Execution via Use After Free in Google Chrome Printing Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2020-15999) V8 Out of Bounds Write Vulnerability in Google Chrome (CVE-2020-15999) Sandbox Escape via Use After Free Vulnerability in Google Chrome Sandbox Escape via Use After Free Vulnerability in Mojo in Google Chrome Sandbox Escape via Use After Free Vulnerability in Google Chrome USB (CVE-2020-15999) Heap Buffer Overflow in Freetype: Remote Code Execution in Google Chrome Uncontrolled Resource Consumption Vulnerability in Juniper Networks Junos OS Heap Corruption Vulnerability in Google Chrome (CVE-2020-15999) Remote Code Execution Vulnerability in Google Chrome Prior to 86.0.4240.111 PDFium Use After Free Vulnerability in Google Chrome (CVE-2020-15999) Remote Code Execution via Use After Free in Google Chrome Printing Remote Code Execution Vulnerability in Google Chrome User Interface Heap Corruption Vulnerability in ANGLE in Google Chrome Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-15999) Local Privilege Escalation Vulnerability in Google Chrome Installer WebRTC Stack Buffer Overflow Vulnerability in Google Chrome Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-15999) Juniper Networks Junos OS Path Computation Element Protocol (PCEP) Malformed Packet Denial of Service Vulnerability Heap Buffer Overflow in Google Chrome for Android: Remote Code Execution and Sandbox Escape Vulnerability Heap Buffer Overflow in Google Chrome UI: Remote Code Execution and Sandbox Escape Vulnerability Cross-Origin Data Leakage in Graphics in Google Chrome Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-16040) Sandbox Escape via Use After Free Vulnerability in Google Chrome Heap Corruption Vulnerability in Google Chrome WASM (prior to 87.0.4280.66) Sandbox Escape Vulnerability in Google Chrome (prior to 86.0.4240.193) Sandbox Escape via Use After Free Vulnerability in Google Chrome's Site Isolation Remote Code Execution via Use After Free in Google Chrome Payments (CVE-2020-16013) Bypassing Noexec Restrictions in Google Chrome on ChromeOS Remote Code Execution Vulnerability in Juniper Networks JDHCPD Process Bypassing Discretionary Access Control in Cryptohome on Google ChromeOS OS-level privilege escalation vulnerability in Google Chrome on ChromeOS prior to 87.0.4280.66 Bypassing Firewall Controls via Insufficient Policy Enforcement in Google Chrome WebCodecs Use After Free Vulnerability in Google Chrome Heap Buffer Overflow in Google Chrome's UI: Remote Code Execution and Sandbox Escape Vulnerability Heap Buffer Overflow in Clipboard: Remote Sandbox Escape in Google Chrome WebRTC Use After Free Vulnerability in Google Chrome (CVE-2020-16043) Insufficient Policy Enforcement in Google Chrome Developer Tools Allows Information Disclosure via Malicious Extension WebRTC Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability PDFium Remote Navigation Bypass Vulnerability Juniper Networks Junos OS IPv6 Packet Egress Vulnerability Remote Code Injection Vulnerability in Google Chrome (CVE-2020-16009) Omnibox Spoofing Vulnerability in Google Chrome (CVE-2020-16042) Omnibox Spoofing Vulnerability in Google Chrome (CVE-2020-16042) Remote Security UI Spoofing Vulnerability in WebUSB in Google Chrome WebRTC Policy Bypass Vulnerability in Google Chrome (CVE-2020-16042) Bypassing noexec Restrictions via Insufficient Data Validation in cros-disks in Google Chrome on ChromeOS Cookie Bypass Vulnerability in Google Chrome (prior to 87.0.4280.66) Remote Code Execution Vulnerability in Google Chrome's Clipboard Handling (CVE-2020-16009) Remote Code Execution Vulnerability in Google Chrome on OS X Remote Code Execution Vulnerability in Google Chrome Extensions Vulnerability in IP Firewall Filter Evaluation on Juniper Networks Junos OS Heap Corruption Vulnerability in V8 Engine of Google Chrome (Versions prior to 87.0.4280.88) Remote Information Disclosure Vulnerability in Google Chrome Uninitialized Use Vulnerability in V8 in Google Chrome (CVE-2020-16040) Bypassing Discretionary Access Control via Insufficient Data Validation in Google Chrome Networking WebRTC Heap Corruption Vulnerability in Google Chrome 88.0.4324.96 Sandbox Escape via Use after Free Vulnerability in Google Chrome on Android Remote Code Execution Vulnerability in iOSWeb on Google Chrome for iOS Remote Code Execution Vulnerability in ANGLE Allows Unauthorized Data Access via Crafted HTML Page Arbitrary Command Execution Vulnerability in Juniper Networks JDHCPD Path Traversal Vulnerability in Juniper Networks Junos OS Insufficient Cross-Site Scripting (XSS) Protection in J-Web: Remote Code Injection and Session Hijacking Vulnerability Kernel Crash and Reboot Vulnerability in Juniper Networks Junos OS for MX Series Devices Arbitrary Command Execution Vulnerability in Zalo Desktop 19.8.1.0 Authentication Bypass Vulnerability in OpenIKED Arbitrary Command Execution Vulnerability in Juniper Networks JDHCPD Denial of Service Vulnerability in QEMU Network Packet Processing Default configuration of Net::LDAPS module in LemonLDAP::NG allows unverified X.509 certificates in remote LDAP backends Unlimited Recursion Vulnerability in Claws Mail's imap_scan_tree_recursive Function XSS Vulnerability in TYPO3 dlf Extension (aka Kitodo.Presentation) before 3.1.2 Unrestricted Access to Sensitive Data in Gallagher Command Centre Debug Port Vulnerability in T Series Readers Allows Retrieval of MIFARE Plus and Desfire Site Keys Access Card Credential Enumeration Vulnerability in Command Centre Versions Prior to v8.20.1166(MR3) Vulnerability: Denial of Service in Gallagher Command Centre v8.20 Unauthenticated Remote DCOM Websocket Connection Crash Vulnerability Remote DCOM Websocket Connection Out-of-Bounds Buffer Access Vulnerability in Command Centre Service Authentication Bypass Vulnerability in Gallagher Command Centre Server Type Confusion Vulnerability in Gallagher Command Centre Server SQL Injection Vulnerability in Gallagher Command Centre's Enterprise Data Interface Juniper Networks Junos Space Local File Inclusion Vulnerability Directory Traversal Vulnerability in KDE Ark before 20.08.0 NULL Pointer Dereference Vulnerability in GNOME Evolution-Data-Server NULL Pointer Dereference Vulnerability in GNOME Balsa before 2.6.0 Linux Kernel Use-After-Free Vulnerability in DCCP Socket Listener Overlayfs Vulnerability: Unauthorized File Access in User Namespace Detailed Error Messages in PackageKit Expose File Presence and Mimetype Vulnerability PackageKit's apt backend allows installation of malicious packages due to mistaken trust of all local deb files Race condition in Ubuntu-specific PulseAudio patch allows snap connections without proper confinement Integer Overflow or Wraparound Vulnerability in OpenRobotics ros_comm XML RPC Library Privilege Escalation via gnome-initial-setup in gdm3 Improper Dropping of ruid in Ubuntu AccountsService Allows Untrusted Users to Disrupt D-Bus Communication Unbounded Read Operations in AccountsService: Infinite Loop Vulnerability Vulnerability: aptdaemon DBus Interface File Existence Disclosure BGP FlowSpec Vulnerability in Juniper Networks Junos OS Cross-Site Scripting (XSS) Vulnerability in Tiki before 21.2 Privilege Escalation via Sysbus-API on Swisscom Internet Boxes NULL Pointer Dereference in libssh 0.9.4's tftpserver.c Directory Traversal Vulnerability in tgstation-server 4.4.0 and 4.4.1 Privilege Escalation Vulnerability in Cisco Unified IP Conference Station 7937G Denial-of-Service Vulnerability in Cisco Unified IP Conference Station 7937G Remote Denial-of-Service Vulnerability in Cisco Unified IP Conference Station 7937G Use of Hard-coded Credentials Vulnerability in Juniper Networks NFX250 Series vSRX VNF XSS Vulnerability in Greenmart Theme 2.4.2 for WordPress Search Functionality Vulnerability: Format String Exploit in Mercedes-Benz C Class AMG Premium Plus c220 BlueTec Bluetooth Stack DLL Hijacking Vulnerability in Seafile-Client 7.0.8 Permission Issue Allows Virus Upload and Fails to Delete in ownCloud Files Antivirus Component Stored XSS in Roundcube Webmail via Crafted SVG Document Buffer Overflow in BluFi Provisioning in Espressif ESP-IDF Unauthenticated Code Injection Vulnerability in Telmat AccessLog <= 6.0 (TAL_20180415) Authenticated Code Injection Vulnerability in Telmat AccessLog <= 6.0 (TAL_20180415) Default Credentials Vulnerability in Juniper Networks vMX Lucky 13 Timing Side Channel Vulnerability in Mbed TLS Remote Code Execution in ExtremeWireless Aerohive HiveOS and IQ Engine Signature Verification Bypass in App::cpanminus package 1.7044 for Perl Lack of Unique Signed Data Definition in CPAN::Checksums Package 2.12 for Perl CPAN 2.28 Signature Verification Bypass Vulnerability Stored XSS Vulnerability in Nagios Log Server 2.1.7 and earlier via Email Users menu Stack Out-of-Bounds Write Vulnerability in GoPro GPMF-Parser Heap Out-of-Bounds Read and Segfault Vulnerability in GoPro gpmf-parser 1.5 Insufficient Server-Side Login Attempt Limit Enforcement in Juniper Networks JATP and vJATP Devices GoPro gpmf-parser 1.5 Division-by-Zero Vulnerability in GPMF_Decompress() GoPro gpmf-parser 1.5 Division-by-Zero Vulnerability in GPMF_ScaledData() CRL Validation Bypass Vulnerability in RIPE NCC RPKI Validator Lack of TLS Validation in RIPE NCC RPKI Validator Allows Access Bypass and Denial of Service RPKI Validator Access Restriction Bypass and Denial of Service Vulnerability SQL Injection Vulnerability in SpringBlade's DAO/DTO Implementation Observation-based Information Leakage in Linux Kernel's Network RNG (CID-f227e3ec3b5c) Remote Call Hijacking and Unauthorized Control of temi Robox OS Remote Access to temi Robox OS and MQTT Broker via Origin Validation Error Elevated Privileges and Unauthorized Control in temi Robox OS and Android App Denial of Service Vulnerability in Juniper Networks Junos OS Devices without AFI/AFT Support Remote Eavesdropping Vulnerability in temi Robox OS and Android App SSRF Vulnerability in Acronis Cyber Backup Authentication Bypass Vulnerability on Juniper Networks EX and QFX Series Privilege Escalation Vulnerability in Juniper Networks QFX10K, EX9200, MX, and PTX Series with NG-RE Reflected XSS Vulnerability in LimeSurvey 4.3.2 Cross-Site Scripting (XSS) Vulnerability in osTicket before 1.14.3 via unvalidated echo in include/staff/banrule.inc.php Insecure Direct Object Reference (IDOR) Vulnerability in Prestashop Opart devis < 4.0.2 Allows Unauthorized Access to User's Invoice and Delivery Address Scope Validation Bypass and Unauthorized Certificate Usage in Octopus Deploy 3.4 Insufficient Identity Verification in Philips Clinical Collaboration Platform Multiple Stack-Based Buffer Overflow Vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor Password Hash Disclosure Vulnerability in Junos OS Evolved Resource Exhaustion Vulnerability in Philips Clinical Collaboration Platform Multiple Out-of-Bounds Read Vulnerabilities in Delta Industrial Automation CNCSoft ScreenEditor Incorrect Permissions in WebAccess Node Services Can Lead to Code Execution with System Privileges Uninitialized Pointer Vulnerability in Delta Industrial Automation CNCSoft ScreenEditor Undocumented Interface Vulnerability on N-Tron 702-W / 702M12-W (all versions) Remote Code Execution Vulnerability in G-Cam and G-Code Firmware Versions 1.12.0.25 and prior Stored Cross-Site Scripting Vulnerability in N-Tron 702-W / 702M12-W (all versions) Multiple Heap-Based Buffer Overflow Vulnerabilities in Advantech WebAccess HMI Designer Cross-Site Request Forgery Vulnerability in N-Tron 702-W / 702M12-W Buffer Overflow Vulnerability in Fieldcomm Group HART-IP Interface Password Hash Disclosure Vulnerability in Junos OS Evolved Remote Code Execution Vulnerability in N-Tron 702-W / 702M12-W (all versions) Out-of-Bounds Read Vulnerability in Advantech WebAccess HMI Designer Vulnerability: Unauthorized Resource Access and Local Breakout in PICiX Versions B.02, C.02, C.03 Buffer Overflow Vulnerability in Advantech WebAccess HMI Designer CSV Injection Vulnerability in Patient Information Center iX (PICiX) Versions B.02, C.02, C.03 Stack-based Buffer Overflow in Advantech WebAccess HMI Designer Input Validation Vulnerability in IntelliVue Patient Monitors Double Free Vulnerability in Advantech WebAccess HMI Designer: Remote Code Execution and Information Disclosure Unsanitized User Input in PICiX Versions B.02, C.02, C.03 Allows Unauthorized Access to Patient Data Out-of-Bounds Read Vulnerability in Delta Electronics TPEditor Versions 1.97 and Prior Vulnerability: Password and Shared Secret Hash Disclosure in Junos OS Evolved Certificate Enrollment Service Crash in PICiX and PerformanceBridge Focal Point Stack-Based Buffer Overflow in Delta Electronics TPEditor Versions 1.97 and Prior Insufficient Identity Verification in PICiX and PerformanceBridge Focal Point Heap-Based Buffer Overflow in Delta Electronics TPEditor Versions 1.97 and Prior Vulnerability: Inconsistent Length Field Handling in PICiX Versions C.02, C.03 Vulnerability in Delta Electronics TPEditor Versions 1.97 and Prior: Write-What-Where Condition Exploit Impersonation Vulnerability in Mitsubishi Electric Products Enables Remote Command Execution Improper Input Validation in Delta Electronics TPEditor Versions 1.97 and Prior Certificate Revocation Check Vulnerability in PICiX, PerformanceBridge Focal Point, and IntelliVue Patient Monitors Type Confusion Vulnerability in Advantech WebAccess HMI Designer Sensitive Configuration Information Disclosure in Junos OS Evolved CORS Configuration Vulnerability in Ewon Flexy and Cosy Allows for Information Retrieval Weak Cryptography in Bachmann Electronic M-Base Controllers: Password Vulnerability Buffer Overflow Vulnerability in Yokogawa WideField3 R1.01 - R4.03 CodeMeter Heap Data Leakage Vulnerability Stack-Based Buffer Overflow Vulnerability in PLC WinProladder Version 3.28 and Prior Emerson OpenEnterprise Vulnerability: Inadequate Encryption Allows Unauthorized Access Out-of-Bounds Read Vulnerability in FPWIN Pro Allows Remote Code Execution Input Validation Vulnerability in Philips SureSigns VS4, A.07.107 and prior Privilege Escalation Vulnerability in B. Braun Melsungen AG SpaceCom and Data Module compactplus Insufficient Identity Verification in Philips SureSigns VS4 Software Vulnerability: Password and Shared Secret Hash Disclosure in Junos OS Evolved Insecure Direct Object Reference (IDOR) Vulnerability in GE Digital APM Classic Unrestricted Access Vulnerability in Philips SureSigns VS4, A.07.107 and prior Cross-Site Scripting (XSS) Vulnerability in Reason S20 Ethernet Switch Buffer Overflow Vulnerabilities in LeviStudioU (Version 2019-09-21 and prior) Insecure Password Hashing in GE Digital APM Classic Puts User Accounts at Risk Path Traversal Vulnerabilities in Advantech iView 5.7 and Prior Versions Cross-Site Scripting (XSS) Vulnerability in Reason S20 Ethernet Switch Inappropriate Access Control Vulnerability in Philips Clinical Collaboration Platform SSRF Vulnerability in Prometheus Blackbox Exporter Memory Leak Vulnerability in Juniper Networks Junos OS Authentication Bypass Vulnerability in HashiCorp Vault with AWS IAM Auth Method Authentication Bypass Vulnerability in HashiCorp Vault with GCP GCE Auth Method CSRF Vulnerability in Field Test Gem 0.2.0 - 0.3.2 for Ruby CSRF Vulnerability in PgHero Gem (Ruby) CSS Injection Vulnerability in Chartkick Gem XSS Vulnerability in ownCloud (Core) Login Page 'Forgot Password' CSRF Vulnerability in Winston 1.5.4 API Command Injection Vulnerability in Winston 1.5.4 API Default Credentials in Monit Service of Winston 1.5.4 Devices Undocumented SSH User Account Vulnerability in Winston 1.5.4 Devices Juniper Networks Junos OS Evolved Denial of Service Vulnerability Unauthenticated Access Control Vulnerability in Winston 1.5.4 Devices U-Boot Interrupt Vulnerability in Winston 1.5.4 Devices Enables Local Root Access Root Privilege Escalation Vulnerability in Winston 1.5.4 Devices Arbitrary Origin Trust Vulnerability in Winston 1.5.4 Devices Arbitrary HTML Injection in MantisBT Custom Field Leads to XSS Vulnerability Authenticated SQL Injection in Zoho ManageEngine Applications Manager (CVE-2021-40539) Elevation of Privileges via MSI Installer in 1E Client Segmentation Fault Vulnerability in radare2 4.5.0 due to Misparsed DWARF Information Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS on vMX and MX150 Devices OLIMPOKS 3.3.39 Auth/Admin ErrorMessage XSS Vulnerability: Exploiting a Critical XSS Vulnerability in a Widely Used Application Insufficiently Random Number Generation in Kee Vault KeePassRPC Allows Remote Data Manipulation Missing Validation in SRP-6a Implementation in Kee Vault KeePassRPC Allows Remote Data Manipulation Stack-Underflow Attack Vulnerability in Armv8-M TrustZone Processors Arbitrary Script Execution via Cross-Site Scripting (XSS) in SAINT Security Suite Credential Manager SQL Injection Vulnerability in SAINT Security Suite 8.0 through 9.8.20 Allows Unauthorized Database Access SQL Injection Vulnerability in SAINT Security Suite Analytics Component SAINT Security Suite 8.0 through 9.8.20 Cross-Site Scripting (XSS) Vulnerability Remote Code Execution Vulnerability in Kommbox Component of RangeeOS 8.0.4 Information Exposure Vulnerability in Juniper Networks Junos OS on EX4300 Switches Plaintext Storage of Credentials in RangeeOS 8.0.4 Modules Unrestricted Context Menus Vulnerability in Kommbox Component of RangeeOS 8.0.4 Privilege Escalation and Full System Compromise in RangeeOS 8.0.4 Buffer Overflow Vulnerability in lprn_is_black() in GhostScript v9.50 Buffer Overflow Vulnerability in GhostScript v9.50 Allows Remote DoS via Crafted PDF Buffer Overflow Vulnerability in cif_print_page() in Artifex Software GhostScript v9.50 Allows Remote DoS via Crafted PDF Race Condition Vulnerability in Juniper Network Junos OS Devices Buffer Overflow Vulnerability in jetp3852_print_page() in Artifex Software GhostScript v9.50 Allows Remote DoS Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Remote Denial of Service Buffer Overflow Vulnerability in GhostScript v9.50 Allows Remote DoS via Crafted PDF Null Pointer Dereference Vulnerability in GhostScript v9.50 Allows Remote DoS Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Remote DoS via Crafted PDF File Null Pointer Dereference Vulnerability in clj_media_size() in GhostScript v9.50 Buffer Overflow Vulnerability in GetNumWrongData() in GhostScript v9.50 Allows Remote DoS Buffer Overflow Vulnerability in FloydSteinbergDitheringC() in GhostScript v9.50 Buffer Overflow Vulnerability in mj_color_correct() in GhostScript v9.50 Division by Zero Vulnerability in bj10v_print_page() in GhostScript v9.50 Privilege Escalation Vulnerability in Juniper Networks Junos OS Devices with Dual Routing Engines Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Remote DoS via Crafted PDF Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Remote DoS via Crafted PDF File Buffer Overflow Vulnerability in jetp3852_print_page() in Artifex Software GhostScript v9.50 Allows Privilege Escalation via Crafted PDF File Use-After-Free Vulnerability in Artifex Software GhostScript v9.50 Allows Privilege Escalation via Crafted PDF File Buffer Overflow Vulnerability in Artifex Software GhostScript v9.50 Allows Privilege Escalation via Crafted EPS File Buffer Overflow Vulnerability in pcx_write_rle() in GhostScript v9.50 Allows Remote DoS Null Pointer Dereference Vulnerability in Artifex Software GhostScript v9.50 Allows Remote Denial of Service Null Pointer Dereference Vulnerability in Artifex Software GhostScript v9.50 Allows Remote Denial of Service Buffer Overflow Vulnerability in p_print_image() in GhostScript v9.50 Allows Remote DoS Buffer Overflow Vulnerability in lxm5700m_print_page() in Artifex Software GhostScript v9.50 Vulnerability in Juniper Networks Junos OS HTTP/HTTPS Service Division by Zero Vulnerability in dot24_print_page() in GhostScript v9.50 BGP UPDATE Message DoS Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Denial of Service (DoS) vulnerability in Junos OS 17.4 and later releases Denial of Service Vulnerability in Juniper Networks Junos OS on High-End SRX Series Devices Vulnerability in Juniper Networks SRX Series Device: Unauthorized Access to Network Resources Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Juniper Networks Junos OS Ethernet OAM Packet Handling Denial of Service Vulnerability Denial of Service Vulnerability in Juniper Networks Junos OS BGP Packet Processing Race Condition Vulnerability in Juniper Networks Junos OS LLDP Implementation Leading to Denial of Service (DoS) Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS BGP UPDATE Packet Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Devices Vulnerability: DNS Filtering Service Crash on Juniper Networks Junos MX Series Juniper Networks Junos OS and Junos OS Evolved BGP UPDATE Processing Vulnerability Double Free Vulnerability in Juniper Networks SRX Series with ICAP Redirect Service Juniper Networks Junos OS and Junos OS Evolved BGP Packet Processing Vulnerability Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS with MPC7, MPC8, or MPC9 Line Cards Denial of Service Vulnerability in Juniper Networks Junos MX Series with Service Card Memory Leak Vulnerability in Juniper Networks MX Series OpenNMS Port 9443 Vulnerability Vulnerability: Juniper Networks Junos OS TCP Packet Mbuf Leak Vulnerability: Denial of Service (DoS) and Remote Code Execution (RCE) in Juniper Networks SRX Series with ICAP Redirect Service Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS with Inline IP Reassembly Juniper Networks Junos OS DHCPv6 Relay-Agent Service Denial of Service (DoS) and Remote Code Execution (RCE) Vulnerability Vulnerability in Juniper Networks Junos OS Allows Spoofing of IPSec Peers on SRX Series Devices Heap-based Buffer Overflow Vulnerability in Academy Software Foundation OpenEXR 2.3.0 Null Pointer Dereference Vulnerability in Academy Software Foundation OpenEXR 2.3.0 Head-based Buffer Overflow in OpenEXR 2.3.0: Denial of Service Vulnerability Double Free Vulnerability in GNU Binutils 2.35's Binary File Descriptor (BFD) Library Denial of Service Vulnerability in GNU Binutils 2.35: Invalid Read in BFD's process_symbol_table Use After Free Vulnerability in GNU Binutils 2.34's BFD Library Null Pointer Dereference Vulnerability in GNU Binutils 2.35's libbfd Library Null Pointer Dereference Vulnerability in GNU Binutils 2.35 Denial of Service (DoS) Vulnerability in Juniper Networks Junos MX Series with DNS Filtering Enabled Use After Free Vulnerability in MuPDF Library 1.17.0-rc1 and Earlier Razer Chroma SDK Rest Server Remote Code Execution Vulnerability Remote Code Execution via Cross-Site Scripting (XSS) in Notable 1.8.4 Denial of Service (DoS) vulnerability in Juniper Networks Junos OS DHCP Forwarder Cross-Site Request Forgery (CSRF) vulnerability in Hoosk Codeigniter CMS before 1.7.2 allows unauthorized deletion of user accounts BGP Session Flapping Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Devices SQL Injection Vulnerability in PhpOK 5.4.137 Allows Remote File Write Vulnerability: Unauthorized Access to Attributes in TI BLE Stack Remote Code Execution Vulnerability in DedeCMS V5.7 SP2 via action_search.php Stack Buffer Overflow Vulnerability in Juniper Networks Junos OS DCD Allows for DoS and Arbitrary Code Execution IPv6 DDoS Protection Bypass Vulnerability on Juniper Networks MX and EX9200 Series Vulnerability: Unauthorized Access to Active CLI Session in Juniper Networks Junos OS Evolved Race Condition Vulnerability in Juniper Networks Junos MX Series with DNS Filtering Enabled High CPU Load Vulnerability in Juniper Networks EX2300 Series Insecure Storage of Password Hashes in Juniper NFX350 Series Devices Juniper Networks EX4300 Series IPv4 Packet Stream Vulnerability Juniper Networks Junos OS DHCPv6 Malformed Packet Crash Vulnerability Juniper Networks Junos OS DHCPv6 Relay Denial of Service Vulnerability Insufficient Cross-Site Scripting (XSS) Protection in Juniper Networks J-Web and Web-Based Services SAML Authentication Bypass Vulnerability in Juniper Networks Mist Cloud UI SAML Authentication Bypass Vulnerability in Juniper Networks Mist Cloud UI SAML Response Modification Vulnerability in Juniper Networks Mist Cloud UI Memory Leak Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Platforms with EVPN Configuration Stuck Kernel Routing Table (KRT) Queue Vulnerability in Juniper Networks PTX and QFX Series Devices Denial of Service Vulnerability in Juniper Networks MX Series with NAT64 Configuration Denial of Service (DoS) Vulnerability in Juniper Networks Junos OS Evolved Input Validation Vulnerability in Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based Platforms Memory Leak Vulnerability in Juniper Networks Junos OS Devices Unauthenticated WebSocket Request Allows Password Change on Crestron DM-NVX-DIR Devices High CPU Load Vulnerability in Juniper Networks SRX Series with Application Identification Inspection Enabled Denial of Service Vulnerability in Firecracker Network Stack Authorization Bypass Vulnerability in Istio 1.5.0 - 1.5.8 and 1.6.0 - 1.6.7 Infinite Read Loop Vulnerability in encoding/binary's ReadUvarint and ReadVarint Shell Injection Vulnerability in SaltStack Salt API with SSH Client Enabled Unauthenticated Reflected XSS Vulnerability in Extreme Management Center (EMC) before 8.5.0.169 (CFD-4887) Canon MF237w 06.07 Devices Vulnerability: Improper Handling of Length Parameter Inconsistency in IPv4/ICMPv4 Component VXLAN Firewall Filter Discard Action Failure Denial of Service Vulnerability in Mitsubishi MELSEC iQ-R Series PLCs with Firmware 49 Elevation of Privilege Vulnerability in OneDrive for Windows Desktop Elevation of Privilege Vulnerability in OneDrive for Windows Desktop Elevation of Privilege Vulnerability in OneDrive for Windows Desktop Windows Kernel Information Disclosure Vulnerability Uninitialized Variable Information Disclosure Vulnerability in Microsoft Office Software Remote Code Execution Vulnerability in Visual Studio Remote Code Execution Vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Denial of Service Vulnerability in Juniper Networks Junos OS Devices via Malformed IPv6 Packet Remote Code Execution Vulnerability in Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Remote Code Execution Vulnerability in Microsoft Dynamics 365 (On-Premises) Windows Remote Desktop Service Denial of Service Vulnerability Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) High CPU Load and Traffic Interruption Vulnerability in Juniper Networks EX4300-MP, EX4600, and QFX5K Series Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Xamarin.Forms Android WebView Spoofing Vulnerability Remote Code Execution Vulnerability in Visual Studio Remote Code Execution Vulnerability in Microsoft Exchange Server Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Elevation of Privilege Vulnerability in Microsoft Windows Handling of Reparse Points Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Windows Projected Filesystem Information Disclosure Vulnerability Vulnerability: Unauthorized Access to Juniper Networks Web API Service Private Key Remote Code Execution Vulnerability in Visual Studio Code via Malicious 'package.json' File Remote Code Execution Vulnerability in IEToEdge BHO Plugin Elevation of Privilege Vulnerability in Windows Storage VSP Driver PowerShellGet V2 Module Security Feature Bypass Vulnerability Elevation of Privilege Vulnerability in Windows Network Connections Service Windows KernelStream Information Disclosure Vulnerability High CPU Load Vulnerability in Juniper Networks EX4300-MP, EX4600, and QFX5K Series in Virtual Chassis Configuration Windows Kernel Elevation of Privilege Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Elevation of Privilege Vulnerability in Windows Kernel Image Handling Windows Network Address Translation (NAT) Denial of Service Vulnerability Windows Error Reporting Manager Elevation of Privilege Vulnerability Information Disclosure Vulnerability in Remote Desktop Protocol (RDP) NetBIOS over TCP Information Disclosure Vulnerability Remote Code Execution Vulnerability in Windows TCP/IP Stack Windows TCP/IP Stack Denial of Service Vulnerability Improper Authorization Flaw in openstack-selinux Allows Privilege Escalation and Denial of Service Windows Event System Elevation of Privilege Vulnerability Windows Kernel Information Disclosure Vulnerability Windows Installer Elevation of Privilege Vulnerability Azure Functions Access Key Validation Elevation of Privilege Vulnerability Windows Error Reporting (WER) Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Setup Elevation of Privilege Vulnerability Windows Error Reporting (WER) Elevation of Privilege Vulnerability Stored Cross-Site Scripting Vulnerability in Moodle 3.8 Conversation Overview Windows UEFI File Creation Permissions Bypass Vulnerability Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows GDI+ Information Disclosure Vulnerability Windows Media Foundation Memory Corruption Vulnerability Elevation of Privilege Vulnerability in Windows COM Object Creation Remote Code Execution Vulnerability in Base3D Rendering Engine Windows Enterprise App Management Service Information Disclosure Vulnerability Information Exposure of Service Tokens in Moodle Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Information Disclosure Vulnerability in Text Services Framework Windows Spoofing Vulnerability: Bypassing File Signature Validation Remote Code Execution Vulnerability in Microsoft Graphics Components Windows Jet Database Engine Remote Code Execution Vulnerability Denial of Service Vulnerability in Remote Desktop Protocol (RDP) Microsoft Office Click-to-Run (C2R) AppVLP Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Microsoft Excel Software XML Internal Entity Attack Vulnerability in Spacewalk 2.9 Remote Code Execution Vulnerability in Microsoft Excel Software Remote Code Execution Vulnerability in Microsoft Excel Software Remote Code Execution Vulnerability in Microsoft Excel Software Microsoft Word Security Feature Bypass Vulnerability Microsoft Office Click-to-Run (C2R) AppVLP Privilege Escalation Vulnerability Elevation of Privilege Vulnerability in Windows COM Object Creation Windows Backup Service Elevation of Privilege Vulnerability .NET Framework Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability Elevation of Privilege Vulnerability in Group Policy Access Check Inadequate Token Audience Verification in Keycloak NodeJS Adapter Windows User Profile Service (ProfSvc) Elevation of Privilege Vulnerability Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft SharePoint Server Information Disclosure Vulnerability Elevation of Privilege Vulnerability in Microsoft Dynamics 365 Commerce Allows Unauthorized Data Updates SharePoint Server Cross-Site Scripting Vulnerability Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Microsoft SharePoint Server Cross-Site Scripting (XSS) Vulnerability Microsoft Outlook Remote Code Execution Vulnerability Information Disclosure Vulnerability in Microsoft SharePoint Server Denial of Service Vulnerability in Microsoft Outlook Improper Input Validation Leading to Illegal Header Injection in Resteasy Information Disclosure Vulnerability in Microsoft SharePoint Server Remote Code Execution Vulnerability in Microsoft SharePoint Remote Code Execution Vulnerability in Microsoft SharePoint Information Disclosure Vulnerability in Microsoft SharePoint Server Remote Code Execution Vulnerability in Microsoft Office Software Microsoft Office Click-to-Run (C2R) AppVLP Privilege Escalation Vulnerability Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in pki-core 10.x.x Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Backup Engine Privilege Escalation Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability Microsoft Exchange Information Disclosure Vulnerability Stored XSS Vulnerability in Keycloak Admin Console Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Azure SDK for Java Security Feature Bypass Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Service Elevation of Privilege Vulnerability Remote Code Execution Vulnerability in Visual Studio Code Python Extension Cross-Site Scripting Vulnerability in Microsoft Dynamics 365 (On-Premises) Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Password Leakage Vulnerability in Keycloak Elevation of Privilege Vulnerability in Windows iSCSI Target Service Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Unveiling the Azure Sphere Tampering Vulnerability: A Critical Security Breach Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Azure Sphere Information Leakage Vulnerability Azure Sphere DoS Vulnerability: Disrupting Service Availability Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Ceph Dashboard Path Traversal Vulnerability Azure Sphere Information Leakage Vulnerability Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Guardian Breached: Azure Sphere Elevation of Privilege Vulnerability Exposed Exploiting Azure Sphere's Unsigned Code Execution Vulnerability Elevation of Privilege Vulnerability in Network Watcher Agent for Linux Kerberos Ticket Replay Vulnerability Exposed Server Information: Remote Desktop Protocol Vulnerability Unprivileged Access Exploit in DirectX Windows WalletService Information Leakage Vulnerability Ceph RGW Beast Front-End Denial of Service Vulnerability Exposed Remote Desktop Protocol Client Information Vulnerability Print Spooler Privilege Escalation Vulnerability in Windows Azure SDK for C Security Feature Bypass Vulnerability: Exploiting Weak Authentication Mechanisms Remote Code Execution Vulnerability in Base3D Rendering Engine Windows Graphics Component Information Disclosure Vulnerability Exposes Sensitive Data Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Windows Error Reporting Privilege Escalation Vulnerability KubeVirt Main virt-handler Access Permissions Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Windows Port Class Library Privilege Escalation Vulnerability Windows Bind Filter Driver Privilege Escalation Vulnerability Win32k Information Disclosure Vulnerability Exposes Sensitive Data Print Spooler Privilege Escalation Vulnerability in Windows Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Unbounded Memory Consumption Vulnerability in Containers-Image Word Security Feature Bypass Vulnerability: Exploiting Microsoft Word's Security Measures Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability in Microsoft Windows Codecs Library Remote Code Execution Vulnerability in Visual Studio Code via Malicious 'package.json' File Windows Client Side Rendering Print Provider Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Canonical Display Driver Information Leakage Vulnerability Windows MSCTF Server Information Disclosure Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Kernel Privilege Escalation Vulnerability Windows Function Discovery SSDP Provider Information Leakage Vulnerability Windows WalletService Privilege Escalation Vulnerability Windows Kernel Win32k Elevation of Privilege Vulnerability Insecure Modification Vulnerability in OpenShift ServiceMesh (Maistra) Allows Privilege Escalation Hyper-V Security Feature Bypass Vulnerability in Windows PrintNightmare Vulnerability PrintNightmare: Windows Print Spooler Remote Code Execution Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows KernelStream Information Disclosure Vulnerability: Exposing Sensitive Data Windows Error Reporting Service Denial of Service Vulnerability Windows Network File System (NFS) Denial of Service Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Kerberos Constrained Delegation Service Ticket Tampering Vulnerability Insecure Modification Vulnerability in openshift/template-service-broker-operator Windows Network File System RCE Vulnerability Exploiting the Scripting Engine Memory Corruption Vulnerability Exploiting Internet Explorer's Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Windows Remote Access Privilege Escalation Vulnerability Windows Network File System (NFS) Information Disclosure Vulnerability Windows Win32k Privilege Escalation Vulnerability Microsoft Browser Memory Corruption Vulnerability: A Critical Security Risk Privilege Escalation Vulnerability in openshift/apb-tools-container Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server SharePoint Remote Code Execution: A Critical Vulnerability in Microsoft's Collaboration Platform Access Connectivity Engine Remote Code Execution Vulnerability in Microsoft Office Office Online Spoofing Vulnerability: Exploiting Microsoft's Online Suite Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Security Feature Bypass Vulnerability Exploiting the Windows GDI+ Remote Code Execution Vulnerability Windows NDIS Information Leakage Vulnerability Insecure Modification Vulnerability in openshift/postgresql-apb Container Windows Update Medic Service Privilege Escalation Vulnerability Windows Delivery Optimization Information Leakage Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability: A Critical Security Flaw in Windows Windows Update Orchestrator Service Elevation of Privilege Vulnerability: A Critical Security Flaw in Windows Windows USO Core Worker Elevation of Privilege Vulnerability Windows Update Orchestrator Service Elevation of Privilege Vulnerability: A Critical Security Flaw in Windows Windows Update Stack Privilege Escalation Vulnerability Raw Image Extension RCE Vulnerability Raw Image Extension RCE Vulnerability Privilege Escalation Vulnerability in Openshift-Enterprise Microsoft Raw Image Extension Remote Code Execution Vulnerability Raw Image Extension RCE Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Exchange Server DoS Vulnerability: Disrupting Microsoft's Communication Platform Raw Image Extension RCE Vulnerability Windows Kernel Local Privilege Escalation Vulnerability Windows Common Log File System Driver Privilege Escalation Vulnerability SharePoint Privilege Escalation Vulnerability Insecure Modification Vulnerability in openshift/mediawiki Allows Privilege Escalation Exploiting Microsoft Defender for Endpoint Security Feature Bypass Vulnerability Exploiting the Microsoft Teams Remote Code Execution Vulnerability Windows Network Connections Service Privilege Escalation Vulnerability Windows Error Reporting Data Leakage Vulnerability Hyper-V Remote Code Execution Vulnerability in Windows NTFS Remote Code Execution: A Critical Windows Vulnerability Windows Digital Media Receiver Privilege Escalation Vulnerability Windows GDI+ Information Disclosure Vulnerability Exposes Sensitive Data Lock Screen Bypass Vulnerability in Windows Operating System Vulnerability: Improper Parsing of Field-Name in JBoss EAP 6.4.21 Visual Studio Code Injection Vulnerability HEIF Image Extensions Remote Code Execution Vulnerability WebP Image Format Information Disclosure Vulnerability Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Remote Code Execution Vulnerability in Visual Studio Code JSHint Extension AV1 Video Extension Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Critical Remote Code Execution Vulnerability in HEVC Video Extensions Out-of-Bounds Heap Buffer Access Vulnerability in QEMU iSCSI Block Driver Critical Remote Code Execution Vulnerability in HEVC Video Extensions Windows Camera Codec Information Leakage Vulnerability Unauthenticated Spoofing Vulnerability in Microsoft SharePoint Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability Outlook Data Exposure Vulnerability Heap Use-After-Free Vulnerability in systemd Allows Privilege Escalation Unauthenticated Information Disclosure Vulnerability in Microsoft SharePoint Exploiting the Microsoft SharePoint Remote Code Execution Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel PowerPoint Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft PowerPoint Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Data Leakage Vulnerability Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Remote Code Execution Vulnerability: A Critical Security Flaw in Microsoft Excel Excel Security Feature Bypass Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Unveiling Sensitive Data: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Azure DevOps Server Spoofing Vulnerability: Exploiting Trust in Communication Channels Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Exploiting the DirectX Graphics Kernel for Privilege Escalation Windows Error Reporting Data Leakage Vulnerability Windows Overlay Filter Security Bypass Vulnerability Arbitrary Java Object Deserialization Vulnerability in Keycloak Windows SMB Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Exposed: Microsoft Exchange Server Information Leakage Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Exchange Server Azure DevOps Server and Team Foundation Services Spoofing Vulnerability: Exploiting Trust in Communication Channels Dynamics CRM Webclient XSS Vulnerability Visual Studio Code Remote Development Extension RCE Vulnerability Code Execution Vulnerability in Visual Studio Code Remote Access Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) Edge for Android Spoofing Vulnerability Exposes Users to Phishing Attacks Exploiting Visual Studio Remote Code Execution Vulnerability Critical Remote Code Execution Vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) Visual Studio Code Java Extension Pack RCE Vulnerability Hardcoded Passwords in ceph-ansible Playbook Allow Unauthorized Access to Ceph Clusters Windows Security Feature Bypass: A Critical Vulnerability in Microsoft Windows Remote Code Execution Vulnerability in Visual Studio Code Python Extension Account Email Enumeration Vulnerability in Keycloak 7.0.1 Unauthorized Access Vulnerability in Keycloak Reset Credential Flow EJBContext Principle Leakage Vulnerability in WildFly PostgreSQL Vulnerability: Unauthorized Object Dropping via ALTER ... DEPENDS ON EXTENSION Reflected Cross-Site Scripting (XSS) Vulnerability in Key Recovery Authority (KRA) Agent Service Denial of Service Vulnerability in IPA Versions 4.x.x through 4.8.0 Arbitrary Redirect Vulnerability in Keycloak Gatekeeper (Louketo) Logout Endpoint Information Leakage Vulnerability in Keycloak Persistent Access Flaw in Keycloak: Unauthorized Resource Access After Role Mapping Change and Token Expiration Podman Vulnerability: Unauthorized File Overwrite in Read-Only Volumes Improper Input Validation in Keycloak Allows Crafting of Malicious Deep Links Missing HTTP Security Headers in Keycloak Admin Console SmallRye API ClassLoader Bypass Vulnerability Vulnerability: Crash on Uninitialized Connection Cleanup in libssh Static Admin Password Vulnerability in Keycloak Operator Concurrent Request Vulnerability in Soteria before 1.0.1 Race Condition Vulnerability in Ansible Engine Arbitrary Command Execution Vulnerability in Ansible's Pipe Lookup Plugin Vulnerability in Ansible Engine's Fetch Module Allows Path Injection and Destination Manipulation Remote Code Execution Vulnerabilities in Sophos XG Firewall User Portal LilyPond Vulnerability: Unrestricted Embedded PostScript and SVG Execution Arbitrary Code Execution Vulnerability in LilyPond before 2.24 Denial of Service Vulnerability in Arista EOS DHCP Packet Handling Vulnerability in Ansible Engine: File Disclosure via Atomic Move Primitive Integer Overflow Bypass in vm::arrayCopy Method in ReadyTalk Avian 1.2.0 Silent Data Loss Vulnerability in ReadyTalk Avian 1.2.0 Reflected XSS Vulnerability in Nova Lite WordPress Theme (<= 1.3.9) Remote Code Execution in USVN (User-friendly SVN) Timeline Module Cross-Site Scripting (XSS) Vulnerability in USVN (User-friendly SVN) before 1.0.9 via SVN Logs Privilege Escalation via Improper Directory Permissions in Hotspot Shield VPN Client Software Vulnerability: RPKI Route Origin Authorisation and X509 Certificate Revocation List Manipulation Command Injection Vulnerability in Firejail through 0.9.62 Command Injection Vulnerability in Firejail through 0.9.62 Path Traversal Vulnerability in Ansible's win_unzip Module Cross-Site Scripting (XSS) Vulnerability in SugarCRM before 10.1.0 (Q3 2020) SQL Injection Vulnerability in SugarCRM before 10.1.0 (Q3 2020) Vulnerability: Unauthorized Access to Destination Host Devices in OpenStack Nova Unspecified Module Selection Vulnerability in Ansible Engine Heap-based Buffer Overflow in QEMU SDHCI Device Emulation Privilege Escalation via Total Commander Default Installation Directory MSI AmbientLink MsIo64 Driver Buffer Overflow Vulnerability Telos Z/IP One Directory Traversal Vulnerability Remote Code Execution Vulnerability in Cellopoint Cellos v4.1.10 Build 20190922 Path Traversal Vulnerability in Cellopoint Cellos v4.1.10 Build 20190922 Arbitrary File Access Vulnerability in Cellopoint Cellos v4.1.10 Build 20190922 Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Authentication Bypass and Remote Code Execution in Marvell QConvergeConsole 5.5.0.64 Arbitrary Code Execution via Authentication Bypass in Marvell QConvergeConsole 5.5.0.64 Vulnerability: Password Disclosure in Ansible's SVN Module Privilege Escalation Vulnerability in Parallels Desktop 15.1.2-47123 Local Privilege Escalation Vulnerability in Parallels Desktop 15.1.3-47255 (ZDI-CAN-10518) Privilege Escalation Vulnerability in Parallels Desktop 15.1.3-47255 (ZDI-CAN-10519) Parallels Desktop 15.1.3-47255 Local Information Disclosure Vulnerability Parallels Desktop 15.1.4 OEMNet Component Buffer Overflow Vulnerability Privilege Escalation Vulnerability in Parallels Desktop 15.1.4 Integer Overflow Privilege Escalation in Parallels Desktop 15.1.4 Privilege Escalation via Network Packet Handling in Parallels Desktop 15.1.4 Buffer Overflow Vulnerability in Parallels Desktop 15.1.4 Privilege Escalation Vulnerability in Parallels Desktop 15.1.4 Insecure Secret Handling in Ansible Vault Privilege Escalation in Parallels Desktop 15.1.4 (ZDI-CAN-11304) Vulnerability Title: Parallels Desktop 15.1.4 Local Information Disclosure Vulnerability Local Information Disclosure Vulnerability in Parallels Desktop 15.1.4 (47270) Arbitrary Code Execution via PSD File Handling in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via PSD File Handling in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution Vulnerability in Senstar Symphony 7.3.2.2 Arbitrary Code Execution Vulnerability in Microhard Bullet-LTE (ZDI-CAN-10595) Remote Code Execution in Microhard Bullet-LTE (CVE-2021-XXXX) XXE vulnerability in NEC ExpressCluster 4.1 allows remote information disclosure Unauthenticated Information Disclosure in NETGEAR Routers (ZDI-CAN-10754) OpenShift Container Platform (OCP) 3.11 CORS Misconfiguration Vulnerability Arbitrary Code Execution via GIF Parsing in Foxit PhantomPDF 10.0.0.35798 Remote Code Execution Vulnerability in Foxit PhantomPDF 10.0.0.35798 via U3D Object Handling Remote Code Execution Vulnerability in Foxit PhantomPDF 10.0.0.35798 via U3D Objects in PDF Files (ZDI-CAN-11224) Arbitrary Code Execution via U3D Object Handling in Foxit PhantomPDF 10.0.0.35798 Privilege Escalation Vulnerability in Foxit Reader 10.0.0.35798 Privilege Escalation Vulnerability in Foxit PhantomPDF 10.0.0.35798 Arbitrary Code Execution via JPEG2000 Image Parsing in Foxit Reader 10.0.0.35798 Arbitrary Code Execution Vulnerability in Foxit Reader 10.0.1.35811 Arbitrary Code Execution via Crafted EZIX Files in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via NEF File Handling in Foxit Studio Photo 3.6.6.922 Insecure Modification Vulnerability in nmstate/kubernetes-nmstate-handler Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via NEF File Handling Arbitrary Code Execution via NEF File Handling in Foxit Studio Photo 3.6.6.922 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via EPS File Handling Arbitrary Code Execution via ARW File Handling in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via EZI File Parsing in Foxit Studio Photo 3.6.6.922 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via EPS File Parsing (ZDI-CAN-11259) Arbitrary Code Execution via CR2 File Handling in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via NEF File Processing in Foxit Studio Photo 3.6.6.922 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CMP Files Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CMP Files Arbitrary Code Execution via CR2 File Parsing in Foxit Studio Photo 3.6.6.922 Arbitrary Code Execution via CR2 File Parsing in Foxit Studio Photo 3.6.6.922 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CR2 Files Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CMP Files Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via ARW File Parsing Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CR2 Files (ZDI-CAN-11358) Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CMP Files Buffer Overflow Vulnerability in uIP 1.0 Buffer Overflow Vulnerability in uIP 1.0 DNS Cache Poisoning Vulnerability in uIP 1.0 Failure to Send OTP Failure Login Events to Brute Force Protection Event Queue in Keycloak DNS Response Parsing Vulnerability in uIP 1.0 Out-of-Bounds Read Vulnerability in picoTCP 1.7.0 Integer Wraparound Vulnerability in picoTCP 1.7.0 Integer Wraparound Vulnerability in picoTCP 1.7.0 ICMPv6 Echo Replies Denial-of-Service Vulnerability in picoTCP 1.7.0 due to IPv6 Extension Header Processing Out-of-Bounds Read Vulnerability in picoTCP 1.7.0 Uninitialized Pointer Vulnerability in asyncpg before 0.21.0 Bypassing Dangerous File Type Execution Protection in Telegram Desktop Cross-Site Scripting (XSS) Vulnerability in PHP-Fusion 9.03 via error_log File Undertow AJP Connector File Inclusion Vulnerability Cross-Site Scripting (XSS) Vulnerability in PHP-Fusion 9.03 Preview Page Cross-Site Scripting (XSS) Vulnerability in flatCore before 1.5.7 via ACP Pages and System Preferences Arbitrary PHP File Upload and Execution in flatCore before 1.5.7 XSS Vulnerability in WSO2 Management Console (5.10) via msgId Parameter Reflected XSS Vulnerability in WSO2 API Manager's Publisher Component Remote Code Execution Vulnerability in SEOWON INTECH SLC-130 and SLR-120S Devices via system_log.cgi XSS Vulnerability in Fujitsu ServerView Suite iRMC before 9.62F Post-Authenticated Stored XSS Vulnerability in MultiUx v.3.1.12.0 via /multiux/SaveMailbox LastName Field LDAP Bind Password Disclosure Vulnerability Authenticated Arbitrary File Upload in CMS Made Simple 2.2.14 via Unblocked .ptar Files SQL Injection Vulnerability in FUEL CMS 1.4.7 via col Parameter Stored XSS Vulnerability in ForgeRock Identity Manager (Versions 6.5.0.4 and 6.0.0.6) Authentication Bypass Vulnerability in Turcom TRCwifiZone (CVE-2020-08-10) Information Disclosure Vulnerability in FNET LLMNR Request Processing IPv6 Extension Header Processing Vulnerability in FNET Uninitialized Pointer Dereference in IPv6 Fragment Reassembly Leading to Denial-of-Service Arbitrary Code Execution Vulnerability in PyYAML Library Vulnerability: Insufficiently Random Transaction IDs in FNET DNS Client Interface Authentication Bypass Vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 Token-reuse vulnerability in ZKTeco FaceDepot 7B and ZKBiosecurity Server allows unauthorized user manipulation and data extraction Unauthenticated Physical Access Vulnerability in MEGVII Koala 2.9.1-c3s Network Relays Cross-Site Scripting (XSS) Vulnerability in Mibew Messenger before 3.2.7 via Crafted User Name Remote Code Execution via Incorrect LDAP ACLs in UCS@school Timing Attack Vulnerability in ECDSA/EC/Point.pm Improper Input Validation in jpv (aka Json Pattern Validator) before 2.2.2 Bypass of WildFlySecurityManager Checks Leading to Unauthorized Access Cross-Site Scripting (XSS) Vulnerability in TinyMCE Core Parser, Paste Plugin, and Visualchars Plugin Memory Leakage Vulnerability in PowerDNS Authoritative Server Improper Access Control Vulnerability in Uffizio GPS Tracker Allows Sensitive Information Disclosure Open Redirection Vulnerability in Uffizio GPS Tracker: Arbitrary External Domain Redirection Remote Code Execution Vulnerability in Uffizio's GPS Tracker: Compromising Web Server and Executing Arbitrary Commands Segmentation Fault in radare2 4.5.0 due to Misparsed Signature Information in PE Files Password Visibility Vulnerability during Logout in GNOME gnome-shell Data Confidentiality Vulnerability in Linux Kernel's IPsec Implementation for VXLAN and GENEVE Tunnels Weak File Permissions in TLS Module of SaltStack Salt through 3002 Weak Password Encryption in Untangle Firewall NG Sensitive Cleartext Information Storage in Database Remote Command Execution in vBulletin 5.5.4 through 5.6.2 via Crafted SubWidgets Data PTK Reinstallation Vulnerability in iNet Wireless Daemon (IWD) through 1.8 Double Free Vulnerability in Wireshark 3.2.0 to 3.2.5 Kafka Protocol Dissector Denial of Service Vulnerability in OpenShift Machine-Config-Operator Unauthenticated Remote Code Execution in Barco TransForm NDN-210 Series Command Injection Vulnerability in Barco TransForm NDN-210 Web Administration Panel Command Injection Vulnerability in NDN-210 Web Administration Panel Command Injection Vulnerability in NDN-210 Web Administration Panel Command Injection Vulnerability in Artica Web Proxy 4.30.000000 via service-cmds Parameter in cyrus.php SQL Injection Vulnerability in Artica Web Proxy 4.30.00000000 Allows Remote Privilege Escalation Buffer Over-read in Qt's read_xbm_body Function Memory Disclosure Vulnerability in ATS ESI Plugin Vulnerability: Cache Poisoning Attack in ATS Negative Cache Option Out-of-Bounds Write Vulnerability in glibc Signal Trampolines on PowerPC Authentication Bypass Vulnerability in Apache Shiro with Spring Plain Text Password Logging Vulnerability in Airflow Metadata SSRF Vulnerability in Apache Airflow's Charts and Query View Insecure HTTPS Hostname Verification in Apache Fineract Prior to 1.5.0 Persistent Cross-Site Scripting (XSS) Vulnerability in Apache Airflow Unencrypted Internode Connection Bypass in Apache Cassandra Unauthenticated Access to S3 Buckets and Keys in Apache Ozone Cluster Arbitrary File Write Vulnerability in Apache Flink 1.5.1 REST Handler Local File Read Vulnerability in Apache Flink 1.11.0 - 1.11.2 Use-after-free vulnerability in glibc's tilde expansion leads to arbitrary code execution Bypassing Admin Permission Verification in Pulsar Manager 0.1.0 Insecure Usage of Superseded Java JDK Method in Apache Groovy Insecure Permissions in Apache Traffic Control's ip_allow.config Generation Authentication Bypass Vulnerability in Apache Shiro with Spring Crash Vulnerability in Subversion's mod_authz_svn Module Session Hijacking Vulnerability in Apache Airflow Webserver HTTP/2 Header Value Reuse Vulnerability Arbitrary Memory Corruption via Out-of-Bounds Write in Apache NuttX TCP Stack Invalid Fragmentation Offset Vulnerability in Apache NuttX TCP Stack Vulnerability: Disclosure of Passwords and Tokens in Ansible Engine Kubernetes Management Remote Code Execution Vulnerability in Apache Struts 2.0.0 - 2.5.25 Apache Tapestry 4 Java Serialization Vulnerability Arbitrary Code Execution Vulnerability in ServiceComb-Java-Chassis 2.0.0 - 2.1.3 Inadequate Return Value Checking in Apache Accumulo Allows Unauthorized Administrative Operations Race Condition Vulnerability in HTML/Java API Version 1.7: Temporary File Deletion and Directory Creation Buffer Overflow Vulnerability in GetNumSameData() in GhostScript v9.50 Allows Remote DoS Grade History Report Access Control Vulnerability Stack-based Buffer Overflow in Libjpeg-turbo's transform Component Allows Remote Code Execution or Denial of Service Arbitrary Code Execution via Cross Site Scripting (XSS) in dotCMS v5.1.5 IP Spoofing Vulnerability in Moodle Versions 3.8.2, 3.7.5, 3.6.9, and 3.5.11 XSS Vulnerability in ImpressCMS 1.4.0's modules/system/admin.php Allows Arbitrary Remote Code Execution Insufficient Input Escaping in Moodle PHP Unit Webrunner Admin Tool Arbitrary File Deletion Vulnerability in FeiFeiCMS v4.0 Arbitrary File Deletion Vulnerability in FeiFeiCMS v4.0 Undertow Servlet Container Security Bypass Vulnerability Keycloak SMTP Server TLS Hostname Verification Bypass Vulnerability Nonce Reuse Vulnerability in Red Hat Ceph Storage and Openshift Container Storage Ceph Object Gateway XSS Vulnerability OpenShift Web Console Access Token Exposure Vulnerability Insufficient JWT Validation Vulnerability in Kiali Allows Session Spoofing and Privilege Escalation Buffer Overflow Vulnerability in libreswan's pluto Daemon Hard-coded Cryptographic Key Vulnerability in Kiali Allows Unauthorized Access to Istio Configuration Vulnerability: Spoofing of From Fields in OTRS Community Edition and OTRS Remote Code Execution via SVG File Upload in OTRS Community Edition Draft Manipulation Vulnerability in ((OTRS)) Community Edition 6.0.x and 7.0.x Session Hijacking Vulnerability in OTRS 7.0.x version 7.0.14 and prior versions Autocomplete Vulnerability in OTRS Login Screens Sensitive Information Disclosure in Support Bundle Generated Files Unsanitized Parameter Encoding Vulnerability in OTRS Community Edition and OTRS Wildcard Token Vulnerability in ((OTRS)) Community Edition and OTRS Session ID and Password Reset Token Prediction Vulnerability in OTRS Community Edition Vulnerability: Key Mix-up in PGP/S/MIME Key Export BCC Recipients Exposed in OTRS Article Detail on External Interface Integer Overflow Vulnerability in Payable Function of MillionCoin (MON) Smart Contract Implementation Arbitrary Token Transfer Vulnerability in RC Smart Contract Arbitrary Command Execution Vulnerability in Evernote Client for Windows (WINNOTE-19941) Session Persistence Vulnerability in OTRS Community Edition: 6.0.28 and prior, OTRS: 7.0.18 and prior, 8.0.4 and prior Agent Name Disclosure Vulnerability in OTRS Authentication Bypass Vulnerability in OTRS 8.0.9 and Prior Versions Improper Masking of OTRS Tags in OTRSTicketForms Denial of Service Vulnerability in Mate 10 Pro, Honor V10, Honor 10, and Nova 4 Smartphones Improper Authentication Vulnerability in HUAWEI Mate 20 Pro Allows Bypass of Digital Balance Function Improper Authentication Vulnerability in HUAWEI Mate 20 Smartphones Improper Authentication in Honor V30 Smartphones Insufficient Authentication Vulnerability in Huawei OSCA-550 Series Archer C1200 Firmware Version 1.13 XSS Vulnerability Command Injection Vulnerability in GaussDB 200 (Version 6.5.1) CSRF Vulnerability in PbootCMS 1.3.2 Allows Unauthorized Password Change Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Out of Bounds Write Vulnerability in Honor V10 Smartphones Improper Authentication in Smartphone Applock Allows Unauthorized Access Improper Authentication in Smartphone Applock Allows Unauthorized Access Digital Balance Bypass Vulnerability in HUAWEI Mate 20 and Mate 30 Pro Smartphones Remote Code Execution (RCE) Vulnerability in Twothink v2.0's /library/think/App.php Allows Arbitrary PHP Code Execution Improper Authorization Vulnerability in Huawei Mate 20 and Mate 30 Pro Smartphones Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Improper Authentication Vulnerability in HUAWEI P30 Smartphones Use After Free Vulnerability in E6878-370 (Versions 10.0.3.1) Arbitrary Code Execution via Cross Site Scripting (XSS) in MiniCMS v1.10 Improper Access Control Vulnerability in HUAWEI P30 Smartphones Improper Authentication Vulnerability in Mate 30 and Mate 30 Pro Smartphones SQL Injection Vulnerability in Whatsns 4.0 via ip Parameter in index.php?admin_banned/add.htm SQL Injection in Xinhu OA System v1.8.3: Remote Information Disclosure Insufficient Integrity Validation Vulnerability in Multiple Products SQL Injection in PHPSHE Mall System v1.7: Remote Code Execution via user_phone Parameter Arbitrary Code Execution and Information Disclosure in Qibosoft QiboCMS v7 and Earlier Information Disclosure Vulnerability in Huawei Honor V20 Smartphones Buffer Overflow in Graphviz Graph Visualization Tools Arbitrary Code Execution via Cross Site Scripting (XSS) in Jeesns v1.4.2 Out of Bounds Read Vulnerability in Huawei Honor V10 Smartphones Arbitrary Command Execution Vulnerability in CraigMS 1.0 Out of Bounds Read Vulnerabilities in Huawei Honor V10 Smartphones Out of Bounds Read Vulnerabilities in Huawei Honor V10 Smartphones Cross Site Scripting (XSS) Vulnerability in PopojiCMS 2.0.1 Admin Menu Manager Cross Site Scripting Vulnerability in ZrLog 2.1.0 via post/addComment Parameters Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Path Traversal Vulnerability in iCMS v7.0.13 Allows Remote Folder Deletion Virtual Path Mapping Buffer Overflow Vulnerability in FTPShell v6.83 Resetting Administrator Account Password Vulnerability in SEMCMS v3.8 Out of Bound Read Vulnerability in Huawei and Honor Smartphones Plaintext Password Retrieval Vulnerability in SEMCMS 3.8's checkuser Function Remote Code Execution via Cross Site Scripting (XSS) in yzmCMS v5.2 Information Disclosure Vulnerability in HUAWEI Mate 10 Smartphones RSA Algorithm Weakness in Huawei Products: Potential Information Leakage Vulnerability Arbitrary Code Execution via Cross Site Scripting (XSS) in Hotels_Server v1.0 SQL Injection Vulnerability in WMS v1.0 Command Injection Vulnerability in GaussDB 200 (Version 6.5.1) Arbitrary File Upload Vulnerability in DedeCMS V5.7SP2 Allows Webshell Upload SQL Injection Vulnerability in YouDianCMS 8.0 Search Bar Improper Authentication Vulnerability in HUAWEI P30 Smartphones Authenticated Remote Code Execution in Indexhibit 2.1.5 CSRF Vulnerability in Indexhibit 2.1.5 Allows Arbitrary Deletion of Admin Accounts CSRF Vulnerability in Indexhibit 2.1.5 Allows Arbitrary Password Reset Reflected XSS Vulnerability in Indexhibit 2.1.5's /plugin/ajax.php Component Stored Cross-Site Scripting (XSS) Vulnerabilities in Indexhibit 2.1.5 Sections Module Arbitrary File Viewing Vulnerability in Indexhibit 2.1.5 CSRF Vulnerability in Eyoucms v1.2.7: Unauthorized Admin Account Addition via login.php Improper Authentication Vulnerability in HUAWEI P30 Smartphones Bluethrust Clan Scripts v4 Cross Site Request Forgery (CSRF) Privilege Escalation Vulnerability Arbitrary Code Execution via Category Name Field in MIPCMS 3.6.0 Dangling Pointer Dereference Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 SQL Injection Vulnerability in ECTouch v2: Exploiting the integral_min Parameter in index.php XSS Vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php Memory Leak Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 ThinkCMF v5.1.0 CSRF Vulnerability Allows Unauthorized Admin Account Creation Critical SQL Injection Vulnerability in Subrion CMS v4.2.1: Exploiting PDO Connection on Search Page CSRF Vulnerability in MetInfo 6.1.3 via doaddsave Action in admin/index.php HuCart 5.7.4 XSS Vulnerability via nickname in index.php Denial of Service (DoS) Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 SQL Injection Vulnerability in tp-shop 2.x-3.x via /index.php/home/api/shop fBill Parameter Arbitrary Code Execution via Cross Site Scripting (XSS) in LAOBANCMS v2.0 Arbitrary File Upload Vulnerability in LAOBANCMS v2.0 Arbitrary Code Execution via Cross Site Scripting (XSS) in LAOBANCMS v2.0 Privilege Escalation Vulnerability in TechSmith Snagit 19.1.1.2860 Installer Privilege Escalation Vulnerability in Huawei PCManager (Versions < 10.0.1.36) Privilege Escalation Vulnerability in Abloy Key Manager Version 7.14301.0.0 Privilege Escalation via Obfuscated OLE Files in TechSmith Snagit 19.1.0.2653 Privilege Escalation Vulnerability in Trezor Bridge 2.0.27: Code Injection in SeDebugPrivilege Component 1Password 7.3.712 DLL Injection Arbitrary Code Execution Vulnerability Privilege Escalation via Process Injection in AutoHotkey 1.1.32.00 Setup.exe SQL Injection Vulnerability in Metinfo 6.1.3: Exploiting dosafety_emailadd Action in basic.php Arbitrary File Access and Manipulation in HongCMS v4.0.0 Arbitrary PHP Code Execution Vulnerability in PluxXml V5.7 Theme Edit Function Arbitrary PHP Code Execution via Configuration File Modification in PluXml 5.7 Directory Traversal Vulnerability in Bludit v3.8.1 Allows Remote File Deletion Arbitrary File Deletion Vulnerability in GetSimpleCMS-3.3.15 Arbitrary Code Execution via Cross Site Scripting (XSS) in emlog v6.0.0 Arbitrary Code Execution and Article Deletion Vulnerability in Pluck CMS v4.7.9 Arbitrary Code Execution and Image Deletion Vulnerability in Pluck CMS v4.7.9 Multiple SQL Injection Vulnerabilities in PHPSHE 1.7 via ad_id, menu_id, and cashout_id Parameters in admin.php Insecure Password Encryption in DoraCMS v2.1.1 and Earlier Arbitrary Code Execution via Cross Site Scripting (XSS) in Typora v0.9.65 and Earlier Arbitrary Code Execution via Cross Site Scripting (XSS) in PHPMyWind v5.5 Arbitrary Code Execution via Cross Site Scripting (XSS) in PHPMyWind v5.5 Arbitrary Code Execution via Buffer Overflow in HDF5 1.10.4 Denial of Service (DoS) Vulnerability in FusionAccess Versions Earlier than 6.5.1.SPC002 Reflective Cross-Site Scripting (XSS) Vulnerability in ED01-CMS v1.0's sposts.php Component Information Leak Vulnerability in Huawei Honor Magic2 Mobile Phones Arbitrary File Upload Vulnerability in ED01-CMS v1.0 Image Upload Function Allows Remote Command Execution SQL Injection Vulnerability in ED01-CMS v1.0 via cposts.php (cid parameter) SQL Injection Vulnerability in PHP-CMS v1.0's search.php Component CSRF Vulnerability in Simple-Log v1.6 Allows Remote Code Execution CSRF Vulnerability in Simple-Log v1.6 Allows Remote Code Execution Open Redirect Vulnerability in Z-BlogPHP v1.5.2 and Earlier Information Leakage Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 Input Validation Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 Phodal CMD v.1.0 Cross Site Scripting Vulnerability via EMBED SRC Function Cross-Site Scripting (XSS) Vulnerability in NoneCms 1.3.0 Feedback Feature Double Free Memory Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 Memory Management Error in Huawei NIP6800 and Secospace USG6600/USG9500 IPSec Module Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Stack Buffer Overflow Vulnerability in E6878-370 Products (Versions 10.0.3.1 H557SP27C233 and 10.0.3.1 H563SP1C00) XSS Vulnerability in Subrion CMS 4.2.1 via q Parameter in Kickstart Template Multiple Cross Site Scripting (XSS) Vulnerabilities in Intelliants Subrion CMS v4.2.1 Configuration Panel CSRF Vulnerability in Intelliants Subrion CMS v4.2.1 Allows Unauthorized Creation of Administrator User Alfresco Community Edition v5.2.0 Cross Site Scripting (XSS) Vulnerability in admin-nodebrowser API Unauthenticated Access Vulnerability in Rehau pCOWeb Card Improper Authentication Vulnerability in Honor 9X Smartphones Default Configuration Vulnerability in ChinaMobile PLC Wireless Router Model GPN2.4P21-C-CN ChinaMobile PLC Wireless Router GPN2.4P21-C-CN Firmware W2000EN-01 Directory Traversal Vulnerability Typora v.0.9.65 XSS Vulnerability in PDF Export Function Insufficient Integrity Check Vulnerability in HUAWEI P30 and P30 Pro Information Disclosure Vulnerability in HUAWEI Mate 30 Bluetooth Connection Handling Information Disclosure Vulnerability in HUAWEI P30 and P30 Pro Denial of Service Vulnerability in ChangXiang 8 Plus Devices NULL Pointer Dereference in SExpressionWasmBuilder::makeBlock in Binaryen 1.38.26 Improper Authentication Vulnerability in HUAWEI Mate 30 Pro Heap-buffer-overflow vulnerability in wasm::WasmBinaryBuilder::visitBlock() in Binaryen 1.38.26 Race Condition Vulnerability in HUAWEI Mate 30 Allows Code Execution Stack Overflow Vulnerability in parse_array Cesanta MJS 1.20.1: Remote DoS via Crafted File NULL-Pointer Dereference Vulnerability in GNU_gama::set() in Gama 2.04 Insufficient Authentication Vulnerability in HUAWEI Mate 20 Smart Phones Cross Site Scripting (XSS) Vulnerability in espcms P8.18101601 via Title Parameter Clear Text Transmission of User Credentials in cmseasy v7.0.0 CSRF Vulnerability in CatfishCMS 4.8.63 Allows Unauthorized Administrator Access Information Leak Vulnerability in Huawei CloudLink Board and RSE6500/TE60 Devices Stored XSS Vulnerability in Chaoji CMS v2.18 Allows for Administrator Privilege Escalation Stored XSS Vulnerability in Chaoji CMS v2.18: Arbitrary Code Execution via /index.php?admin-master-navmenu-add Chaoji CMS v2.18 Stored XSS Vulnerability in admin-master-webset CSRF Vulnerability in Jymusic v2.0.0 Allowing Arbitrary Code Execution CSRF Vulnerability in FeiFeiCMS v4.1.190209 Allows Unauthorized Administrator Account Creation Insufficient Authentication Vulnerability in Huawei HEGE-560 and OSCA-550 Devices Array Index Error in tinyexr::SaveEXR Component Leading to Denial of Service (DoS) Insufficient Verification Vulnerability in Huawei HEGE-560 and OSCA-550 Series Array Index Error in tinyexr::DecodeEXRImage Component Leading to Denial of Service (DoS) Arbitrary File Upload Vulnerability in SEMCMS PHP 3.7 Title: qinggan phpok 5.1 Directory Traversal Vulnerability Allows Information Disclosure Arbitrary File Write and Shell Access Vulnerability in Qinggan PHPok 5.1 Privilege Escalation Vulnerability in PCManager Versions Earlier than 10.0.5.51 Buffer Overflow Vulnerability in qinggan phpok 5.1's framework/init.php Allows Arbitrary Code Execution Denial of Service Vulnerability in zziplib v0.13.69 via Infinite Loop in unzzip_cat_file YUNUCMS 1.1.9 Cross Site Scripting (XSS) Vulnerability in upurl Function XSS Vulnerability in YUNUCMS 1.1.9 via insertContent function in ContentModel.php XSS Vulnerability in UKCMS v1.1.10 via Single.php's Index Function Local Privilege Escalation Vulnerability in Huawei PCManager (Versions < 10.0.5.53) Title: Cross Site Scripting (XSS) Vulnerability in DamiCMS v6.0.6 via the title Parameter in LabelAction.class.php CSRF Vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html XSS Vulnerability in bycms v3.0.4 via Title Parameter in Document.php Edit Function Title: PbootCMS v1.3.7 SingleController.php Title Parameter XSS Vulnerability CSRF Vulnerability in bycms v1.3.0 Allows Unauthorized Addition of Admin Account CSRF Vulnerability in DamiCMS v6.0.6 Allows Unauthorized Admin Account Creation CSRF Vulnerability in 711cms v1.0.7 Allows Unauthorized Addition of Admin Account Unrestricted File Upload Vulnerability in AikCms v2.0.0 CSRF Vulnerability in video_list.php Allows Unauthorized Video Deletion CSRF Vulnerability in AikCms 2.0.0 Allows Unauthorized Deletion of Movie Information XSS Vulnerability in BigTree-CMS 4.4.3: Crafted Website Name in Tags Page XSS Vulnerability in qdPM 9.1 Login Page Heading Field Stored XSS Vulnerability in Copyright Text Field in Rukovoditel 2.4.1 Configuration Menu Denial of Service Vulnerability in Huawei Products: Lack of Protection Against Specific Protocol Attack Stored XSS Vulnerability in Name of Application Field in Rukovoditel 2.4.1 XSS Vulnerability in Hucart CMS 5.7.4 via mes_title Field SQL Injection Vulnerability in Hucart CMS 5.7.4 via Avatar USD_Image Field SQL Injection Vulnerability in Hucart CMS 5.7.4: Exploiting the Purchase Enquiry Field in the Message con_content Field Resource Management Error Vulnerability in Jackman-AL00D 8.2.0.185(C00R2P1): Local Application File Manipulation Arbitrary Code Execution via Buffer Overflow in HDF5 1.10.4 Path Traversal Vulnerability in GaussDB 200 (Version 6.5.1): Information Leakage via Directory Traversal Arbitrary Code Execution via SQL Injection in WMS v1.0 Insufficient Verification Vulnerability in Huawei HEGE-570 and OSCA-550 Series Information Leakage Vulnerability in Huawei NGFW Module and Secospace USG Series Command Injection Vulnerability in D-Link DSR-250 and DSR-1000N UPnP Service Information Leakage Vulnerability in Huawei NIP6800 and Secospace USG6600/USG9500 Denial of Service Vulnerability in Huawei NIP6800, Secospace USG6600, and USG9500 Access Control Bypass Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products Information Leakage Vulnerability in CloudEngine 12800 Series Double Free Vulnerability in Huawei Products: Exploitable Memory Deallocation Flaw Out-of-Bounds Read Vulnerability in Huawei USG6000V Huawei Secospace AntiDDoS8000: Improper Authentication Vulnerability Information Disclosure in NoneCMS v1.3: Remote Access to Sensitive Data via /public/index.php Component Information Disclosure in NoneCMS v1.3 via /nonecms/vendor Component CSRF Vulnerability in JuQingCMS v1.0 Allows Remote Privilege Escalation Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products Buffer Overflow Vulnerability in ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier Buffer Overflow Vulnerability in WEBP_Support.cpp in Exempi 2.5.0 and Earlier: Denial of Service via Crafted WebP File Arbitrary Code Execution via Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 XSS Vulnerability in GetSimpleCMS <= 3.3.15 via redirect_url Parameter and headers_sent Function XSS Vulnerability in GetSimpleCMS <=3.3.15 via Timezone Parameter Cross Site Scripting Vulnerability in GetSimpleCMS <=3.3.15 via /admin/setup.php Parameters Out-of-bounds read vulnerability in DHCP message parsing Open Redirect Vulnerability in GetSimpleCMS <=3.3.15 via admin/changedata.php XSS Vulnerability in gnuboard5 <=v5.3.2.8 via url parameter in bbs/login.php SQL Injection Vulnerability in GNUBoard5 (<=v5.3.2.8) via table_prefix Parameter in install_db.php XSS Vulnerability in gnuboard5 <=v5.3.2.8 via act parameter in bbs/move_update.php WebPort <=1.19.1 XSS Vulnerability via Connection Name Parameter in type-conn WebPort <=1.19.1 Directory Traversal Vulnerability in System Settings Tags SQL Injection Vulnerability in WebPort <=1.19.1: New Connection Parameter Name Type-Conn WebPort <=1.19.1 XSS Vulnerability via description parameter in script/listcalls Cross Site Scripting (XSS) Vulnerability in Roundcube Mail 4.4 via Database Host and User in /installer/test.php SMTP Configuration Cross Site Scripting (XSS) Vulnerability in Roundcube Mail <=1.4.4 Undefined Fields Mishandling in Floodlight 1.2's StaticFlowEntryPusherResource.java Leads to Poor Input Validation in checkFlow Integer Overflow Vulnerability in Floodlight 1.2's StaticFlowEntryPusherResource.java Insecure Input Validation in Floodlight 1.2's StaticFlowEntryPusherResource.java Arbitrary Code Execution via Cross Site Scripting (XSS) in MineWebCMS v1.7.0 CSRF Vulnerability in IgnitedCMS v1.0 Allows Information Disclosure and Privilege Escalation Brute Force Login Vulnerability in Lin-CMS-Flask v0.1.1 Arbitrary Code Execution via Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 Denial of Service Vulnerability in Huawei Products: Memory Leakage Exploit Authentication Token Replay Vulnerability in Lin-CMS-Flask v0.1.1 Arbitrary Code Execution via Cross Site Scripting (XSS) in Quokka v0.4.0 Arbitrary Code Execution via XXE in Quokka v0.4.0 Arbitrary Code Execution via Unrestricted File Upload in Django-Widgy v0.8.4 Arbitrary Code Execution via XXE in Quokka v0.4.0 Improper Credentials Management Vulnerability in USG9500 Software Remote Code Execution via SQL Injection in Rockoa v1.8.7 SQL Injection in Rockoa v1.8.7: Privilege Escalation via Loose Parameter Filtering in wordModel.php's getdata Function SQL Injection in Rockoa v1.8.7: Remote Privilege Escalation via wordAction.php Arbitrary Code Execution Vulnerability in ZZZCMS zzzphp 1.7.1 Digital Balance Bypass Vulnerability in Huawei P10 Plus Smartphones Stored XSS in File Attachment Field in MDaemon Webmail 19.5.5: Exploiting Email Forwarding for Code Execution Authenticated Stored XSS in MDaemon Webmail 19.5.5 via Contact Name Field in Distribution List Out-of-Bounds Read Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products Segmentation Violation Vulnerability in IEC104 v1.0 Allows for Denial of Service (DoS) Segmentation Violation Vulnerability in IEC104 v1.0 Allows for Denial of Service (DoS) Stack Buffer Overflow Vulnerability in Eclipse IOT Cyclone DDS Project v0.1.0 Heap Buffer Overflow Vulnerability in Eclipse IOT Cyclone DDS Project v0.1.0 XSS Vulnerability in Typora 0.9.67 Allows Remote Code Execution Invalid Pointer Access Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products ThinkSAAS v2.7 Improper Authorization Vulnerability Allows Unauthorized Modification of User Photo Descriptions Remote Code Execution via SQL Injection in AiteCMS v1.0 Arbitrary Code Execution via MathJax Syntax in Typora v0.9.65 Invalid Pointer Access Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products Arbitrary Code Execution Vulnerability in pdf2json 0.69 via Crafted PDF File Privilege Escalation Vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 Information Disclosure Vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 Arbitrary Memory Access Vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 EPA Protocol Persistent Denial of Service (DOS) Vulnerability in Dut Computer Control Engineering Co.'s PLC MAC1100 PLC MAC1100 Vulnerability: Arbitrary Code Execution EPA Protocol Information Disclosure Vulnerability in PLC MAC1100 Out-of-Bounds Write Vulnerability in NIP6800, Secospace USG6600, and USG9500 Remote Code Execution Vulnerability in AntSword v2.0.7 Heap Buffer Overflow in libtiff 4.0.10's _TIFFmemcpy in tif_unix.c Allows Denial-of-Service Invalid Pointer Access Vulnerability in NIP6800, Secospace USG6600, and USG9500 Denial-of-Service Vulnerability in zziplib 0.13.69 Exiv2 0.27.99.0 Nikon1MakerNote Buffer Over-read Vulnerability Denial of Service Vulnerability in Exiv2 0.27.99.0 via Crafted TIF File Float Point Exception Vulnerability in Exiv2 0.27.99.0's printLong Function Heap-based Buffer Over-read Vulnerability in Libav 12.3's vc1_decode_b_mb_intfi Function Segmentation Fault Vulnerability in Libav 12.3 Allows Denial-of-Service via Crafted File Heap-based Buffer Over-read Vulnerability in Libav 12.3's vc1_decode_p_mb_intfi Function Improper Authentication Vulnerability in Huawei Smartphone OxfordS-AN00A Use After Free Vulnerability in nasm 2.14.02's new_Token Function Allows Denial of Service Heap Buffer Overflow Vulnerability in audiofile 0.3.6: Denial-of-Service via Crafted WAV File Improper Integrity Checking Vulnerability on Huawei Products Denial of Service Vulnerability in Huawei Smartphone Lion-AL00C Resource Management Error Vulnerability in NIP6800, Secospace USG6600, and USG9500 Products Improper Authorization Vulnerability in Huawei Mobile Phones and Honor Magic2 Memory Leak Vulnerability in Huawei Products NIP6800, Secospace USG6600, and USG9500 Buffer Overflow Vulnerability in tEXtToDataBuf Function in Exiv2 0.27.1 Buffer Overflow Vulnerability in HtmlOutputDev::page in Poppler 0.75.0: Denial of Service Exploit Privilege Escalation via Unprivileged File Writing in Oculus Desktop WhatsApp Android Buffer Overflow Vulnerability via Malicious Video Call TLS SNI Hostname Validation Bypass in osquery Versions 2.9.0 - 4.2.0 Privilege Escalation through Client Configuration Injection in DotCMS Versions before 5.1 SQL Injection in Wuzhi CMS v4.1.0: Remote Information Disclosure Directory Traversal Vulnerability in Skycaiji v1.3 Arbitrary Code Execution via Unrestricted File Upload in Bludit v3.8.1 Out-of-Bounds Memory Read Vulnerability in HHVM JSON Decoding PHPMyWind v5.6 Command Injection Vulnerability in '/admin/web_config.php' Arbitrary Code Execution via Unrestricted File Upload in PHPMyWind v5.6 Arbitrary File Deletion Vulnerability in puppyCMS v5.1 CSRF Vulnerability in puppyCMS v5.1 Allows Unauthorized Password Change for Admin WhatsApp Desktop Sandbox Escape Vulnerability Remote Code Execution (RCE) Vulnerability in puppyCMS v5.1: Insecure Permissions in /admin/functions.php Use-after-free vulnerability in libpff_item_tree_create_node function of libyal Libpff before 20180623 Exiv2 0.27 PrintIFDStructure Function Stack Exhaustion Vulnerability Uncontrolled Memory Allocation Vulnerability in Exiv2 0.27 Remote Code Execution Vulnerability in WhatsApp for Android and WhatsApp Business for Android Heap-based Buffer Overflow in libyal libexe Out-of-Bounds Write Vulnerability in WhatsApp Video Call Feature Remote Code Execution Vulnerability in Earcms Ear App v.20181124 SQL Injection Vulnerability in EARCLINK ESPCMS-P8 via attr_array Parameter Arbitrary PHP Code Execution in DedeCMS 5.7 SP2 via plus/search.php Component Boundary Check Vulnerability in HHVM JSON_parser Allows Information Leak and DOS Boundary Check Vulnerability in JSON Decoding in HHVM Arbitrary Code Execution Vulnerability in WhatsApp for Android and iPhone Critical Heap Overflow Vulnerability in Instagram for Android (Versions Prior to 128.0.0.26.128) Stack Overflow Vulnerability in Facebook Hermes 'builtin apply' Allows Arbitrary Code Execution CSRF Vulnerability in ForestBlog Allows Remote Privilege Escalation Use-After-Free Vulnerability in Proxygen Request Adaptor Stack-based Buffer Overflow in PoDoFo v0.9.6: Denial of Service in PdfDictionary.cpp:65 Information Disclosure Vulnerability in PoDoFo v0.9.6 via 'IsNextToken' in 'PdfTokenizer.cpp' Buffer Overflow in NASM v2.15.xx: Denial of Service via 'crc64i' in nasmlib/crc64 Buffer Overflow in Tcpreplay v4.3.2 via 'do_checksum' function in 'checksum.c' leading to Denial of Service XSS Vulnerability in Halo 0.4.3 via X-Forwarded-For Header Parameter Unbounded Nested Deserialization Vulnerability in fb_unserialize Halo 0.4.3 Remote Code Execution via remoteAddr and themeName Parameters XSS Vulnerability in Halo 0.4.3 via CommentAuthorUrl Zimbra Collaboration 8.8.12 Reflected XSS Vulnerability via Host Header Injection Arbitrary Website Redirection Vulnerability in Zimbra Collaboration 8.8.12 Arbitrary Memory Access Vulnerability in HHVM's unserialize() Function Arbitrary Code Execution via Cross Site Scripting (XSS) in Blog_mini v1.0 Arbitrary Code Execution via Cross Site Scripting (XSS) in Blog_mini v1.0 Unserialized Object Dynamic Property Array Resizing Vulnerability Arbitrary Code Execution Vulnerability in Simiki v1.6.2.1 and Prior Simiki v1.6.2.1 Command Injection Vulnerability Arbitrary Code Execution via Description Field in Mezzanine v4.3.1 Bypassing Verification Check in Gate One 1.2.0 Allows Unauthorized Access Unauthenticated Users Can Download Database Backup File in zrlog v2.1.0 Cross-Site Scripting (XSS) Vulnerability in Halo Blog 1.2.0 WhatsApp for iOS prior to v2.20.91.4 Vulnerability: Freezing from Large Text Message with URLs WhatsApp Android Vulnerability: Insecure Transmission of Highly Forwarded Messages Remote File Upload Vulnerability in Emlog EmlogCMS v.6.0.0 via /admin/plugin.php Out-of-Memory Denial of Service Vulnerability in WhatsApp for iOS Cookie-based Encryption Bypass Vulnerability in Halo 0.4.3 Halo 0.4.3 delBackup File Deletion Vulnerability Path Traversal Vulnerability in WhatsApp for iOS and WhatsApp Business for iOS XSS Vulnerability in zzcms 2019 via User/adv.php Modify Action Arbitrary Code Execution Vulnerability in S-CMS v1.0 via '/admin/tpl.php?page=' Component Arbitrary Code Execution Vulnerability in iWebShop v5.3 MyBB v1.8.20 Authenticated Cross Site Scripting (XSS) in Add New Forum Title Field MyBB v1.8.20 Cross Site Scripting (XSS) Vulnerability in Add New Forum Description Field Sequential Generation of Media ContentProvider URIs in WhatsApp for Android v2.20.185 and Earlier Versions Buffer Overflow Vulnerability in WhatsApp for Android and WhatsApp Business for Android Arbitrary Code Execution Vulnerability in WhatsApp for Android, iOS, and Portal Siri Exploit Allows Unauthorized Access to WhatsApp on Locked iOS Devices Use-after-free vulnerability in WhatsApp for iOS and WhatsApp Business for iOS allows for memory corruption and potential code execution Out-of-Bounds Read and Write Vulnerability in WhatsApp for Android and WhatsApp Business for Android SQL Injection Vulnerability in Online Book Store v1.0 via isbn Parameter in edit_book.php SQL Injection Vulnerability in Online Book Store v1.0: Remote Code Execution via pubid Parameter SQL Injection Vulnerability in Online Book Store v1.0 via bookisbn Parameter in admin_edit.php Type Confusion Vulnerability in Facebook Hermes Allows Arbitrary Code Execution SQL Injection Vulnerability in Online Book Store v1.0 via bookisbn Parameter Authentication Bypass Vulnerability in Online Book Store v1.0 via admin_verify.php Arbitrary Code Execution via SQL Injection in Online Book Store v1.0 Arbitrary File Upload Vulnerability in Online Book Store v1.0 SQL Injection Vulnerability in Online Book Store v1.0 via Publisher Parameter in edit_book.php XSS Vulnerability in YzmCMS 5.2 via site_code Parameter in admin/index/init.html Out-of-Bounds Read/Write Vulnerability in Facebook Hermes Integer Signedness Error in Facebook Hermes JavaScript Interpreter Denial of Service Vulnerability in LibTiff v4.0.10 via invertImage() Function in tiffcrop Component Autumn v1.0.4 and Earlier: Clear-Text Login Credential Exposure via Incorrect Access Control Arbitrary Code Execution Vulnerability in DotCMS v5.2.3 and Earlier Logic Vulnerability in Facebook Hermes: Potential Out-of-Bounds Read and Arbitrary Code Execution Remote Command Execution in iCMS 7 via DB_PREFIX Parameter in install.php Buffer Overflow in LibTiff v4.0.10: Denial of Service via TIFFVGetField in tif_dir.c Buffer Overflow in LibTiff v4.0.10: Denial of Service via 'in _TIFFmemcpy' in 'tif_unix.c' Improper Access Control in Jfinal CMS v4.7.1 and earlier: Sensitive Information Disclosure via 'TemplatePath' Parameter Improper Access Control in Jfinal CMS v4.7.1 and earlier: Sensitive Information Disclosure via 'getFolder()' Function Arbitrary Code Execution via Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and Earlier Out-of-Bounds Read Vulnerability in Facebook Hermes JavaScript Interpreter Improper Access Control in Jfinal CMS v4.7.1 and earlier: Remote Information Disclosure and Denial of Service Vulnerability Arbitrary Code Execution via File Upload in Jfinal CMS v4.7.1 and Earlier Improper Access Control in Jfinal CMS v4.7.1 and earlier: Sensitive Information Disclosure via FileManager.editFile() Arbitrary Code Execution and Information Disclosure in Jfinal CMS v4.7.1 and earlier Arbitrary Code Execution via XSS in Ari Adminer v1 Arbitrary Code Execution via 'Intro' Parameter in Wenku CMS v3.4 Arbitrary Code Execution via Cross Site Scripting (XSS) in S-CMS build 20191014 and Earlier Arbitrary Code Execution Vulnerability in LaikeTui v3 via CSRF in '/index.php?module=member&action=add' Component Integer Overflow Vulnerability in ldap_escape in HHVM SQL Injection Vulnerability in PHPSHE 1.7 via admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter Out-of-bounds write vulnerability in xbuf_format_converter in HHVM Memory Leakage Vulnerability in HHVM Versions Prior to 4.56.3 and Between 4.57.0 and 4.98.0 Buffer Overflow Vulnerability in ncurses 6.1: Remote Denial of Service via Crafted Command Buffer Overflow Vulnerability in _nc_find_entry Function in ncurses 6.1 Buffer Overflow Vulnerability in fmt_entry Function in ncurses 6.1 Buffer Overflow Vulnerability in fmt_entry Function in ncurses 6.1 Buffer Overflow Vulnerability in postprocess_terminfo Function in ncurses 6.1 Out-of-bounds read vulnerability in substr_compare in HHVM versions prior to 4.56.3, 4.57.0-4.80.1, 4.81.0-4.93.1, 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0 Buffer Overflow Vulnerability in _nc_find_entry in ncurses 6.1 CSRF Vulnerability in PHPOK 5.2.060 Allows Remote Code Execution Title: React Native ReDoS Vulnerability in validateBaseUrl Function (CVE-XXXX-XXXX) Stored Cross-Site Scripting (XSS) Vulnerability in pfSense WebGUI Authenticated Stored XSS in IPFire Captive Portal via Title of Login Page Text Box or TITLE Parameter Stored XSS Vulnerability in pfSense Software WebGUI Authenticated Stored XSS Vulnerability in Lightning Wire Labs IPFire 2.21 (x86_64) - Core Update 130 Buffer Overflow Vulnerability in Crypt Function SQL Injection Vulnerability in Piwigo v2.9.5: admin/group_list.php (group parameter) SQL Injection Vulnerability in Piwigo v2.9.5: cat_move.php via selection parameter SQL Injection Vulnerability in Piwigo v2.9.5 via cat_false Parameter SQL Injection Vulnerability in Piwigo v2.9.5: admin/user_perm.php SQL Injection Vulnerability in Piwigo v2.9.5: admin/batch_manager.php Arbitrary File Upload Vulnerability in Bludit v3.13.0 Backup Plugin Apache Shiro 1.2.3 Java Deserialization Vulnerability in Jeesite 1.2.7 SSRF Vulnerability in Apache Olingo Versions 4.0.0 to 4.7.0 Timing Attack Vulnerability in Apache Hive Cookie Signature Verification Arbitrary Privilege Escalation via CSRF in MipCMS v5.0.1 Arbitrary User Addition Vulnerability in MipCMS v5.0.1 Stored XSS Vulnerability in Dswjcms 1.6.4 index.php/Dswjcms/Basis/links Component Stored XSS Vulnerability in Dswjcms 1.6.4 index.php/Dswjcms/Site/articleList Component Arbitrary Code Execution Vulnerability in Dswjcms 1.6.4 Arbitrary Administrator User Addition Vulnerability in Dswjcms 1.6.4 Apache HTTP Server mod_rewrite Redirect Vulnerability Dhcms 2017-09-18 Guestbook Cross Site Scripting (XSS) Arbitrary Code Execution Vulnerability Information Disclosure Vulnerability in dhcms 2017-09-18: Path Leakage via Invalid Character Input Cross Site Scripting (XSS) Vulnerability in Phachon mm-wiki v.0.1.2 Cross-Site Request Forgery Vulnerability in Phachon mm-wiki v.0.1.2 Allows Remote Code Execution Directory Traversal Vulnerability in B3log Wide: Privilege Escalation via Symbolic Links Apache NiFi 1.10.0 Information Disclosure Vulnerability Jeesns 1.4.2 Cross-Site Request Forgery (CSRF) Vulnerability: Privilege Escalation and Sensitive Operation Exploitation Stored XSS Vulnerability in Jeesns 1.4.2 Loginusername Component Reflected Cross-Site Scripting (XSS) Vulnerability in Jeesns 1.4.2 Reflected XSS Vulnerability in Jeesns 1.4.2's /newVersion Component Stored XSS Vulnerability in Jeesns 1.4.2 Group Comment Component Stored XSS Vulnerability in Jeesns 1.4.2 /group/apply Component Stored XSS Vulnerability in Jeesns 1.4.2 /question/detail Component Stored XSS Vulnerability in Jeesns 1.4.2 /group/post Component Stored XSS Vulnerability in Jeesns 1.4.2 Allows Arbitrary Code Execution via Private Messages Stored XSS Vulnerability in Jeesns 1.4.2 /member/picture/album Component Apache Beam MongoDB Connector SSL Trust Verification Bypass Stored XSS Vulnerability in Jeesns 1.4.2 Weibo Comment Component Stored Cross-Site Scripting (XSS) Vulnerability in Jeesns 1.4.2 Weibo Publishdata Component Stored XSS Vulnerability in Jeesns 1.4.2 /question/ask Component Stored XSS Vulnerability in Jeesns 1.4.2 /article/add Component Stored XSS Vulnerability in Jeesns 1.4.2 Article Comment Component Reflected XSS Vulnerability in Jeesns 1.4.2 /weibo/topic Component Command Execution Vulnerability in Apache SpamAssassin (CVE-2020-XXXX) Arbitrary Code Execution Vulnerability in vaeThink v1.0.1 Arbitrary File Upload Vulnerability in vaeThink v1.0.1 Allows Webshell Upload via File Suffix Manipulation Arbitrary Code Execution via File Upload in hdcms 5.7 Directory Traversal Vulnerability in Metinfo v7.0.0 Privilege Escalation Vulnerability in Metinfo v7.0.0 Command Execution Vulnerability in Apache SpamAssassin OS Command Injection Vulnerability in Laravel Framework's Filesystem.php (before version 5.8.17) Buffer Overflow Vulnerability in D-Link DIR-605L Firmware 1.17beta and Below Critical Buffer Overflow Vulnerability in DLINK 619L Version B 2.06beta: Exploiting FILECODE Parameter on Login Apache Superset Information Disclosure Vulnerability Critical Buffer Overflow Vulnerability in DLINK 619L Version B 2.06beta: Exploiting the curTime Parameter on Login Heap Buffer Overflow in D-Link DIR-619L 2.06beta Allows Remote Router Restart Cross-Site Scripting (XSS) Vulnerability in Apache NiFi 1.0.0 to 1.10.0 Uninitialized Memory Vulnerability in Apache HTTP Server's mod_proxy_ftp HTTP Request Smuggling Vulnerability in Apache Tomcat Apache Ambari Views Cross-Site Scripting Vulnerability Local File Inclusion Vulnerability in FHEM 6.0: File Parameter Allows Sensitive Information Disclosure Reflected XSS Vulnerability in Medintux v2.16.000 CCAM.php Reflected XSS Vulnerability in Vtiger CRM v7.2.0 Vtiger CRM v7.2.0 Directory Listing Vulnerability Arbitrary PHP Script Execution Vulnerability in OpenEMR 5.0.1 SQL Injection Vulnerability in Kylin's RESTful APIs Arbitrary File Retrieval and Remote Code Execution via Apache Tomcat AJP Connector NULL Pointer Dereference Vulnerability in Apache NuttX (Incubating) FTPD Component Sensitive Information Disclosure Vulnerability in Apache Jackrabbit Oak Apache ActiveMQ 5.0.0 to 5.15.11 Webconsole Admin GUI XSS Vulnerability Privilege Escalation in Emerson Smart Wireless Gateway 1420 4.6.59 Emerson Smart Wireless Gateway 1420 4.6.59 - Unauthorized Access to Sensitive Device Information Sensitive Property Descriptor Leakage in Apache NiFi Unsanitized Data in Apache OFBiz 16.11.01 to 16.11.07 Allows XSS Attacks via contentId Apache Traffic Server Smuggling Attack Vulnerability SQL Injection in jDownloads 3.2.63 Component for Joomla! via f_marked_files_id Parameter Apache Ant Information Leakage and Source File Injection Vulnerability SQL Injection in jDownloads 3.2.63 Component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php SQL Injection Vulnerability in jDownloads 3.2.63 Component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php SQL Injection Vulnerability in jDownloads 3.2.63 Component for Joomla! Command Injection Vulnerability in Apache SpamAssassin Stack Overflow Vulnerability in PDF2JSON 0.70's vfprintf Function Stack Overflow Vulnerability in PDF2JSON 0.70's XRef::fetch Function Denial of Service Vulnerability in PDF2JSON 0.70: Invalid Read of Size 4 in ObjectStream::getObject Invalid Read Vulnerability in DCTStream::transformDataUnit Function in PDF2JSON 0.70 PDF2JSON 0.70 DCTStream::transformDataUnit Vulnerability: Denial of Service via Illegal Use After Free Null Pointer Dereference Vulnerability in EmbedStream::getChar in PDF2JSON 0.70 Denial of Service Vulnerability in PDF2JSON 0.70: Invalid Write of Size 8 in DCTStream::reset Function Remote Code Execution Vulnerability in Apache ShardingSphere's Web Console NULL Pointer Dereference Vulnerability in DCTStream::getChar Function in PDF2JSON 0.70 Invalid Read of Size 4 Vulnerability in PDF2JSON 0.70's DCTStream::decodeImage Function Denial of Service Vulnerability in PDF2JSON 0.70: Invalid Read in DCTStream::readHuffSym Denial of Service Vulnerability in PDF2JSON 0.70: Uncaught Floating Point Exception in DCTStream::decodeImage Use After Free Vulnerability in PDF2JSON 0.70's Gfx::doShowText Function Denial of Service Vulnerability in CCITTFaxStream::lookChar Function in PDF2JSON 0.70 Dubbo Remote Code Execution Vulnerability Invalid Memory Read Vulnerability in GPAC Denial of Service Vulnerability in Gpac MP4Box 0.8.0: Invalid Read in ilst_item_Read Reflected XSS vulnerability in Sling CMS before 0.16.0 Integer Overflow Over-write in tinyexr::DecodePixelData in tinyexr.h Invalid Memory Access Vulnerability in cgif.c in sam2p 0.49.4 Floating Point Exception in ReadImage leading to Segmentation Fault in sam2p 0.49.4 Integer Overflow Vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio 1.5.17 Floating Point Exception Vulnerability in libheif 1.4.0: Denial of Service and Potential Impacts Memory Read Vulnerability in libheif 1.4.0 Excessive Memory Usage Vulnerability in Apache Tika's PSDParser (Versions 1.0-1.23) Infinite Loop Vulnerability in Apache Tika's PSDParser (Versions 1.0-1.23) Arbitrary File Load Vulnerability in Textpattern 4.7.3 Cross Site Scripting Vulnerability in Typesetter 5.1 via className and Description Fields in index.php/Admin/Classes Buffer Overflow Exploit in AIDA64 Engineer 6.00.5100: Arbitrary Code Execution via SEH Handler Overwrite Cross Site Scripting (XSS) Vulnerability in qdPM V9.1 via database_config.php Remote Code Execution via Exposed JMX Port in Apache IoTDB Arbitrary OS Command Execution Vulnerability in iCMS 7.0.14 Remote Code Execution in Apache Commons Configuration via YAML Parsing Apache CXF JMX Integration Vulnerability: Man-in-the-Middle Attack Directory Traversal Vulnerability in PopojiCMS 2.0.1 via id Parameter in admin.php CouchDB 3.0.0 Access Control Bypass Vulnerability Blacklist Bypass Vulnerability in WUZHI CMS 4.1.0 WUZHI CMS 4.1.0 Cross Site Scripting (XSS) Vulnerability in config function XML-based Cross Site Scripting (XSS) Vulnerability in ManageEngine OPManager <=12.5.174 Remote Code Execution Vulnerability in Diebold Aglis XFS for Opteva v.4.1.61.1 Command Injection Vulnerability in Apache Kylin RESTful APIs Authentication Bypass Vulnerability in Apache Shiro with Spring Dynamic Controllers LDAP Authentication Bypass and Information Disclosure Vulnerability in Apache Druid 0.17.0 Privilege Escalation via MIAdminStyles.i4 Admin UI in Yellowfin Business Intelligence 7.3 Arbitrary Code Execution via Cross Site Scripting (XSS) in Yellowfin Business Intelligence 7.3 Remote Code Execution Vulnerability in Apache Syncope Buffer Overflow Vulnerability in Core FTP Server v2 Build 697: Crafted Username Exploit Buffer Overflow Vulnerability in Core FTP Server v1.2 Build 583 via Crafted Username Apache Flink JMXReporter Man-in-the-Middle Vulnerability Heap-based Buffer Over-write in MuPDF TIFF Parsing Function Server-Side Template Injection Vulnerability in Apache Syncope 2.0.X and 2.1.X Releases Arbitrary Web Script Injection Vulnerability in Racktables 0.21.2 Redirect Module Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503 XSS Vulnerability in mblog 3.5 via Post Header Field in /post/editing XSS Vulnerability in mblog 3.5: Exploiting the Nickname Field in /settings/profile XSS Vulnerability in mblog 3.5 via Post Content Field XSS Vulnerability in mblog 3.5: Exploiting the Signature Field in /settings/profile Remote Code Execution Vulnerability in Oria Gridx 1.3 via tests/support/stores/test_grid_filter.php CraftCMS 3.1.31 - Cross Site Scripting (XSS) Vulnerability in /admin/settings/sites/new H2 Database Filesystem Access Vulnerability CSRF Vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B Remote Code Execution Vulnerability in Apache Heron YAML Parser Denial of Service Vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B Privilege Escalation Vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera Arbitrary Code Execution Vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B XSS Vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via FTP Settings Page Arbitrary Code Execution Vulnerability in pandao editor.md 1.5.0 Remote Command Execution in DrayTek Vigor2960 1.5.1 via Shell Metacharacters in toLogin2FA Action Stack-based Buffer Overflow and Unconditional Jump in ReadXPMImage in ImageMagick 7.0.10-7 Out-of-Bound Access Vulnerability in libsixel 1.8.6 CSRF Vulnerability in Eyoucms 1.3.6 Allows Unauthorized Admin Account Creation NULL Pointer Dereference Vulnerability in OpenSSL TLS 1.3 Handshake Authentication Bypass Vulnerability in Niushop B2B2C Multi-Business Basic Edition V1.11 Bypassing Administrator Access to Obtain Background Upload Interface in Niushop B2B2C Multi-business Basic Version V1.11 Nacos 1.1.4 Incorrect Access Control Vulnerability Directory Traversal Vulnerability in Pfsense and Pfsense Suricata The Raccoon Attack: Exploiting a TLS Vulnerability in DH Ciphersuites CSRF Vulnerability in ZZZCMS V1.7.1 via save_user Function in save.php ZZZCMS V1.7.1 - Cross Site Scripting (XSS) Vulnerability in save.php's editfile action Remote Code Execution Vulnerability in Nginx NJS v.0feca92 via njs_module_read in njs_module.c Arbitrary Code Execution Vulnerability in Espruino Espruino 6ea4c0a Remote Code Execution Vulnerability in Nginx NJS via njs_object_property Parameter Arbitrary Code Execution via Cross Site Scripting in Pandao Editor.md v.1.5.0 Arbitrary Code Execution via Cross Site Scripting in Pandao Editor.md v.1.5.0 Arbitrary Code Execution via Cross Site Scripting in KOHGYLW Kiftd v.1.0.18 Arbitrary Code Execution via Cross-Site Scripting (XSS) Vulnerability in Dzzoffice 2.02 Stored Cross-Site Scripting (XSS) Vulnerability in ResourceController.java in Spring Boot Admin SQL Injection Vulnerability in thinkphp-zcms (20190715) via index.php?m=home&c=message&a=add Arbitrary Code Execution Vulnerability in feehicms 0.1.3 Vulnerability: OpenSSL GeneralName EDIPartyName NULL Pointer Dereference Buffer Overflow Vulnerability in Exiv2 v0.27.1 Databuf Function Leads to Denial of Service (DoS) NULL Pointer Dereference Vulnerability in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 NULL Pointer Dereference Vulnerability in Core/Ap4Atom.cpp of Bento 1.5.1-628 Buffer Overflow Vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628: A Denial of Service (DOS) Exploit NULL Pointer Dereference Vulnerability in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 Heap Buffer Overflow Vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628: Potential Out-of-Bounds Write and DOS Memory Allocation Failure in Core/Ap4Atom.cpp of Bento 1.5.1-628: Denial of Service Vulnerability Memory Consumption Vulnerability in GNU nm Allows Denial of Service Use-after-free vulnerability in Z3's pdd_simplifier.cpp allows for arbitrary code execution Memory Corruption Vulnerability in binutils libbfd.c 2.36 Arbitrary XML Injection Vulnerability in Palo Alto Networks PAN-OS Web Interface Heap-Based Buffer Over-Read in strdup Function in gpac 0.8.0 Heap-Based Buffer Over-Read in gpac 0.8.0 NULL Pointer Dereference in find_color_or_error function of gifsicle 1.92 Denial-of-Service Vulnerability in Palo Alto Networks GlobalProtect Software on Mac OS Cross-Site Scripting (XSS) Vulnerability in Automated Logic Corporation (ALC) WebCTRL System 6.5 and Prior Reentrancy Vulnerability in Accounting 1.0 Contract's noReentrance() Modifier Ineffective Time Check Operation in PepeAuctionSale 1.0 Allows Access Control Compromise Target Address Verification Vulnerability in 0xRACER 1.0's destroycontract() Function Allows Token Theft Target Address Verification Vulnerability in ICOVO 1.0 Allows Token Theft via Crafted Scripts Target Address Verification Vulnerability in BurnMe() Function of Rob The Bank 1.0 XSRF Vulnerability in Expedition Migration Tool Allows Remote Hijacking of Administrator Authentication Stealing Admin Cookies: Cross-Site Scripting (XSS) Vulnerability in WUZHI CMS v4.1.0 System Bulletin Component Privilege Escalation via Manipulation of user_id Parameter in Shopxo v1.4.0 and v1.5.0 Inadvertent Collection of Azure Dashboard Service Account Credentials in Palo Alto Networks VM Series Firewall TechSupport Files Arbitrary Code Execution Vulnerability in CSKaza CSZ CMS v1.2.2 Format string vulnerability in PAN-OS log daemon (logd) on Panorama allows arbitrary code execution and privilege escalation PAN-OS CLI Shell Command Injection Vulnerability Arbitrary Code Execution Vulnerability in Milken DoyoCMS v.2.3 via File Upload Arbitrary Code Execution via Cross Site Request Forgery in Milken DoyoCMS v.2.3 Predictable Temporary Filename Vulnerability in PAN-OS Allows Local Privilege Escalation Vulnerability: Weak TLS 1.0 Usage in PAN-OS Cloud Communication SQL Injection Vulnerability in DOYOCMS 2.3 admin.php ZZCMS 2018 Template_user.php Remote Code Execution Vulnerability Arbitrary Code Execution and Program Crash Vulnerability in MPV v0.29.1 Cross Site Scripting (XSS) Vulnerability in Kevinpapst Kimai2 1.30.0 Use After Free Vulnerability in libslirp's ip_reass() Function Allows Denial of Service Privilege Escalation via Hardcoded Script Execution in Secdo for Windows Privilege Escalation via Incorrect Default Permissions in Secdo for Windows Denial of Service Vulnerability in Directus API v.2.2.0 SQL Injection Vulnerability in BlueCMS v1.6 via /ad_js.php Cross-Site Scripting (XSS) Vulnerability in phpwcms v1.9's /image_zoom.php Platinum UPnP SDK Directory Traversal Vulnerability Improper Input Validation Vulnerability in Secdo for Windows Allows Local User to Crash System on Login Heap Out of Bounds Read Vulnerability in ldns Version 1.7.1 Heap Overflow Information Leakage in ldns 1.7.1 Zone File Parsing Information Exposure Vulnerability in Palo Alto Networks Global Protect Agent DBHcms v1.2.0 Directory Traversal Vulnerability Sensitive Information Leaks Vulnerability in DBHcms v1.2.0 Stored XSS Vulnerability in DBHcms v1.2.0: Lack of Security Filter in dbhcms\page.php Line 107 Unquoted Search Path Vulnerability in Palo Alto Networks GlobalProtect Agent Stored XSS Vulnerability in DBHcms v1.2.0 Allows Remote User Hijacking Reflected XSS Vulnerability in DBHcms v1.2.0 Allows User Hijacking Stored XSS Vulnerability in DBHcms v1.2.0 Allows Remote Admin User Hijacking Stored XSS Vulnerability in DBHcms v1.2.0 Allows Remote Admin User Hijacking Stored XSS Vulnerability in DBHcms v1.2.0 Stored XSS Vulnerability in DBHcms v1.2.0 Allows Remote Admin User to Hijack Other Users CSRF Vulnerability in DBHcms v1.2.0 Allows Unauthorized Menu Deletion Stored XSS Vulnerability in DBHcms v1.2.0 Allows Remote Admin User to Hijack Other Users Unauthorized Operation Vulnerability in DBHcms v1.2.0: Empty Cache Operation Allows Table Emptying CSRF Vulnerability in DBHcms v1.2.0 Allows Unauthorized User Addition Privilege Escalation Vulnerability in Palo Alto Networks Global Protect Agent for Linux on ARM Platform Arbitrary File Read Vulnerability in DBHcms v1.2.0 Arbitrary File Write Vulnerability in DBHcms v1.2.0 Arbitrary PHP Code Execution via File Inclusion in Minicms v1.9 Reflected XSS Vulnerability in wuzhicms v4.1.0 via imgurl Parameter Stack-based buffer overflow vulnerability in PAN-OS management server component allows remote code execution Cryptoprof WCMS v.0.3.2 Directory Traversal Vulnerability in wex/cssjs.php Parameter Sandcat Plugin Command Injection Vulnerability Integer Overflow Vulnerability in curl 7.65.2: Potential Denial of Service via Retry Delay Insecure Temporary File Vulnerability in Palo Alto Networks Traps Allows Privilege Escalation and System File Overwrite Arbitrary Web Script Execution via Attachment Upload in xiunobbs 4.0.4 WUZHI CMS 4.1.0 - Cross Site Scripting (XSS) Vulnerability in index.php Format string vulnerability in Varrcvr daemon of PAN-OS on PA-7000 Series devices with LFC XSS Vulnerability in Boostnote 0.12.1 PDF Export Feature Session Fixation Vulnerability in GlobalProtect Portal Feature in PAN-OS Predictable Temporary File Vulnerability in PAN-OS Allows Local Authenticated User to Corrupt System Files Arbitrary Code Execution via Cross Site Scripting (XSS) in Markdown Edit Cross-Site Scripting (XSS) Vulnerability in YzmCMS v5.3's /link/add.html Component Palo Alto Networks PAN-OS NULL Pointer Dereference Vulnerability YzmCMS v5.3 /banner/add.html Cross-Site Scripting (XSS) Vulnerability CSRF Vulnerability in YzmCMS v5.5 Allows Unauthorized Access to Sensitive Components Cross Site Scripting (XSS) Vulnerability in jbt Markdown Editor Allows Remote Code Execution XML External Entity (XXE) Vulnerability in S-CMS 3.0 Allows Arbitrary File Reading SQL Injection Vulnerability in zz cms version 2019: Retrieval of Sensitive Data via id Parameter on /dl/dl_print.php Page SQL Injection Vulnerability in zz CMS 2019: Retrieval of Sensitive Data via dlid Parameter Remote Unauthenticated User Injection Vulnerability in PAN-OS Panorama Management Server SQL Injection Vulnerability in zz CMS 2019: Retrieval of Sensitive Data via dlid Parameter Critical SQL Injection Vulnerability in zz CMS 2019: Exploiting subzs.php to Access Sensitive Data Stored Cross-Site Scripting (XSS) Vulnerability in Chaoji CMS 2.39 CSRF Vulnerability in PHPMyWind 5.6 Allows Unauthorized Creation of Administrator Account Open Redirection Vulnerability in Palo Alto Networks PAN-OS GlobalProtect Component Improper Authorization Vulnerability in PAN-OS: Authentication Bypass and Resource Access Title: Palo Alto Network PAN-OS Vulnerability: Evading Signature-Based Threat Detection Critical OS Command Injection and Memory Corruption Vulnerability in PAN-OS Management Web Interface Path Traversal and Privilege Escalation Vulnerability in Palo Alto Networks PAN-OS Panorama XSLT Processing Incorrect Access Control Vulnerability in WebPlus Pro v1.4.7.8.4-01 Kerberos Authentication Bypass Vulnerability in Palo Alto Networks PAN-OS Denial of Service Vulnerability in MikroTik Router v6.46.3 and Earlier via SSH Daemon Misconfiguration Arbitrary File Deletion Vulnerability in PAN-OS Command Processing Cleartext Password Logging Vulnerability in GlobalProtect App Cross-Site Scripting (XSS) Vulnerability in Palo Alto Networks GlobalProtect Clientless VPN Critical Stack-Based Buffer Overflow Vulnerability in PAN-OS Management Server Component Arbitrary Code Execution via File Upload in ebCMS v.1.1.0 OS Command Injection Vulnerability in PAN-OS Management Server Component Remote Code Execution Vulnerability in wkeyuan DWSurvey 1.0 via qu-multi-fillblank!answers.action Palo Alto Networks PAN-OS OS Command Injection and File Manipulation Vulnerability Arbitrary File Creation and Code Execution Vulnerability in Palo Alto Networks PAN-OS Panorama Arbitrary PHP Code Execution via File Upload Vulnerability in ArticleCMS 1.0 URI Spoofing Vulnerability in Facebook Messenger App URI Spoofing Vulnerability in Instagram Mobile App URI Spoofing Vulnerability in iMessage (Messages app) on iOS 12.4 and prior WhatsApp URI Spoofing Vulnerability PAN-OS Management Interface OS Command Injection Vulnerability Remote Denial of Service Vulnerability in Palo Alto Networks PAN-OS Panorama Configuration Daemon Buffer Overflow Vulnerability in Avast AntiVirus Allows Local Denial of Service Palo Alto Networks Panorama XXE Vulnerability SQL Injection Vulnerability in ThinkPHP v3.2.3 and Below SQL Injection Vulnerability in Wuzhi CMS v4.1's checktitle() Function Remote Code Execution (RCE) Vulnerability in Wuzhi CMS v4.1.0 Cross-Site Scripting (XSS) Vulnerability in EARCLINK ESPCMS-P8 espcms_load.php ClearText Transmission of Sensitive Information in LaraCMS v1.0.1 Stored Cross-Site Scripting (XSS) Vulnerability in LaraCMS v1.0.1 Cleartext Transmission of PAN-OS Session Cookie in Palo Alto Networks PAN-OS Panorama Stored Cross-Site Scripting (XSS) Vulnerability in LaraCMS v1.0.1 Insecure Deserialization Vulnerability in QuantConnect Lean Versions 2.3.0.0 to 2.4.0.1 XSS Vulnerability in Showtime2 Slideshow Module in CMS Made Simple (CMSMS) 2.2.4 Remote JSON Component XSS Vulnerability in Flexmonster Pivot Table & Charts 2.7.17 OS Command Injection Vulnerability in PAN-OS Management Server Remote Report component in Flexmonster Pivot Table & Charts 2.7.17 is vulnerable to Cross Site Scripting (XSS) Cross Site Scripting (XSS) Vulnerability in Flexmonster Pivot Table & Charts 2.7.17 XSS Vulnerability in Flexmonster Pivot Table & Charts 2.7.17 To Remote CSV Component Buffer Overflow Vulnerability in PAN-OS Management Server Insecure File Creation Vulnerability in PAN-OS Allows for Root Privilege Escalation DOM-Based Cross Site Scripting Vulnerability in PAN-OS and Panorama Management Web Interfaces Denial of Service Vulnerability in Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol Payout Function Panorama Authentication Bypass Vulnerability Privilege Escalation and Admin Page Access Vulnerability in Zyxel P1302-T10 v3 Firmware Arbitrary Command Execution in GateOne via Shell Metacharacters SQL Injection Vulnerability in NewPK 1.1: Exploiting the title Parameter in admin\newpost.php Persistent File Creation Vulnerability in Cortex XDR Agent Improper Verification of Signatures in PAN-OS SAML Authentication Bludit 3.9.2 Remote Code Execution (RCE) via /admin/ajax/upload-images Denial of Service Vulnerability in MikroTik RouterOS 6.44.5 Memory Corruption Vulnerability in Mikrotik RouterOS 6.44.5: Denial of Service via /nova/bin/console Stack Exhaustion Vulnerability in MikroTik RouterOS 6.44.5: Denial of Service via /nova/bin/net Process Denial of Service Vulnerability in MikroTik RouterOS 6.44.6 (long-term tree) Memory Corruption Vulnerability in Mikrotik RouterOS 6.44.6: Denial of Service via /nova/bin/diskd Process Memory Corruption Vulnerability in Mikrotik RouterOS 6.44.6: Denial of Service via /nova/bin/graphing Process Uncontrolled Resource Consumption Vulnerability in MikroTik RouterOS Memory Corruption Vulnerability in Mikrotik RouterOS 6.44.6: Denial of Service via /nova/bin/traceroute Memory Corruption Vulnerability in Mikrotik RouterOS 6.44.6: Denial of Service via igmp-proxy Process Title: Panorama Software Information Exposure Vulnerability Allows Privileged Access to Web Interface Memory Corruption Vulnerability in MikroTik RouterOS 6.47 and Earlier: Denial of Service via /nova/bin/bfd Process Uncontrolled Resource Consumption Vulnerability in MikroTik RouterOS Memory Corruption Vulnerability in Mikrotik RouterOS 6.44.6: Denial of Service via /nova/bin/sniffer Process Denial of Service Vulnerability in MikroTik RouterOS 6.47 and earlier Memory Corruption Vulnerability in Mikrotik RouterOS 6.47 Kata Containers Vulnerability: Unauthorized Access to Guest's Root Filesystem Uncontrolled Resource Consumption in MikroTik RouterOS SSHD Process Leads to Denial of Service Memory Corruption Vulnerability in MikroTik RouterOS 6.48.3: Denial of Service via /nova/bin/detnet Process Memory Corruption Vulnerability in Mikrotik RouterOS 6.46.3: Denial of Service via /nova/bin/sniffer Process Memory Corruption Vulnerability in Mikrotik RouterOS 6.46.3: Denial of Service via /nova/bin/sniffer Process Improper Link Resolution Vulnerability in Kata Containers: Potential Host DoS Memory Corruption Vulnerability in Mikrotik RouterOS Log Process Memory Corruption Vulnerability in Mikrotik RouterOS 6.46.3 mactel Process Memory Corruption Vulnerability in Mikrotik RouterOS Traceroute Process Uncontrolled Resource Consumption in MikroTik RouterOS: CPU Overload DoS Vulnerability Memory Corruption Vulnerability in Mikrotik RouterOS Resolver Process Persistent Filesystem Changes Vulnerability in Kata Containers Memory Corruption Vulnerability in MikroTik RouterOS /nova/bin/lcdstat Process (CVE-2020-20250) Memory Corruption Vulnerability in MikroTik RouterOS 6.47 and Earlier: Denial of Service via /nova/bin/lcdstat Process Division by Zero Vulnerability in MikroTik RouterOS Memory Corruption Vulnerability in MikroTik RouterOS LCDStat Process Kata Containers Vulnerability: Untrusted Container Filesystem Mounting Denial of Service Vulnerability in MikroTik RouterOS 6.47 and Earlier Denial of Service Vulnerability in MikroTik RouterOS 6.47 and earlier Memory Corruption Vulnerability in MikroTik RouterOS Wireless Process Memory Corruption Vulnerability in MikroTik RouterOS 6.47 and Earlier: Denial of Service via /nova/bin/dot1x Process Memory Corruption Vulnerability in MikroTik RouterOS /nova/bin/resolver Process Markdown Document Code Execution Vulnerability in Caret Editor (before 4.0.0-rc22) Buffer Overflow Vulnerability in PAN-OS Management Server's authd Component Unauthenticated Stack-Based Buffer Overflow in uftpd FTP Server Versions 2.10 and Earlier Multiple Unauthenticated Directory Traversal Vulnerabilities in uftpd FTP Server Versions 2.7 to 2.10 OS Command Injection Vulnerability in PAN-OS Management Server XSS Vulnerability in zzcms 2019 User Login Page via Referer Header Injection Unrestricted File Upload Vulnerability in yccms 3.3: Remote Code Execution via xhUp Function SQL Injection Vulnerability in YCCMS 3.3: Improper Parameter Handling in the no_top Function PAN-OS Web Management Interface OS Command Injection Vulnerability Directory Traversal Vulnerability in yccms 3.3 Project's Delete Functions Arbitrary Command Execution Vulnerability in CMSWing 1.3.8 Arbitrary SQL Command Execution Vulnerability in CMSWing 1.3.8 Arbitrary SQL Command Execution Vulnerability in CMSWing 1.3.8 Eval Injection Vulnerability in ParserTemplate Class in zzzphp 1.7.2 Insufficient Access Restriction in WeiPHP 5.0 Allows Unauthorized POST Requests Title: OS Command Injection Vulnerability in PAN-OS Management Interface SQL Injection Vulnerability in WeiPHP 5.0's wp_where Function Integer Underflow Vulnerability in dnsproxyd Component of PAN-OS Management Interface Race Condition Vulnerability in Palo Alto Networks GlobalProtect App on Windows Pre-Logon Authentication Cookie Disclosure Vulnerability in Palo Alto Networks GlobalProtect App Remote Denial of Service Vulnerability in Antirez Kilo Editor OS Command Injection Vulnerability in PAN-OS GlobalProtect Portal SQL Injection Vulnerability in S-CMS v1.0 Allows Unauthorized Database Access Server-side Request Forgery (SSRF) Vulnerability in YzmCMS v5.5's grab_image() Function Arbitrary Article Addition Vulnerability in WTCMS 1.0 Reflective Cross-Site Scripting (XSS) Vulnerability in WTCMS 1.0 Background Articles Module's Keyword Search Function Reflective Cross-Site Scripting (XSS) Vulnerability in WTCMS 1.0 Page Management Background Stored XSS Vulnerability in WTCMS 1.0 Article Management Module's Source Field Stored XSS Vulnerability in WTCMS 1.0 Background Menu Management Module Stored XSS Vulnerability in WTCMS 1.0 Background Links Module Vulnerability: SSL/TLS Forward Proxy Decryption Mode Bypass via SNI Field Reflected Cross-Site Scripting (XSS) Vulnerability in PAN-OS Management Web Interface XSS Vulnerability in PbootCMS 2.0.3 Admin Panel (admin.php) PAN-OS Management Interface OS Command Injection Vulnerability PAN-OS Management Interface OS Command Injection Vulnerability Cross Site Scripting (XSS) Vulnerability in GetSimpleCMS 3.4.0a - admin/edit.php Uncontrolled Resource Consumption Vulnerability in Palo Alto Networks PAN-OS Cross Site Scripting Vulnerability in GetSimpleCMS 3.4.0a via admin/snippets.php SQL Injection Vulnerability in imcat v5.2: Exploiting fm[auser] Parameter in coms/add_coms.php Buffer Overflow Vulnerability in PAN-OS Allows Remote Code Execution Session Fixation Vulnerability in Westbrookadmin portfolioCMS v1.05 Stored XSS Vulnerability in Elementor Page Builder's Custom Link Attributes Control Denial of Service Vulnerability in Palo Alto Networks PAN-OS 8.1 Insufficient Array Bounds Checking in libvorbis Allows for Crafted OGG File Exploitation Arbitrary Code Execution via SQL Injection in WUZHICMS v.4.1.0 Buffer Overflow Vulnerability in PAN-OS Management Web Interface: Remote Code Execution with Root Privileges Cross-Site Scripting (XSS) Vulnerability in S-CMS Government Station Building System v5.0 Search Function Cross-Site Scripting (XSS) Vulnerability in S-CMS Government Station Building System v5.0 Multiple Instances of Sensitive Fields Exposed in Palo Alto Networks PAN-OS Configuration Logs Clear-text logging of sensitive information in opcmdhistory.log file in Palo Alto Networks PAN-OS software File Disclosure Vulnerability in Jact OpenClinic 0.8.20160412 Divide By Zero Vulnerability in FFmpeg 4.2 Allows Remote DoS Divide By Zero Vulnerability in FFmpeg 4.2 Allows Remote DoS Divide By Zero Vulnerability in FFmpeg 4.1.3 Allows Remote DoS Null Pointer Dereference Vulnerability in FFmpeg 4.2: Potential Denial of Service in libavformat/aviobuf.c Resource Management Vulnerability in FFmpeg 4.2: Denial of Service via fftools/cmdutils.c Divide By Zero Vulnerability in FFmpeg 4.2 via libavcodec/aaccoder Unauthorized Password Modification in White Shark System (WSS) 1.3.2 Sensitive Information Disclosure in White Shark System (WSS) 1.3.2 via default_task_add.php CSRF Vulnerability in White Shark System (WSS) 1.3.2 Allows Unauthorized Password Modification SQL Injection Vulnerability in White Shark System (WSS) 1.3.2 Allows Remote Database Information Retrieval Web Site Physical Path Leakage Vulnerability in White Shark System (WSS) 1.3.2 Unauthorized Access Vulnerability in White Shark System (WSS) 1.3.2: Remote Privilege Escalation Sensitive Information Disclosure Vulnerability in White Shark System (WSS) 1.3.2 SQL Injection Vulnerability in White Shark System (WSS) 1.3.2 SQL Injection Vulnerability in White Shark System (WSS) 1.3.2 Clear-text Password Exposure in PAN-OS Proxy Server Configuration Stack-Buffer Overflow in IEC104 v1.0: Exploiting the Iec10x_Sta_Addr Parameter Vulnerability Local Privilege Escalation Vulnerability in Palo Alto Networks Cortex XDR Agent on Windows Heap Buffer-Overflow Vulnerability in libiec_iccp_mod v1.5: Denial of Service (DOS) Arbitrary Code Execution via SQL Injection in OpenCart Fba Plugin Arbitrary File Deletion Vulnerability in Bludit v3.13.0 Backup Plugin Authentication Bypass Vulnerability in Palo Alto Networks PAN-OS SSL VPN yzCMS v.2.0 Cross Site Request Forgery Vulnerability Reflective Cross-Site Scripting (XSS) Vulnerability in Shopkit v2.7's /account/register Component CSRF Vulnerability in Maccms v10 Allows Deletion of All Users Arbitrary Code Execution via Comment Parameter in KiteCMS v.1.1 Arbitrary Code Execution via User Registration Parameter in KiteCMS v.1.1 Arbitrary Code Execution via Cross Site Scripting (XSS) in Gila CMS 1.11.3 XSS Vulnerability in Zhiyuan G6 Government Collaboration System V6.1SP1 via 'method' Parameter in 'seeyon/hrSalary.do' Server Side Request Forgery (SSRF) Vulnerability in MipCMS 5.0.1 Allows Unauthorized Access to Sensitive Information SQL Injection Vulnerability in LJCMS v4.3.R60321: Exposing Sensitive Database Information Cross Site Scripting Vulnerability in baigo CMS v4.0-beta-1 Blind SQL Injection Vulnerability in Metinfo 7.0 Beta's /admin/?n=logs&c=index&a=dode Endpoint CSRF Vulnerability in XYHCMS V3.6 Allows Unauthorized Editing of Administrator Information Arbitrary Code Execution via Avatar Upload in zhimengzhe iBarn 1.5 Arbitrary Code Execution via lang Attribute in FeehiCMS 2.0.8 Arbitrary Administrator Account Addition CSRF Vulnerability in Rockoa v1.9.8 Arbitrary User Account Addition Vulnerability in OPMS v1.3 and Below Cross-Site Scripting (XSS) Vulnerability in lemon V1.10.0 PortalController.java Cross-Site Scripting (XSS) Vulnerability in lemon V1.10.0 Editing Component Stored Cross-Site Scripting (XSS) Vulnerability in MetInfo 7.0 Beta Arbitrary Code Execution Vulnerability in ThinkCMF X2.2.2 and Below Cross-Site Scripting (XSS) Vulnerability in Blog CMS v1.0's CommentAdminController.java Unauthenticated Information Disclosure and Authenticated SQL Injection in Sliced Invoices Plugin for WordPress Authenticated Stored XSS in Lara Google Analytics Plugin for WordPress Unauthenticated Settings Change Vulnerability in GiveWP Plugin Unauthenticated Stored XSS in WP GDPR Plugin through 2.1.1 Stored XSS and Privilege Escalation in GDPR Cookie Consent Plugin for WordPress Vulnerability: Elementor Plugin Safe Mode Activation Allows Disabling of Security Plugins SQL Injection Vulnerability in Joyplus-CMS v1.6.0: Remote Information Disclosure via id Parameter in goodbad() Function ECShop 4.0 User.php HTML Entity Encoding XSS Vulnerability CSRF Vulnerability in EyouCMS 1.3.6 Allows Unauthorized Execution of JavaScript Code XSS Vulnerability in EyouCMS 1.3.6 Basic Information Area Buffer Overflow Vulnerability in fcovatti libiec_iccp_mod v1.5: Denial of Service via Unexpected Packet Buffer Overflow Vulnerability in fcovatti libiec_iccp_mod v1.5: Denial of Service via Unexpectedly Large calloc Heap-Buffer-Overflow Vulnerability in libiec_iccp_mod v1.5 Heap-Buffer-Overflow Vulnerability in libiec_iccp_mod v1.5 Segmentation Violation Vulnerability in libiec_iccp_mod v1.5's server_example1.c Memory Leak Vulnerability in RUDP v0.6's main.c Component Arbitrary Code Execution via File Upload in ZKEACMS V3.2.0 Arbitrary Administrator Account Addition Vulnerability in KiteCMS V1.1 Arbitrary File Upload Vulnerability in KiteCMS V1.1 Allows Remote Code Execution SQL Injection Vulnerability in Nuishop v2.3 Arbitrary Web Script Execution Vulnerability in Monstra CMS v3.0.4 SQL Injection Vulnerability in GilaCMS v1.11.4 via $_GET Parameter in cm.php Arbitrary Administrator Account Addition Vulnerability in GilaCMS v1.11.4 Stored XSS Vulnerability in GilaCMS v1.11.4 via Crafted SVG File Cross-Site Scripting (XSS) Vulnerability in GilaCMS v1.11.4 Allows Arbitrary Code Execution via Tags Field Arbitrary Code Execution and Information Disclosure Vulnerability in khodakhah NodCMS v.3.0 Remote Code Execution (RCE) Vulnerability in S-CMS PHP v3.0 Allows Attackers to Getshell via /1.com.php File Modification Cross-Site Scripting (XSS) Vulnerability in S-CMS PHP v3.0 via Crafted Copyright Text Box Payload Stored XSS Vulnerability in S-CMS PHP v3.0 Allows Arbitrary Code Execution via Title Entry Stored XSS Vulnerability in S-CMS PHP v3.0 Allows Arbitrary Code Execution Remote Code Execution Vulnerability in VIM v.8.1.2135 via Buffer Overflow Arbitrary Code Execution via Crafted Image File Upload in PluckCMS v.4.7.10 Cross Site Scripting Vulnerability in taogogo taoCMS v.2.5 beta5.1 via admin.php's name field Arbitrary Code Execution via Cross Site Request Forgery in Gila GilaCMS v.1.11.4 Arbitrary Code Execution via File Upload in LJCMS v.4.3.R60321 Uninitialized Variable Vulnerability in im_vips2dz.c in libvips Heap-Buffer-Overflow Vulnerability in PDFResurrect before 0.20 Authentication Bypass Vulnerability in Beckhoff Automation GmbH & Co. KG CX9020 Stack-based Buffer Overflow in Tenda AC9 V15.03.06.60_EN HTTP Server Remote Reboot Vulnerability in SICK AG Solutions Bulkscan and LMS Devices Authentication Bypass Vulnerability in SICK Package Analytics Software (up to V04.0.0) Incorrect Default Permissions Settings in SICK Package Analytics Software (V04.0.0) Allow Unauthorized Data Access via REST API Vulnerability: Plain Text Password Storage in SICK Package Analytics Software Stored XSS Vulnerability in UCMS 1.4.7 Allows Arbitrary Script Execution via Crafted Payload SQL Injection Vulnerability in FlameCMS 3.3.5 via Id Parameter in /master/article.php Time-Based Blind SQL Injection Vulnerability in FlameCMS 3.3.5's /account/register.php Stored Cross-Site Scripting (XSS) Vulnerability in JeeCMS 1.0.1 SQL Injection Vulnerability in MetInfo v7.0.0 beta via install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI Arbitrary Code Execution via Cross Site Scripting in Qibosoft qibosoft v.7 and Earlier Denial of Service Vulnerability in OpenVPN 2.4.7 and Earlier via Crafted Reset Packet Buffer Overflow Vulnerability in Ffmpeg 4.2.1's config_input Function in vf_gblur.c Division by Zero Vulnerability in Ffmpeg 4.2.1's vf_lenscorrection.c Null Pointer Dereference Vulnerability in Ffmpeg 4.2.1 Integer Overflow Vulnerability in filter16_prewitt Function in Ffmpeg 4.2.1 Cross-Site Request Forgery Vulnerability in Jenkins Amazon EC2 Plugin 1.47 and Earlier Out-of-bounds Read Vulnerability in FFmpeg 4.2.1's long_term_filter Function MetInfo 7.0 Beta File Modification Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Akaunting v1.3.17 Unauthenticated Remote Code Execution in Jenkins Amazon EC2 Plugin SQL Injection Vulnerability in Ming-Soft MCMS v.4.7.2: Remote Code Execution via basic_title Parameter Remote Code Execution Vulnerability in San Luan PublicCMS v.4.0 via SQL Injection SQL Injection Vulnerability in PublicCMS v.4.0: Remote Code Execution via SysSiteAdminControl SQL Parameter Arbitrary PHP Code Execution Vulnerability in Pluck CMS v.4.7.10-dev2 Pluck CMS v.4.7.10-dev2 File Upload Vulnerability in theme.php XML External Entity (XXE) Vulnerability in Jenkins Robot Framework Plugin 2.0.0 and Earlier Cross-Site Request Forgery Vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and Earlier Allows Email Spoofing Vulnerability: Unauthenticated Email Spoofing in Jenkins Health Advisor by CloudBees Plugin Arbitrary Article Publication Vulnerability in Qibosoft v7 Arbitrary File Deletion Vulnerability in Qibosoft v7's /admin/index.php?lfj=mysql&action=del Arbitrary Administrator Account Addition Vulnerability in Qibosoft v7 Stored Cross-Site Scripting (XSS) Vulnerability in Qibosoft v7's /admin/index.php?lfj=friendlink&action=add Component Arbitrary File Download Vulnerability in JEECG v3.8 via localPath Variable Modification Bleichenbacher's Attack: Remote Information Disclosure in STM32Cube Cryptographic Firmware Library Unencrypted Storage of API Key in Jenkins Redgate SQL Change Automation Plugin Bleichenbacher's Attack: Remote Information Disclosure in Microchip Libraries for Applications 2018-11-26 Remote Command Execution Vulnerability in Pluck-4.7.10-dev2 Admin Background File Upload Reflected XSS vulnerability in Jenkins Gitlab Hook Plugin 1.4.2 and earlier Arbitrary Code Execution via File Upload in PluckCMS v.4.7.10 Arbitrary OS Command Execution in Jenkins Sounds Plugin 0.5 and Earlier CSRF Vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index SQL Injection Vulnerability in Gxlcms v1.1 via $filename Parameter in \lib\admin\action\dataaction.class.php Stored XSS Vulnerability in Comments Section of UK CMS v1.1.10 Arbitrary Code Execution Vulnerability in LJCMS v4.3 via move_uploaded_file() Function Arbitrary OS Command Execution Vulnerability in Jenkins Sounds Plugin 0.5 and Earlier Metinfo 7.0 SQL Injection Vulnerability Arbitrary Code Execution and Privilege Escalation via XSS Vulnerability in shadoweb wdja v1.5.1 Cross-Site Scripting (XSS) Vulnerability in Domainmod 4.13 CSRF Vulnerability in Domainmod 4.13 Allows Arbitrary Log Deletion Insecure Encryption Key Reuse in Jenkins Inbound TCP Agent Protocol/3 Arbitrary Code Execution via Cross-Site Scripting (XSS) in Domainmod 4.13 Jenkins UDP Amplification Reflection DoS Vulnerability Cross Site Scripting (XSS) Vulnerability in PbootCMS v2.0.3 via admin.php File Upload Vulnerability in WellCMS 2.0 beta3 Allows Unauthorized Webshell Upload Timing Attack Vulnerability in Jenkins Unauthenticated SQL Injection in Sourcecodester Hotel and Lodge Management System 2.0 SQL Injection Vulnerability in Emlog v6.0.0 via /admin/comment.php Arbitrary File Deletion Vulnerability in emlog v6.0.0's admin/plugin.php Remote Code Execution Vulnerability in D-Link DIR-846 Firmware 100A35 Insecure HMAC Validation in Jenkins 2.218 and Earlier Exposure of Session Identifiers on Jenkins WhoAmI Diagnostic Page Open Redirect Vulnerability in Typecho Login.php via Referer Parameter Jenkins Vulnerability: Unauthorized Access to JVM Memory Usage Chart Buffer Overflow Vulnerability in FFmpeg 4.1: Remote DoS via apng_do_inverse_blend in libavcodec/pngenc.c Local Privilege Escalation Vulnerability in EagleGet Downloader 2.1.5.20 Stable Denial-of-Service Vulnerability in libcpu Component of elfutils 0.177 (git 47780c9e) Denial of Service Vulnerability in libsixel's dither.c Component Denial of Service Vulnerability in libsixel's stb_image.h Component via Crafted PSD File Clickjacking Vulnerability in Jenkins REST API Endpoints Stack Buffer Overflow in Libsixel's gif_process_raster Function Arbitrary Code Execution via Cross Site Scripting in zrlog v.2.1.3 Cross Site Scripting (XSS) Vulnerability in FusionPBX 4.5.7 Unsanitized f Variable in FusionPBX 4.5.7 Allows Cross Site Scripting (XSS) Injection Directory Traversal Vulnerability in FusionPBX 4.5.7 Allows File Renaming Directory Traversal Vulnerability in FusionPBX 4.5.7: Remote Folder Creation via foldernew.php Directory Traversal Vulnerability in FusionPBX 4.5.7: Remote Folder Deletion Arbitrary Code Execution via Mermaid Syntax in Typora v.0.9.79 Stored XSS vulnerability in Jenkins Code Coverage API Plugin 1.1.2 and earlier Remote Privilege Escalation via SQL Injection in PHPMyWind v.5.6 Heap-buffer-overflow vulnerability in Bento4 v1.5.1.0: AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp Unencrypted Storage of Proxy Server Passwords in Jenkins Fortify Plugin XXE Vulnerability in Jenkins WebSphere Deployer Plugin 1.6.1 and Earlier CSRF Vulnerability in Maccms 8.0 Allows Unauthorized Article Manipulation Cross-Site Scripting (XSS) Vulnerability in Maccms 8.0 Background Administrator Article Management Module Arbitrary Code Execution via Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and Older Arbitrary Web Script Injection in X2engine X2CRM v7.1 and Older Circumvention of Sandbox Protection in Jenkins Pipeline: Groovy Plugin 2.78 and Earlier Circumvention of Sandbox Protection in Jenkins Script Security Plugin Arbitrary Code Execution via Cross-Site Scripting in Screenly Screenly-ose Stored Cross-Site Scripting Vulnerability in Jenkins Subversion Plugin 2.13.0 and Earlier SQL Injection Vulnerability in Kliqqi-CMS 2.0.2: Gain Privileges and Execute Arbitrary Code Stored Cross-Site Scripting Vulnerability in Jenkins Git Parameter Plugin Arbitrary Command Execution via SQL Injection in UQCMS 2.1.3 Time-Based SQL Injection Vulnerability in Pligg CMS 2.0.2 via admin_update_module_widgets.php Server-Side Request Forgery (SSRF) Vulnerability in UReport v2.2.9 Allows Intranet Device Port Detection Arbitrary Code Execution Vulnerability in UReport 2.2.9 Arbitrary File Creation Vulnerability in UReport 2.2.9 Allows Remote Code Execution Cross-Site Request Forgery (CSRF) Vulnerability in MetInfo 7.0.0 SQL Injection Vulnerability in MetInfo 7.0.0 via admin/?n=logs&c=index&a=dodel Stored Cross-Site Scripting Vulnerability in Jenkins Git Parameter Plugin XSS Vulnerability in HisiPHP 2.0.8 via Group Name in addgroup.html SQL Injection Vulnerability in MetInfo 7.0.0beta via admin/?n=language&c=language_web&a=doAddLanguage Critical SQL Injection Vulnerability in Metinfo 7.0.0beta index.php SQL Injection Vulnerability in Metinfo 7.0.0 Beta: member/getpassword.php?lang=cn&a=dovalid Cross-Site Request Forgery (CSRF) Vulnerability in EC Cloud E-Commerce System v1.3 Allows Arbitrary Addition of Admin Accounts Jenkins S3 Publisher Plugin: Plain Text Transmission of Configured Credentials Vulnerability iCMS v7.0.15 Cross-Site Request Forgery (CSRF) Vulnerability in /admincp.php?app=members&do=add IPFire 2.23 Mail.cgi Cross Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Feehi CMS 2.0.8 Cross-Site Scripting (XSS) Vulnerability in RockOA V1.9.8 Allows Remote Code Execution XML External Entity (XXE) Vulnerability in Jenkins NUnit Plugin 0.25 and Earlier SQL Injection Vulnerability in inxedu 2.0.6: Arbitrary Command Execution via functionIds Parameter Cross-Site Request Forgery Vulnerability in Jenkins Pipeline GitHub Notify Step Plugin Ruckus Wireless ZoneDirector 9.8.3.0 XSS Vulnerability Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier: Missing Permission Check Allows Unauthorized Access to Attacker-Specified URLs and Credentials Remote Code Execution Vulnerability in liufee CMS v.2.0.7.1 via Image Suffix Function SQL Injection Vulnerability in ThinkJS 3.2.10 Model Increment and Decrement Functions SQL Injection Vulnerability in Koa2-Blog 1.0.0: Remote Attackers Can Inject Malicious SQL Statements via Name Parameter on Signin Page Vulnerability: Enumeration of Credentials ID in Jenkins Pipeline GitHub Notify Step Plugin SQL Injection Vulnerability in Koa2-Blog 1.0.0: Remote Code Execution via Malicious SQL Statement in Signup Page Jenkins Azure AD Plugin 1.1.2 and earlier: Plain Text Transmission of Configured Credentials XML External Entity (XXE) Vulnerability in Jenkins FitNesse Plugin 1.30 and Earlier Remote Code Execution Vulnerability in Jenkins Google Kubernetes Engine Plugin Arbitrary Code Execution via Cross Site Scripting (XSS) in Netgate pfSense and ACME Package Stored Cross-Site Scripting Vulnerability in Jenkins Brakeman Plugin 0.12 and Earlier Remote Code Execution Vulnerability in Inspur ClusterEngine V4.0 Allows Unauthorized Access Arbitrary Administrator Cookie Addition Vulnerability in JIZHICMS 1.5.1 Remote Code Execution Vulnerability in Jenkins RadarGun Plugin 1.7 and Earlier Session Hijacking Vulnerability in DamiCMS v6.0 User Account Hijacking Vulnerability in LJCMS v1.11 User Account Hijacking Vulnerability in CSCMS v4.0 Login Box Unencrypted Password Storage in Jenkins Dynamic Extended Choice Parameter Plugin Directory Traversal Vulnerability in FrontAccounting 2.4.7 via admin/inst_lang.php Arbitrary Code Execution via Cross Site Scripting in YiiCMS v.1.0 Unencrypted Storage of GPG Passphrase in Jenkins Debian Package Builder Plugin Arbitrary File Upload Vulnerability in CSZ CMS v1.2.4 Arbitrary Code Execution and Privilege Escalation via Cross Site Request Forgery in Neeke HongCMS 3.0.0 Unencrypted Token Storage in Jenkins DigitalOcean Plugin Cross-Site Scripting (XSS) Vulnerability in Broadleaf Commerce 5.1.14-GA Arbitrary Code Execution via Cross Site Scripting in EasySoft ZenTao v.11.6.4 Unencrypted Storage of Credentials in Jenkins BMC Release Package and Deployment Plugin Unencrypted Password Storage in Jenkins ECX Copy Data Management Plugin Unencrypted Password Storage in Jenkins Eagle Tester Plugin Unencrypted Password Storage in Jenkins Harvest SCM Plugin Unencrypted Password Storage in Jenkins Harvest SCM Plugin Cross-site Scripting (XSS) Vulnerability in ZrLog 2.1.3 Comment Section Allows Remote Code Injection and Admin Panel Access Unencrypted Password Storage in Jenkins Parasoft Environment Manager Plugin CSRF Vulnerability in emlog v6.0 Allows Arbitrary Article Addition Arbitrary File Upload Vulnerability in Feehi CMS v2.0.8 and Below Arbitrary Code Execution Vulnerability in WUZHI CMS v.4.1.0 Unencrypted Password Storage in Jenkins Applatix Plugin XSS Vulnerability in PublicCMS 4.0: Admin Cookie Hijacking via Submit Case Review Circumvention of Sandbox Protection in Jenkins Script Security Plugin 1.70 and Earlier Insecure Permissions Vulnerability in zzcms 201910: Resetting User Passwords via /one/getpassword.php Halo 1.1.3 Cross Site Scripting (XSS) Vulnerability in Post Publish Components Circumvention of Sandbox Protection in Jenkins Script Security Plugin 1.70 and Earlier Stored XSS Vulnerability in GetSimple CMS 3.4.0a's Edit Snippets Module Path Disclosure Vulnerability in PopojiCMS 1.2 upload.php Stored XSS Vulnerability in PopojiCMS 1.2 Allows Arbitrary Code Execution via E-Mail Field Arbitrary User Addition Vulnerability in Wage-CMS 1.5.x-dev Arbitrary Code Execution via Template Upload Function in Maccms10 Stored Cross-Site Scripting Vulnerability in Jenkins Git Plugin 4.2.0 and Earlier Arbitrary Code Execution via Cross Site Scripting (XSS) in Maccms10 Background Search Function Maccms10 Arbitrary File Deletion Vulnerability Directory Traversal Vulnerability in wkhtmltopdf through 0.12.5 Cross Site Request Forgery Vulnerability in GreenCMS v.2.3: Privilege Escalation via adduser Function Stored XSS vulnerability in Jenkins Timestamper Plugin 1.11.1 and earlier Critical SQL Injection Vulnerability in yunyecms V2.0.1: Exploiting the selcart Parameter SQL Injection Vulnerability in SeaCMS 10.1 (2020.02.08) via id parameter in admin_members_group.php Jenkins Cobertura Plugin 1.15 and earlier: XML External Entity (XXE) Vulnerability CSRF Vulnerability in Maccms 10 Admin Panel Allows Unauthorized Administrator Privileges Privilege Escalation via Cross-Site Scripting (XSS) in Maccms 10 Arbitrary File Write Vulnerability in Jenkins Cobertura Plugin 1.15 and Earlier SQL Injection Vulnerability in Zhong Bang Technology Co., Ltd CRMEB Mall System V2.60 and V3.1 via tablename Parameter in SystemDatabackup.php Reflected Cross-Site Scripting Vulnerability in Jenkins Audit Trail Plugin SQL Injection Vulnerability in PHPMyWind v.5.6: Remote Code Execution via 'id' Parameter in Modify Function File Corruption Vulnerability in H96 Smart TV Box H96 Pro Plus Denial of Service Vulnerability in RK Smart TV Box MAX and V88 SmartTV Box Cross-Site Request Forgery Vulnerability in Jenkins P4 Plugin 1.10.10 and Earlier Jenkins P4 Plugin 1.10.10 and earlier: Missing Permission Check Allows Unauthorized Build Triggering Buffer Overflow Vulnerability in FreeImage PluginEXR.cpp Buffer Overflow Vulnerability in FreeImage PluginBMP.cpp (CVE-2020-35489) Buffer Overflow Vulnerability in FreeImage PluginDDS.cpp Jenkins Logstash Plugin: Plain Text Transmission of Configured Credentials Arbitrary File Read and Write Vulnerability in HongCMS v3.0 Cross-Site Scripting (XSS) Vulnerability in Maccms 10 Member Module Editing Function Jenkins Rundeck Plugin XML External Entity (XXE) Vulnerability Plain Text Storage of Zephyr Password in Jenkins Zephyr Enterprise Test Management Plugin Upload Vulnerability in uniview ISC2500-S: Remote Code Execution via EC.php Jenkins Mac Plugin: SSH Host Key Validation Vulnerability Segmentation Fault Vulnerability in Redis 5.0.7: Denial of Service (DOS) Denial of Service Vulnerability in PostgreSQL 12.2 via Repeated SIGHUP Signals Cross-Site Request Forgery Vulnerability in Jenkins Mac Plugin Allows Unauthorized SSH Server Connections Arbitrary Code Execution via File Upload Vulnerability in NucleusCMS v.3.71 Jenkins Mac Plugin 1.1.0 and Earlier: Missing Permission Check Allows Unauthorized SSH Server Connections Arbitrary File Write Vulnerability in RGCMS v1.06 Allows Remote Code Execution Arbitrary File Upload Vulnerability in RGCMS v1.06 Allows Remote Code Execution RGCMS v1.06 Cross-Site Scripting (XSS) Vulnerability Exploiting Administrator Cookie Arbitrary File Upload Vulnerability in Jizhicms v1.5 Allows Remote Code Execution via Crafted .jpg File Cross Site Scripting (XSS) Vulnerability in Alluxio v.1.8.1 browse board component PHPOK v.5.4 SQL Injection Vulnerability in _userlist Function Arbitrary Code Execution via Cross Site Scripting in Netgate pfSense 2.4.4 and ACME Package v.0.6.3 Arbitrary Code Execution Vulnerability in Feehicms v.2.0.8 via File Upload Jenkins Repository Connector Plugin 1.2.6 and earlier: Plain Text Transmission of Configured Credentials Memory Leak in GNU Binutils 2.34: Microblaze-dis.c Process Vulnerability User Enumeration Vulnerability in Xiuno BBS v4.0.4 Cross-Site Scripting (XSS) Vulnerability in Xiuno BBS 4.0.4 via install.sql Component Cross-Site Scripting (XSS) Vulnerability in Xiuno BBS 4.0.4 - Arbitrary Code Execution via sitename Parameter Cross-Site Scripting (XSS) Vulnerability in Xiuno BBS 4.0.4 - Arbitrary Code Execution via sitebrief Parameter Jenkins Sonar Quality Gates Plugin: Plain Text Transmission of Configured Credentials Vulnerability: Logic Flaw in Waimai Super Cms 20150505 Allows Price Modification Cross-Site Scripting (XSS) Vulnerability in Waimai Super Cms 20150505 Cross-Site Scripting (XSS) Vulnerability in Waimai Super Cms 20150505 Cross-Site Scripting (XSS) Vulnerability in Waimai Super Cms 20150505 Jenkins Quality Gates Plugin 2.5 and Earlier: Plain Text Transmission of Configured Credentials Default Password Vulnerability in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 Arbitrary File Upload Vulnerability in FeehiCMS 2.0.8: Remote Code Execution MetInfo 7.0.0 Cross Site Scripting (XSS) Vulnerability via gourl Parameter in login.php Reflected Cross-Site Scripting Vulnerability in Jenkins Subversion Release Manager Plugin Zip Slip Directory Traversal Vulnerability in Halo V1.1.3 Server-Side Freemarker Template Injection Vulnerability in Halo CMS v1.1.3 Edit Theme File Function XML External Entity (XXE) Vulnerability in Halo v1.1.3: Unsecured XML Parsing Allows for Intranet Detection, File Reading, and DDoS Attacks Arbitrary File Reading Vulnerability in Halo V1.1.3 Arbitrary File Writing Vulnerability in Halo v1.1.3 with Directory Traversal Bypass Arbitrary File Deletion Vulnerability in Halo v1.1.3: Exploiting Backup Function for System-wide File Deletion Remote Denial of Service Vulnerability in nasm 2.14.03 and 2.15 via Crafted Assembly File Stack Buffer Overflow in bezier_spline function of fig2dev 3.2.7b Jenkins Backlog Plugin: Plain Text Transmission of Configured Credentials Segmentation Fault Vulnerability in fig2dev 3.2.7b's read_objects function Global Buffer Overflow in fig2dev 3.2.7b's conv_pattern_index function in gencgm.c Global Buffer Overflow in setfigfont function in fig2dev 3.2.7b Stack Buffer Overflow in fig2dev 3.2.7b's read_textobject function Global Buffer Overflow in fig2dev 3.2.7b's get_line function in read.c Segmentation Fault Vulnerability in fig2dev 3.2.7b's gencgm_start Function Plain Text Storage of Credentials in Jenkins Zephyr for JIRA Test Management Plugin Heap-Based Buffer Overflow in Libsixel 1.8.2's dither_func_fs Function Heap-Based Buffer Overflow in Libsixel 1.8.3's sixel_encode_highcolor Function Jenkins OpenShift Deployer Plugin: Plain Text Transmission of Configured Credentials File Deletion Vulnerability in TinyShop 3.1.1 Allows Unauthorized File Deletion and CMS Reinstallation Jenkins DeployHub Plugin 8.0.14 and earlier: Plain Text Transmission of Configured Credentials Remote Command Execution via File Upload in Pluck CMS 4.7.10-dev2 and 4.7.11 Jenkins Skytap Cloud CI Plugin: Plain Text Transmission of Configured Credentials Buffer Overflow Vulnerability in src_parser_trans_stage_1_2_3 Function of trgil gilcc (Commit 803969389ca9c06237075a7f8eeb1a19e6651759) Allows Denial of Service Denial of Service Vulnerability in abhijitnathwani image-processing v0.1.0 Buffer Overflow Vulnerability in YotsuyaNight c-http v0.1.0: Denial of Service via Long URL Request Remote Code Execution Vulnerability in Jenkins Literate Plugin 1.0 and Earlier Privilege Escalation and Arbitrary Command Execution Vulnerability in hwclock Critical File Upload Vulnerability in emlog v6.0.0 via Zip Plugin Module Buffer Overflow Vulnerability in Core FTP LE v2.2 via Long String in Username Editbox Arbitrary OS Command Execution Vulnerability in Jenkins CryptoMove Plugin Arbitrary Directory Listing Vulnerability in WUZHI CMS 4.1.0 Heap Buffer Overflow in libde265 v1.0.4's put_epel_hv_fallback Function Heap Buffer Overflow in libde265 v1.0.4's mc_luma Function Global Buffer Overflow in libde265 v1.0.4's decode_CABAC_bit Function Heap Buffer Overflow in libde265 v1.0.4's mc_chroma Function Heap Buffer Overflow in libde265 v1.0.4's ff_hevc_put_unweighted_pred_8_sse Function Heap Buffer Overflow in libde265 v1.0.4's de265_image::available_zscan Function CSRF Protection Bypass in Jenkins 2.227 and Earlier Heap Buffer Overflow in libde265 v1.0.4's put_weighted_pred_avg_16_fallback Function Stack Buffer Overflow in libde265 v1.0.4's put_qpel_fallback Function Heap Buffer Overflow in libde265 v1.0.4's put_weighted_bipred_16_fallback Function Heap Buffer Overflow in libde265 v1.0.4's put_qpel_0_0_fallback_16 Function Heap Buffer Overflow Vulnerability in libde265 v1.0.4's _mm_loadl_epi64 Function Segmentation Fault Vulnerability in libde265 v1.0.4's apply_sao_internal Function Heap Buffer Overflow Vulnerability in libde265 v1.0.4's put_epel_16_fallback Function Stored XSS Vulnerability in Jenkins LTS and Earlier Versions Stored XSS Vulnerability in Jenkins 2.227 and Earlier Ruijie RG-UAC commit 9071227 Denial of Service Vulnerability Stored XSS Vulnerability in Jenkins 2.227 and Earlier: Exploitable via Manipulated Column Headers Cross-Site Scripting (XSS) Vulnerability in Ruijie RG-UAC 6000-E50 commit 9071227 via rule_name Parameter Unencrypted Storage of Artifactory Server Password in Jenkins Artifactory Plugin OOB-XXE Vulnerability in Zoho ManageEngine Analytics Plus Allows Arbitrary File Reading and Port Scanning Arbitrary Code Execution via Directory Traversal in Zoho ManageEngine Analytics Plus HongCMS 3.0 Cross Site Scripting (XSS) Vulnerability in /ajax/myshop Arbitrary File Deletion Vulnerability in WDJA CMS v1.5.2 Server-Side Request Forgery (SSRF) Vulnerability in Myucms v2.2.1 Jenkins Artifactory Plugin 3.6.0 and earlier: Plain Text Transmission of Configured Passwords Remote Code Execution (RCE) Vulnerability in Myucms v2.2.1 via \controller\Config.php add() Method Remote Code Execution (RCE) Vulnerability in Myucms v2.2.1 via \controller\point.php's add() Method Remote Code Execution (RCE) Vulnerability in Myucms v2.2.1 via addqq() Method in \controller\Config.php Server-Side Request Forgery (SSRF) Vulnerability in Myucms v2.2.1 Vulnerability in emlog v6.0: Remote Code Execution via Crafted Zip File Stored Cross-Site Scripting (XSS) Vulnerability in XYHCMS v3.6 Component xyhai.php?s=/Link/index Arbitrary Administrator Account Addition via Crafted URL in WDJA CMS v1.5.2 Remote Code Execution Vulnerability in Jenkins Pipeline: AWS Steps Plugin SQL Injection Vulnerability in Yunyecms 2.0.2 via XFF Parameter SQL Injection Vulnerability in fastadmin V1.0.0.20191212_beta SQL Injection Vulnerability in fastadmin-tp6 v1.0 Arbitrary Type Instantiation Remote Code Execution Vulnerability in Jenkins OpenShift Pipeline Plugin Heap-based Buffer Overflow in archive_string_append_from_wcs() in libarchive-3.4.1dev Stack-based Buffer Overflow in genptk_text Component of fig2dev 3.2.7b: Denial of Service Vulnerability Stack-based Buffer Overflow in genpstrx_text() Component of fig2dev 3.2.7b Heap-based Buffer Overflow in Libsixel's sixel_encoder_output_without_macro Function Buffer Overflow Vulnerability in fig2dev 3.2.7b Allows for Denial of Service Attack Buffer Overflow Vulnerability in GraphicsMagick 1.4 WritePCXImage Function Remote Code Execution Vulnerability in Jenkins Azure Container Service Plugin Stack-based Buffer Overflow in put_arrow() Component of fig2dev 3.2.7b Buffer Overflow Vulnerability in fig2dev 3.2.7b's set_color Component Allows for Denial of Service (DoS) Buffer Overflow Vulnerability in fig2dev 3.2.7b's set_fill Component Allows for Denial of Service (DoS) Buffer Overflow Vulnerability in fig2dev 3.2.7b: shade_or_tint_name_after_declare_color in genpstricks.c Buffer Overflow Vulnerability in fig2dev 3.2.7b's put_font Function Allows for Denial of Service (DOS) Buffer Overflow Vulnerability in hash_findi Function in NASM 2.15rc0: Remote Denial of Service Denial of Service Vulnerability in nasm's expand_mmac_params Function Buffer Overflow Vulnerability in scan Function in NASM 2.15rc0: Remote Denial of Service Heap-Use-After-Free Vulnerability in FFmpeg 4.2 Allows Arbitrary Code Execution Reflected XSS vulnerability in Jenkins Queue cleanup Plugin 1.3 and earlier Heap-Use-After-Free Vulnerability in FFmpeg 4.2 Allows Denial of Service via Crafted AVI File Integer Overflow Vulnerability in Tengine Web Server Stored XSS vulnerability in Jenkins RapidDeploy Plugin 4.2 and earlier XML External Entity (XXE) Vulnerability in Jenkins RapidDeploy Plugin 4.2 and Earlier Denial of Service Vulnerability in Artifex Software GhostScript 9.50 XML External Entity (XXE) Vulnerability in Jenkins Code Coverage API Plugin 1.1.4 and Earlier Buffer Overflow Vulnerability in Oggvideotools 0.9.1: Remote Code Execution via Crafted Ogg File Segmentation Fault Vulnerability in StreamSerializer::extractStreams Function Buffer Overflow Vulnerability in ExtractorInformation Function in oggvideotools 0.9.1 Blind SQL Injection Vulnerability in OpenSNS v6.1.0 Blind SQL Injection Vulnerability in OpenSNS v6.1.0 Stored XSS Vulnerability in JEECMS x1.1's /member-vipcenter.htm Component XSS Vulnerability in Jenkins Gatling Plugin 1.2.7 and Earlier Cross Site Scripting (XSS) Vulnerability in Gazie 7.29 Cross Site Scripting (XSS) Vulnerability in Rukovoditel Project Management App 2.6 Cross-Site Scripting (XSS) Vulnerabilities in Sagemcom F@ST3686 v1.0 HUN 3.97.0 Reflected Cross-Site Scripting Vulnerability in Jenkins AWSEB Deployment Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins FitNesse Plugin Cross-Site Scripting (XSS) Vulnerability in Jenkins useMango Runner Plugin 1.4 and Earlier Unencrypted Storage of Credentials in Jenkins Copr Plugin 0.3 and Earlier XML External Entity (XXE) Vulnerability in Jenkins Parasoft Findings Plugin 10.4.3 and Earlier Cross-Site Scripting (XSS) Vulnerability in IBOS 4.5.4 Email Function Code Injection Vulnerability in phpwcms 1.9.13 via /phpwcms/setup/setup.php Command Injection Vulnerability in IBOS 4.5.4 Open Database Backup Arbitrary File Inclusion Vulnerability in IBOS 4.5.4 Open via CronController.php File Upload Getshell Vulnerability in CRMEB 3.1.0+ via /crmeb/crmeb/services/UploadService.php Strict Domain Name Filtering in CRMEB 3.1.0+ Leads to SSRF in CopyTaobao.php Remote Code Execution Vulnerability in Jenkins Yaml Axis Plugin 0.2.0 and Earlier Remote Code Execution Vulnerability in Jenkins AWS SAM Plugin 1.2.2 and Earlier ECTouch v2 SQL Injection Vulnerability via Shop Page in index.php SQL Injection Vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via topicsid Parameter in addtotopics.php SQL Injection Vulnerabilities in NukeViet CMS Module Shops 4.0.29 and 4.3 Unmasked Secrets in Jenkins Build Logs Heap-Based Buffer Overflow in GNU LibreDWG 0.10.2641 via output_TEXT Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10.2641 via htmlwescape Null Pointer Dereference Vulnerability in GNU LibreDWG 0.10.2641 Heap-based Buffer Overflow Vulnerability in GNU LibreDWG 0.10.2641 via htmlescape() Function Null Pointer Dereference Vulnerability in GNU LibreDWG 0.10.2641 Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10.2641 via htmlescape() Function Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10.2641 via htmlescape() Function Unmasked Secrets Containing $ Character in Jenkins Credentials Binding Plugin Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via read_2004_compressed_section Improper Permission Checks in Jenkins Copy Artifact Plugin 1.43.1 and Earlier Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via bit_calc_CRC Heap-based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via read_2004_section_handles Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via read_2004_compressed_section Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via read_2004_section_classes Null Pointer Dereference Vulnerability in GNU LibreDWG 0.10 Null Pointer Dereference Vulnerability in GNU LibreDWG 0.10 Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via read_2004_section_preview Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via read_2004_section_appinfo Memory Leak Vulnerability in GNU LibreDWG 0.10 Jenkins CVS Plugin 2.15 and Earlier: Cross-Site Request Forgery Vulnerability Heap-based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via bit_search_sentinel Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via bit_read_B Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via read_2004_section_revhistory Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG 0.10 via bit_read_RC Remote Code Execution Vulnerability in GNU LibreDWG 0.10: memcpy-param-overlap in read_2004_section_header HTML Injection Vulnerability in Codoforum 4.8.3 Admin Dashboard Manage Users Section Jenkins Amazon EC2 Plugin: SSH Host Key Validation Vulnerability Cross Site Scripting Vulnerability in WDScanner 1.1 System Management Page Provisioning Instances via Cross-Site Request Forgery in Jenkins Amazon EC2 Plugin Arbitrary PHP Code Execution Vulnerability in DuxCMS 2.1 Arbitrary File Deletion Vulnerability in DuxCMS 2.1 ThinkPHP50-CMS v1.0 Remote Code Execution (RCE) Vulnerability in Captcha Component Unvalidated Self-Signed Certificate Acceptance in Jenkins Amazon EC2 Plugin Vulnerability: Enumeration of Credentials ID in Jenkins Amazon EC2 Plugin CSRF Vulnerability in DuxCMS 2.1 Allows Remote Data Modification OS Command Injection Vulnerability in Unibox U-50, UniBox Enterprise Series, and UniBox Campus Series 2.4 Cross-Site Request Forgery (CSRF) Vulnerability in Unibox SMB 2.4, UniBox Enterprise Series 2.4, and UniBox Campus Series 2.4 Arbitrary Type Instantiation Remote Code Execution Vulnerability in Jenkins SCM Filter Jervis Plugin Buffer Overflow Vulnerability in clj_media_size Function in Artifex Ghostscript 9.50 Use After Free Vulnerability in MuPDF 1.16.0 Allows Denial of Service via Crafted PDF File Stored Cross-Site Scripting Vulnerability in Jenkins Script Security Plugin Unauthenticated API Endpoint Permissions Vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin Use After Free Vulnerability in ICU-20850 v66.1 Cross-Site Request Forgery Vulnerability in Jenkins Self-Organizing Swarm Plug-in Modules Plugin Stored XSS Vulnerability in Eyoucms v1.4.1's web_copyright Field Stored Cross-Site Scripting Vulnerability in Jenkins ECharts API Plugin 4.7.0-3 and Earlier Stored XSS Vulnerability in Eyoucms v1.4.1: Arbitrary Code Execution in web_attr_2 Field Bypassing Login and Obtaining Partially Authorized Token and UID in Motorola CX2 Router CX 1.0.2 Build 20190508 Rel.97360n Vulnerability: Exposure of Admin Password and Private Key in Log Tar Package Authentication Bypass Vulnerability in Motorola CX2 Router Command Injection Vulnerability in Motorola CX2 Router CX 1.0.2 Build 20190508 Rel.97360n Unauthenticated Access to Components in Motorola CX2 Router CX 1.0.2 Build 20190508 Rel.97360n Command Injection Vulnerability in Motorola CX2 Router CX 1.0.2 Build 20190508 Rel.97360n Stored Cross-Site Scripting Vulnerability in Jenkins ECharts API Plugin 4.7.0-3 and Earlier Stored Cross-Site Scripting Vulnerability in Jenkins Compact Columns Plugin CSRF Vulnerability in Jenkins Selenium Plugin 3.141.59 and Earlier Arbitrary Code Execution via File Upload in Prestashop 1.7.6.7 Catalog Feature Unrestricted Access to Inheritance Project Job Configurations in Jenkins Arbitrary File Upload Vulnerability in NewsOne CMS v1.1.0 Unredacted Encrypted Secrets in Jenkins Project Inheritance Plugin Persistent Cross Site Scripting (XSS) vulnerability in HomeAutomation 3.3.2 Cross Site Request Forgery (CSRF) vulnerability in HomeAutomation 3.3.2 allows for unauthorized actions with administrative privileges Reflected Cross-Site Scripting Vulnerability in Jenkins Subversion Partial Release Manager Plugin Information Disclosure Vulnerability in Emmanuel MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Authentication Bypass Vulnerability in AVE DOMINAplus <=1.10.x Authenticated Remote Command Injection in Inim Electronics SmartLiving SmartLAN/G/SI <=6.x Cross-Site Scripting (XSS) Vulnerability in WEMS Limited Enterprise Manager 2.58 Clear-text Credentials Disclosure Vulnerability in AVE DOMINAplus <=1.10.x Default Hardcoded Credentials in Inim Electronics Smartliving SmartLAN/G/SI <=6.x Unauthenticated Reboot Command Execution Vulnerability in AVE DOMINAplus <=1.10.x Unauthenticated Database Backup Download and Information Disclosure Vulnerability in Smartwares HOME easy <=1.0.9 Arbitrary Redirect Vulnerability in HomeAutomation 3.3.2 Authenticated OS Command Injection in iWT Ltd FaceSentry Access Control System 6.4.8 Jenkins Play Framework Plugin 1.0.2 and earlier - OS Command Injection Vulnerability Authenticated OS Command Execution Vulnerability in HomeAutomation 3.3.2 with Custom Command v0.1 Plugin Authentication Bypass Vulnerability in HomeAutomation 3.3.2 Allows Remote Control of Smart Home Solution Unauthenticated Server-Side Request Forgery (SSRF) in Inim Electronics Smartliving SmartLAN/G/SI <=6.x Root Privilege Escalation via OS Command Injection in OKER G955V1 v1.03.02.20161128 Stored Cross-Site Scripting Vulnerability in Jenkins Sonargraph Integration Plugin Buffer Overflow Vulnerability in FFmpeg 4.2: Remote Code Execution and Information Disclosure in mov_write_video_tag Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when Writing .mov Files Heap-based Buffer Overflow in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c Buffer Overflow Vulnerability in FFmpeg 4.2: Remote DoS via libavfilter/vf_vmafmotion.c Vulnerability: Enumeration of Credentials ID in Jenkins Fortify on Demand Plugin Buffer Overflow Vulnerability in FFmpeg 4.2: Remote Denial of Service in vf_fieldmatch.c Buffer Overflow Vulnerability in FFmpeg 4.2: Remote Denial of Service in libavfilter/vf_yadif.c Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2's filter_frame Function Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2 at libavfilter/vf_bitplanenoise.c Buffer Overflow Vulnerability in FFmpeg 4.2: Remote Denial of Service in vf_lagfun.c Heap-based Buffer Overflow Vulnerability in gaussian_blur at libavfilter/vf_edgedetect.c Buffer Overflow Vulnerability in FFmpeg 4.2: Remote Denial of Service in af_tremolo.c Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2's deflate16 at libavfilter/vf_neighbor.c Buffer Overflow Vulnerability in FFmpeg 4.2: Remote Denial of Service in filter_vertically_8 Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: slice_get_derivative Cross-Site Request Forgery Vulnerability in Jenkins Fortify on Demand Plugin Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2: libavfilter/vf_edgedetect.c Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2: Remote DoS in vf_vmafmotion.c Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2 at libavfilter/vf_floodfill.c Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2's get_block_row at libavfilter/vf_bm3d.c Heap-based Buffer Overflow Vulnerability in FFmpeg 4.2's filter_intra at libavfilter/vf_bwdif.c Memory Leak in avcodec_alloc_context3 at options.c in FFmpeg 4.2 FFmpeg 4.2 Denial of Service Vulnerability: Memory Leak in ff_v4l2_m2m_create_context Function Memory Leak in FFmpeg 4.2's inavi_add_ientry Function Leads to Denial of Service Vulnerability Vulnerability: Unauthorized Access to Fortify on Demand Endpoint in Jenkins Fortify on Demand Plugin FFmpeg 4.2 Denial of Service Vulnerability: Memory Leak in v_frame_alloc Function FFmpeg 4.2 Denial of Service Vulnerability: Memory Leak in av_buffersrc_add_frame_flags Function FFmpeg 4.2 Denial of Service Vulnerability: Memory Leak in libavfilter/graphparser.c Memory Leak Vulnerability in FFmpeg 4.2: fifo_alloc_common Function in libavutil/fifo.c Memory Leak Vulnerability in FFmpeg 4.2: Denial of Service in url_open_dyn_buf_internal function Memory Leak Vulnerability in FFmpeg 4.2: Denial of Service Exploit Memory Leak in FFmpeg 4.2's ff_frame_pool_get Function Leads to Denial of Service Vulnerability Memory Leak Vulnerability in FFmpeg 4.2: Denial of Service in wtvfile_open_sector Function Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins VncRecorder Plugin 1.25 and Earlier Memory Leak Vulnerability in FFmpeg 4.2's vf_tile.c Filter_Frame Function Memory Leak Vulnerability in FFmpeg 4.2's av_dict_set Function Memory Leak Vulnerability in FFmpeg 4.2: Denial of Service in af_acrossover.c Default Security Descriptor in EVGA Precision XOC v6.2.7 Allows Unauthorized Access to Sensitive Components and Data Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins VncRecorder Plugin 1.25 and Earlier Arbitrary Data Write Vulnerability in SUPERAntispyware v8.0.0.1050 Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins VncViewer Plugin 1.7 and Earlier Remote Code Execution Vulnerability in Tenda AC-10U AC1200 Router Unencrypted Secret Storage in Jenkins Slack Upload Plugin Remote Code Execution Vulnerability in jsonpickle (<=1.4.1) during Deserialization Unencrypted Password Storage in Jenkins TestComplete Support Plugin Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier: Plain Text Transmission of Configured Passwords Remote Code Execution Vulnerability in Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and Earlier Unencrypted Storage of Secrets in Jenkins GitHub Coverage Reporter Plugin Remote Code Execution (RCE) Vulnerability in imcat v5.1's /root/run/adm.php?admin-ediy&part=exdiy Endpoint SQL Injection Vulnerability in Find a Place LJCMS v 1.3 Sensitive Information Disclosure Vulnerability in joyplus-cms v1.6 Unencrypted Storage of Credentials in Jenkins White Source Plugin Jenkins ZAP Pipeline Plugin 1.9 and earlier: Content-Security-Policy Protection Bypass Stored XSS Vulnerability in Piwigo 2.10.1 Admin Tags Page Cross-Site Request Forgery Vulnerability in Jenkins Zephyr for JIRA Test Management Plugin Cross-Site Scripting (XSS) Vulnerability in Piwigo 2.10.1's /admin.php?page=permalinks Remote Code Execution Vulnerability in Fuel-CMS v1.4.6 via Crafted Zip File Upload Arbitrary Code Execution via Cross Site Scripting in FUEL- CMS v.1.4.6 Arbitrary Code Execution via File Upload Vulnerability in FUEL-CMS v.1.4.6 Multiple Reflected and Stored XSS Vulnerabilities in MediaKind RX8200 5.13.3 Devices Arbitrary File Upload Vulnerability in EVERTZ Devices 3080IPX, 7801FC, and 7890IXG Unauthenticated Remote Code Execution in Jenkins Zephyr for JIRA Test Management Plugin SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 Persistent Cross-Site Scripting Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins Compatibility Action Storage Plugin 1.0 and Earlier SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 SQL Injection Vulnerability in PHPGurukul Hospital Management System v4.0 Sensitive Information Disclosure Vulnerability in PHPGurukul Hospital Management System v4.0 Unencrypted Password Storage in Jenkins HP ALM Quality Center Plugin Samsung sww-3400rw Router XSS Vulnerability via m2 Parameter Stored Cross-Site Scripting Vulnerability in Jenkins Link Column Plugin 1.0 and Earlier DedeCMS 5.7 SQL Injection Vulnerability in member/ajax_membergroup.php SQL Injection Vulnerability in phpCMS 2007 SP6 Build 0805 via digg_mod Parameter Stored Cross-Site Scripting Vulnerability in Jenkins 2.244 and Earlier Directory Traversal Vulnerability in phpCMS 9.1.13 via q Parameter Arbitrary PHP Command Execution in phpCMS 2008 sp4 via pagesize Parameter SQL Injection Vulnerability in phpCMS 2008 sp4 via genre parameter in yp/job.php SQL Injection in ECShop 2.7.6 via goods_number parameter in flow.php SQL Injection in ECShop 3.0: Exploiting the id Parameter in admin/shophelp.php SQL Injection in ECShop 3.0: Exploiting the aid Parameter in admin/affiliate_ck.php SQL Injection Vulnerability in 74cms 3.2.0 via x parameter in plus/ajax_street.php SQL Injection Vulnerability in 74cms 3.2.0 via plus/ajax_common.php Stored Cross-Site Scripting Vulnerability in Jenkins 2.244 and Earlier SQL Injection in 74cms 3.2.0 via the x parameter in ajax_officebuilding.php SQL Injection in 74cms 3.2.0 via key parameter in plus/ajax_street.php SQL Injection Vulnerability in 74cms 3.2.0 via id parameter in wap/wap-company-show.php Buffer Overflow Vulnerability in c-ares: Exploiting ares_parse_soa_reply Function Out-of-Bounds Memory Access Vulnerability in libssh2 1.10.0 Buffer Overflow Vulnerability in FLAC Encoder (flac) Allows Remote Code Execution Stored Cross-Site Scripting Vulnerability in Jenkins LTS 2.235.1 and Earlier Cross-Site Scripting (XSS) Vulnerability in Stivasoft (Phpjabbers) Fundraising Script v1.0 SQL Injection Vulnerability in Stivasoft (Phpjabbers) Fundraising Script v1.0 via pjActionLoad Function Cross-Site Scripting (XSS) Vulnerability in Stivasoft (Phpjabbers) Fundraising Script v1.0 via pjActionPreview Function SQL Injection Vulnerability in Stivasoft (Phpjabbers) Fundraising Script v1.0 via pjActionLoadForm Function SQL Injection Vulnerability in Stivasoft (Phpjabbers) Fundraising Script v1.0 via pjActionSetAmount Function Stored Cross-Site Scripting Vulnerability in Jenkins 2.244 and Earlier Stored Cross-Site Scripting Vulnerability in Jenkins Matrix Project Plugin Unrestricted File Upload Vulnerability in phplist 3.5.1 Allows Remote Code Execution Stored Cross-Site Scripting Vulnerability in Jenkins Matrix Project Plugin 1.16 and Earlier XSS Vulnerability in phpList 3.5.3: Login Name Field in Manage Administrators Unauthenticated Telnet Access Vulnerability in Xiongmai Technology Co Devices Stored Cross-Site Scripting Vulnerability in Jenkins Matrix Authorization Strategy Plugin Stored Cross-Site Scripting Vulnerability in Jenkins Deployer Framework Plugin 1.2 and Earlier CSRF Vulnerability in Neoflex Video Subscription System Version 2.0 Allows Unauthorized Changes to Website Settings CSV Injection Vulnerability in JomSocial 4.7.6 CSV Command Injection Vulnerability in Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 CSV Injection Vulnerability in WeForms WordPress Plugin 1.4.7 CSV Injection Vulnerability in Import and Export Users and Customers WordPress Plugin CSV Injection Vulnerability in phpMyAdmin Export Section Privilege Escalation Vulnerability in Jenkins Gitlab Authentication Plugin Buffer Overflow Vulnerability in lwIP's icmp6_send_response_with_addrs_and_netif() Function Buffer Overflow Vulnerability in lwIP Allows Unauthorized Access to Sensitive Information via Crafted 6LoWPAN Packet Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.251 and earlier, LTS 2.235.3 and earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.251 and earlier, LTS 2.235.3 and earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins 2.251 and earlier, LTS 2.235.3 and earlier OJ/admin-tool /cal_scores.php XSS Vulnerability in HZNUOJ v1.0 Jenkins Email Extension Plugin 2.72 and 2.73 Plain Text Transmission of SMTP Password Vulnerability Cross-Site Scripting (XSS) Vulnerability in HFish 0.5.1 Vulnerability: Enumeration of Credentials ID in Jenkins Pipeline Maven Integration Plugin Title-based Cross-Site Scripting (XSS) Vulnerability in Subrion 4.2.1 CSRF Vulnerability in BeeCMS v4 Allows Deletion of Administrator Account Stack Overflow Vulnerability in pdfcrack 0.17-0.18 Allows Arbitrary Code Execution Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier: Missing Permission Check Allows Unauthorized Access to JDBC URL and Credential Capture Arbitrary OS Command Execution in Centreon 19.10.8 via RRDdatabase_path Parameter Jenkins Pipeline Maven Integration Plugin CSRF Vulnerability Allows Unauthorized Access to JDBC URLs NULL Pointer Dereference Vulnerability in GPAC v0.8 Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Yet Another Build Visualizer Plugin CSRF Vulnerability in Jenkins Flaky Test Handler Plugin Allows Unauthorized Project Rebuilding Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Git Parameter Plugin Unencrypted Secret Storage in Jenkins Parameterized Remote Trigger Plugin CSV Injection Vulnerability in Akaunting <= 2.0.9: Arbitrary Code Execution via Item Name Field XSS Vulnerability in Subrion CMS 4.2.2: Blog Image File Editing Cross-Site Scripting (XSS) Vulnerability in YzmCMS v5.5 Member Contribution Function Jenkins Database Plugin CSRF Vulnerability Allows Arbitrary SQL Execution SOGo Web Mail 4.3.1 XSS Vulnerability: User Sensitive Information Disclosure Express Cart v1.1.16 Cross Site Request Forgery (CSRF) Vulnerability Allows Unauthorized Account Creation and Code Manipulation Jenkins Database Plugin CSRF Vulnerability Jenkins Database Plugin Vulnerability: Unauthorized Database Access Cross-Site Scripting (XSS) Vulnerability in 74CMS v6.0.4 via /index.php?m=&c=help&a=help_list&key Centreon 19.10-3.el7 SQL Injection Vulnerability Remote Code Execution (RCE) Vulnerability in NagiosXI 5.6.11 Cross Site Scripting (XSS) Vulnerability in SolarWinds Serv-U before 15.1.6 Hotfix 3 Use-After-Free Vulnerability in Redox-OS v0.1.0 via gethostbyaddr() Function Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Cadence vManager Plugin 3.0.4 and Earlier Cross-Site Scripting (XSS) Vulnerability in Jenkins Build Failure Analyzer Plugin Jenkins Valgrind Plugin XML External Entity (XXE) Vulnerability SQL Injection Vulnerability in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 Cross-Site Scripting (XSS) Vulnerability in Untis WebUntis before 2020.9.6 Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Valgrind Plugin Jenkins Klocwork Analysis Plugin XML External Entity (XXE) Vulnerability Local File Inclusion Vulnerability in webERP 4.15 ManualContents.php Insecure Permissions in Tasks Application: Arbitrary Task Addition Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in Jenkins JSGames Plugin 0.2 and Earlier Cross-Site Scripting (XSS) Vulnerability in HFish 0.5.1 Unencrypted Storage of Webhook Secret in Jenkins Team Foundation Server Plugin Unencrypted Storage of Project Passwords in Jenkins SoapUI Pro Functional Testing Plugin Jenkins SoapUI Pro Functional Testing Plugin: Plain Text Transmission of Project Passwords Unvalidated Hostname in Jenkins Mailer Plugin Buffer Overflow Vulnerability in FreeImage_Load Function in FreeImage Library 3.19.0(r1828) Lack of Hostname Validation in Jenkins Email Extension Plugin Remote Code Execution Vulnerability in Zentao via lang Parameter Improper Access Control in PbootCMS 2.0.6 via update function in upgradecontroller.php Arbitrary File Read Vulnerability in Jenkins Blue Ocean Plugin Unauthenticated Remote URL Connection Vulnerability in Jenkins Blue Ocean Plugin Directory Traversal Vulnerability in Veno File Manager 3.5.6 Allows Unauthorized File Download Snap7 Server Denial of Service Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Pipeline Maven Integration Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Validating String Parameter Plugin Denial of Service Vulnerability in Memcached 1.6.0 - 1.6.3 Jenkins Health Advisor Plugin Vulnerability: Unauthorized Access to HTTP Endpoint Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins computer-queue-plugin Plugin 1.5 and Earlier Remote Code Execution Vulnerability in Jerrscript- project Jerryscript v. 2.3.0 Unauthenticated Remote Code Execution in Jenkins Perfecto Plugin Cross-Site Scripting Vulnerability in LimeSurvey 4.1.11+200316 via name and description parameters in PermissiontemplatesController.php Cross Site Scripting Vulnerability in Enhancesoft osTicket v1.12.6 and Earlier Enhancesoft osTicket v1.12.6 Cross Site Scripting (XSS) Vulnerability in queue-name Parameter Arbitrary Command Execution Vulnerability in Jenkins Perfecto Plugin Remote Code Execution (RCE) Vulnerability in MyBB before 1.8.22 via Settings File Write Use-after-free vulnerability in Ardour v5.12's xml++ component Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Android Lint Plugin Jinfornet Jreport 15.6 Directory Traversal Vulnerability Buffer Overflow Vulnerability in LibRaw::stretch() Function Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Radiator View Plugin 1.29 and Earlier Jenkins Custom Job Icon Plugin 0.2 and earlier - Stored XSS Vulnerability in Job Descriptions Arbitrary File Upload Vulnerability in Feehi CMS 2.1.0 Allows Remote Code Execution Vulnerability in DepositGame v.1.0: Unauthorized Access to Sensitive Information Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Coverage/Complexity Scatter Plot Plugin Memory Leak Vulnerability in AlienVault Ossim v5 sim-organizer.c Leads to Denial of Service (DoS) Vulnerability: Unauthorized Image Signature Injection in Ruckus Wireless Devices Firmware Image Bad MD5 Checksum Bypass Vulnerability Persistent Unauthorized Image Writing Vulnerability Secure Boot Bypass Vulnerability in Ruckus Wireless Devices Authentication Bypass Vulnerability in Ruckus Wireless Devices Unauthorized Image Boot Vulnerability Vulnerability: Unauthorized Image Signature Injection in Ruckus Wireless Devices Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Description Column Plugin Vulnerability: Secure Boot Bypass and Temporary Backup Image Execution Vulnerability: Unauthorized Image Write and Backup Erasure in Ruckus Wireless Devices Remote Code Execution and Unauthorized Region Code Change Vulnerability in Ruckus Wireless Devices Modsecurity OWASP Modsecurity-CRS 3.2.0 SQL Injection Bypass Vulnerability Arbitrary File Metadata Access Vulnerability in Jenkins MongoDB Plugin Memory Leak Vulnerability in MP4Box in gpac 0.8.0 Invalid Memory Dereference in gpac 0.8.0: Denial of Service Vulnerability Heap-based Buffer Overflow in GetGhostNum Function in gpac 0.8.0 Heap-based Buffer Overflow in gpac 0.8.0's dump_data_hex Function Heap-based Buffer Overflow in gf_media_nalu_remove_emulation_bytes Function in gpac 0.8.0 Memory Leak Vulnerability in sgpd_parse_entry Function in GPAC 0.8.0 Jenkins MongoDB Plugin 1.3 CSRF Vulnerability: Unauthorized Access to File Metadata Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins chosen-views-tabbar Plugin 1.2 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins ClearCase Release Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Locked Files Report Plugin Cross-Site Scripting (XSS) Vulnerability in Shimo Document v2.0.1 Unauthenticated Remote Code Execution in Jenkins ElasTest Plugin Arbitrary Code Execution Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 Local Privilege Escalation Vulnerability in Rapid SCADA 5.8.0 Cross-Site Scripting (XSS) Vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop Version 1.14 Remote Command Execution Vulnerability in Mercury Router MER1200 and MER1200G v1.0.1 Jenkins ElasTest Plugin CSRF Vulnerability Stored XSS Vulnerability in CMS Made Simple (CMSMS) 2.2.14 via Extensions > File Picker Unencrypted Storage of Server Password in Jenkins ElasTest Plugin Arbitrary User Private Key Recovery Vulnerability in Xuperchain 3.6.0 Arbitrary File Read Vulnerability in Jenkins Copy data to workspace Plugin MCMS 5.0 File Upload Vulnerability: Arbitrary Code Execution via Crafted Thumbnail Arbitrary Command Execution Vulnerability in Jenkins Selection Tasks Plugin CSRF Vulnerability in FlatPress 1.1 via DeleteFile Function in flat/admin.php XSS Vulnerability in NukeViet CMS 4.4.0 News Module Editor Arbitrary File Read Vulnerability in Jenkins Storable Configs Plugin Arbitrary File Replacement Vulnerability in Jenkins Storable Configs Plugin Etherpad < 1.8.3 Denial of Service Vulnerability Denial of Service Vulnerability in Etherpad < 1.8.3 Import Functionality Insecure Storage of User Passwords in Etherpad <1.8.3 Bypassing Access Controls in Etherpad UeberDB MySQL Connector Denial of Service Vulnerability in Etherpad < 1.8.3 Unauthenticated Stored XSS in FME Server: Remote Admin Privilege Escalation via Login Page Arbitrary Code Execution Vulnerability in Jenkins Script Security Plugin Authenticated Stored XSS in FME Server: Remote Code Execution via User Name Modification in Logs Arbitrary Code Execution Vulnerability in Jenkins Warnings Plugin 5.0.1 and Earlier Vtiger CRM 7.2 Calendar Export Data Feature Union SQL Injection Vulnerability Reflected XSS Vulnerability in yii2_fecshop 2.x Check Cart Page Unquoted Service Path Vulnerability in Windscribe v1.83 Build 20 Jenkins Lockable Resources Plugin 2.8 CSRF Vulnerability: Unauthorized Resource Manipulation SQL Injection Vulnerability in MKCMS V6.2 via /ucenter/reg.php name parameter SQL Injection Vulnerability in MKCMS V6.2 via /ucenter/active.php verify parameter Jenkins Implied Labels Plugin HTTP Endpoint Permission Check Bypass SQL Injection Vulnerability in MKCMS V6.2 via /ucenter/repass.php Name Parameter Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Liquibase Runner Plugin 1.4.5 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in b2evolution CMS 6.11.6-stable Jenkins Liquibase Runner Plugin 1.4.5 and earlier: XML External Entity (XXE) Vulnerability Open Redirect Vulnerability in b2evolution CMS Prior to 6.11.6 via redirect_to Parameter in email_passthrough.php Stored XSS in b2evolution CMS version 6.11.6 and prior: Plugin Name Input Field Vulnerability Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple before 2.2.15 Unauthenticated Denial of Service (DOS) Vulnerability in Mikrotik RouterOS 6.47 via Crafted SMB Requests Denial of Service Vulnerability in Mikrotik RouterOS 6.47 via Crafted FTP Requests CSCMS v4.1 Playsong.php Remote Code Execution Vulnerability Jenkins Liquibase Runner Plugin 1.4.7 and Earlier: Credential Enumeration Vulnerability Outdated Configuration Vulnerability in Jenkins Role-based Authorization Strategy Plugin Arbitrary Code Execution through Cross-Site Scripting (XSS) in Froala WYSIWYG Editor 3.1.0 Jenkins Audit Trail Plugin URL Bypass Vulnerability Buffer Overflow Vulnerability in NumberToPrecisionCmd in Jsish before 3.0.7 Allows Remote Code Execution Arbitrary Code Execution via Integer Overflow in Jsi_ObjArraySizer Arbitrary Code Execution via Integer Overflow in Jsi_ObjSetLength Function QuickJS Buffer Overflow Vulnerability in quickjs.c Bypassing Default Regular Expression Pattern in Jenkins Audit Trail Plugin Denial of Service Vulnerability in fxParserTree Function in Moddable (CVE-2021-XXXX) Buffer Overflow Vulnerability in Espruino's jsvGetStringChars Function Buffer Overflow Vulnerability in mujs 1.0.8 and earlier: Remote Denial of Service Buffer Overflow Vulnerability in jsG_markobject Function in mujs 1.0.7 and earlier: Remote Denial of Service Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Active Choices Plugin 2.4 and Earlier Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Active Choices Plugin Stack Overflow Vulnerability in jsi_evalcode_sub Function in Jsish Unencrypted Storage of Server Password in Jenkins couchdb-statistics Plugin Denial of Service Vulnerability in XZ 5.2.5 via Crafted File Decompression Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Release Plugin 2.10.2 and Earlier Arbitrary File Read Vulnerability in Jenkins Persona Plugin 2.4 and Earlier EmpireCMS 7.5 Remote Code Execution (RCE) via e/install/index.php Unauthenticated Remote Code Execution in Jenkins Maven Cascade Release Plugin Title: Cross-Site Request Forgery (CSRF) Vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and Earlier Jenkins Shared Objects Plugin 0.44 and Earlier: Cross-Site Request Forgery (CSRF) Vulnerability Allows Unauthorized Configuration of Shared Objects Unencrypted Storage of Access Token in Jenkins SMS Notification Plugin XML External Entity (XXE) Vulnerability in Jenkins Nerrvana Plugin 1.02.06 and Earlier MicroStrategy Web SDK 11.1 and Earlier: Server-Side Request Forgery (SSRF) Vulnerability Arbitrary Code Execution via XSS Vulnerability in MicroStrategy Web SDK Arbitrary Code Execution via XSS Vulnerability in MicroStrategy Web SDK Arbitrary Code Execution via XSS Vulnerability in MicroStrategy Web SDK Arbitrary Code Execution via XSS Vulnerability in MicroStrategy Web SDK Jenkins Active Directory Plugin Vulnerability: Unauthorized User Login via Magic Constant Password Jenkins Active Directory Plugin Allows Empty Password Login Vulnerability Jenkins Active Directory Plugin Authentication Bypass Vulnerability Authenticated Reflected XSS in APfell 1.4 via payloadtypes_callback Function Open Redirect Vulnerability in OPNsense Login Page Unauthorized Access to Domain Health Check Diagnostic Page in Jenkins Active Directory Plugin NULL Pointer Dereference in dhry_1.c of Dhrystone 2.1: A Denial of Service Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Jenkins Active Directory Plugin Allows Unauthorized Connection Tests Insecure Session Validation Vulnerability in MEDIA NAVI Inc SMACom v1.2 Code Injection Vulnerability in Portable Ltd Playable v9.18 Information Disclosure Vulnerability in Swift File Transfer Mobile v1.1.2 and Below Stored Cross-Site Scripting (XSS) Vulnerability in Folder Lock v3.4.5's Create Folder Function Jenkins Subversion Plugin 2.13.1 and earlier: XML External Entity (XXE) Vulnerability Directory Traversal Vulnerability in Sky File v2.1.0 FTP Server Allows Unauthorized Access to Sensitive Data Cross-Site Scripting (XSS) Vulnerability in Dropouts Technologies LLP Air Share v1.2 Cross-Site Scripting (XSS) Vulnerability in Dropouts Technologies LLP Super Backup v2.0.5 Arbitrary File Upload Vulnerability in Tran Tu Air Sender v1.0.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2's file_pic_view.php Component SQL Injection Vulnerability in Macrob7 Macs Framework Content Management System - 1.14f Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2 via tpl.php Component Cross-Site Scripting (XSS) Vulnerability in Macrob7 Macs Framework Content Management System - 1.14f Search Module Persistent XSS Vulnerability in SeedDMS Content Management System v6.0.7 via AddEvent.php Cross-Site Scripting (XSS) Vulnerability in Fork CMS v5.8.0 Jenkins Mercurial Plugin XML External Entity (XXE) Vulnerability HTML Injection Vulnerability in TAO Open Source Assessment Platform v3.3.0 RC02 Multiple Stored XSS Vulnerabilities in Phpgurukul User Registration & User Management System v2.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Catalyst IT Ltd Mahara CMS v19.10.2 via groupfiles.php Cross-Site Scripting (XSS) Vulnerability in NSK User Agent String Switcher Service v0.3.5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ANCOM WLAN Controller (WLC-1000 & WLC-4006) Unauthenticated Access to Sensitive Data in Nong Ge File Explorer v1.4 Information Disclosure Vulnerability in Jenkins Mercurial Plugin Allows Unauthorized Access to Configured Installations Stack Buffer Overflow in Internet Download Manager 6.37.11.1 Export/Import Function Directory Traversal Vulnerability in Dropouts Technologies LLP Super Backup v2.0.5 Arbitrary Code Execution via Cross Site Scripting in jQuery 2.2.0 through 3.x before 3.5.0 Arbitrary Code Execution via Cross Site Scripting in eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 Arbitrary Code Execution via Cross Site Scripting in TinyMCE v.4.9.6 and earlier, and v.5.0.0 through v.5.1.4 Path Traversal Vulnerability in webTareas 2.0 via extpath Parameter in general_serv.php Jenkins Kubernetes Plugin Vulnerability: Unauthorized Access to Sensitive Environment Variables SSRF Vulnerability in Halo <=1.3.2: Exposing Intranet Servers via SMTP Configuration Jenkins Kubernetes Plugin 1.27.3 and Earlier: Missing Permission Check Allows Unauthorized Access to Global Pod Template Names Arbitrary Code Execution and Privilege Escalation through Unrestricted File Upload in JEECG v4.0 and Earlier Credential Enumeration Vulnerability in Jenkins Kubernetes Plugin 1.27.3 and Earlier Vulnerability: Enumeration of Credentials IDs in Jenkins Ansible Plugin 1.0 and earlier Buffer Overflow Vulnerability in convert_colorspace function in libheif v1.6.2 Vulnerability: Unauthorized Global AWS Configuration Replacement in Jenkins AWS Global Configuration Plugin Unmasked Password in Jenkins SQLPlus Script Runner Plugin XSS Vulnerability in Chamilo LMS Version 1.11.10: Personal Profile Edition Form CSRF Vulnerability in Chamilo LMS 1.11.10 Allows Unauthorized User Edits Privilege Escalation Vulnerability in Chamilo LMS 1.11.10 Vulnerability: Enumeration of Credentials IDs in Jenkins Azure Key Vault Plugin Session Expiry Bypass Vulnerability in Microweber v1.1.18 Unrestricted File Upload Vulnerability in Microweber 1.1.18 Admin Account Page Vulnerability: Broken Authentication and Session Management in Microweber 1.1.18 Unencrypted Password Storage in Jenkins AppSpider Plugin Insufficient Session Expiration in Microweber 1.1.18 LDAP Injection Vulnerability in rConfig 3.9.5 SQL Injection Vulnerability in rConfig 3.9.5 via unsanitized dbName parameter in ajaxDbInstall.php XML External Entity (XXE) Vulnerability in Jenkins Visualworks Store Plugin 1.1.3 and Earlier SQL Injection Vulnerability in rConfig 3.9.5's config.inc.php Command Injection Vulnerability in rConfig 3.9.5 via ajaxArchiveFiles.php Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins Static Analysis Utilities Plugin Pyrescom Termod4 Time Management Devices Remote Code Execution Vulnerability Local File Inclusion Vulnerability in Pyrescom Termod4 Time Management Devices Pyrescom Termod4 Time Management Devices: Sensitive Information Disclosure and Weak Encryption Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Jenkins FindBugs Plugin Arbitrary File Write Vulnerability in Nim-lang via Crafted Zip File Arbitrary File Overwrite Vulnerability in Kuba's Zip File Handling Session Cookies Not Deleted on Logout in PHP-Fusion 9.03.50: Vulnerability Allows Session Replay Attack Stored XSS Vulnerability in PHP-Fusion 9.03.50 Administration Panel Unencrypted Password Storage in Jenkins Mail Commander Plugin Reflected XSS Vulnerability in PHP-Fusion 9.03.60 Administration Theme.php PHP-Fusion 9.03.60 Shoutbox Panel Redirect Vulnerability Stored XSS Vulnerability in PHP-Fusion 9.03.60 Registration Field Stored XSS Vulnerability in PHP-Fusion 9.03.60 Administration Setting Security Unencrypted Password Storage in Jenkins VMware Lab Manager Slaves Plugin Stored XSS Vulnerability in phplist 3.5.4 Import Emails Module Stored XSS Vulnerability in phplist 3.5.4 and Below: Arbitrary Code Execution via Crafted Payload in Manage Administrators Module Stored XSS Vulnerability in phplist's Import Subscribers Feature Unverified Plugin Downloads in Jenkins Plugin Installation Manager Tool 2.1.3 and Earlier Stored XSS Vulnerability in Monstra CMS 3.0.4 via Crafted Payload in Site Name Field Stored XSS Vulnerability in phplist 3.5.3 via Crafted Payload in Edit Values Field Stored XSS Vulnerability in phplist 3.5.3 via Crafted Payload in Send Test Field Stored XSS Vulnerability in phplist 3.5.3 via Crafted Payload in List Description Field Jenkins Shelve Project Plugin 3.0 CSRF Vulnerability: Unauthorized Project Manipulation Stored XSS Vulnerability in phplist 3.5.3 via Crafted Payload in Configure Categories Field Stored XSS Vulnerability in phplist 3.5.3 via Crafted Payload in Add a List Field Arbitrary Code Execution Vulnerability in Monstra CMS 3.0.4 via Crafted Payload in Snippet Content Field Jenkins Chaos Monkey Plugin 0.3 and Earlier: Permission Bypass and Load Generation Vulnerability Multiple Cross Site Scripting (XSS) Vulnerabilities in Cacti 1.2.12 Unauthenticated Access to Jenkins Chaos Monkey Plugin History LavaLite CMS 5.8.0 Menu Blocks Feature XSS Vulnerability Evolution CMS 2.0.2 Document Manager Cross Site Scripting (XSS) Vulnerability XSS Vulnerability in Textpattern CMS 4.8.1 via Custom Fields in Menu Preferences Jenkins CVS Plugin 2.16 and earlier: XML External Entity (XXE) Vulnerability XSS Vulnerability in CMS Made Simple 2.2.14 Content Manager Logic Field XSS Vulnerability in CMS Made Simple 2.2.14 Extra News Article Feature XSS Vulnerability in NavigateCMS 2.9 Tools Feature XSS Vulnerability in NavigateCMS 2.9 via wrong_path_redirect Feature Plaintext Storage of Redis Database Password in GigaVUE-OS (GVOS) 5.4 - 5.9 Weak Hash Algorithm Used in GigaVUE-OS (GVOS) 5.4 - 5.9 Internal Database Arbitrary Code Execution Vulnerability in Electerm 1.3.22 Buffer Overflow Vulnerability in Espruino 2v05.41: Denial of Service via jsvGarbageCollectMarkUsed Remote Denial of Service Vulnerability in Jsish v.3.0.11 via Jsi_ValueIsNumber Function Denial of Service Vulnerability in Jsish v.3.0.11 and Earlier Versions Denial of Service Vulnerability in Jsish v.3.0.11 and Earlier Versions SQL Injection Vulnerability in ming-soft MCMS v5.0 Persistent Cross-site Scripting Vulnerability in Fork CMS 5.8.2 via navigation_title and title Parameters CSRF Vulnerability in Fork-CMS before 5.8.2 Allows Authentication Hijacking Heap-based Buffer Overflow in OD_ReadUTF8String Function in gpac 0.8.0 Heap-based Buffer Overflow in gpac 0.8.0 Leads to Denial of Service Heap-based Buffer Overflow in gpac 0.8.0: Denial of Service via Crafted Media File Heap-buffer overflow in randomize_iparp function in Tcpreplay v4.3.2 allows for denial of service (DOS) via crafted pcap SQL Injection Vulnerability in Logon Page of MV's mConnect Application (v02.001.00) Allows Unauthorized Access Logon Page Information Disclosure Vulnerability in MV's mConnect Application v02.001.00 ASPX Pages Information Disclosure Vulnerability Heap-use-after-free vulnerability in ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0 Heap Buffer Overflow in jmem-poolman.c:165 in JerryScript 2.2.0 Stack-Overflow Vulnerability in JerryScript 2.2.0 at ecma-regexp-object.c:535 Assertion Failure in parser_parse_expression at js-parser-expr.c:3565 in JerryScript 2.2.0 Assertion Failure in JerryScript 2.2.0: context_p->stack_depth == context_p->context_stack_depth at js-parser-statm.c:2756 Assertion Failure in JerryScript 2.2.0: Invalid Scanner Type in Function Statement Parsing Assertion Failure in Object Initializer Parsing in JerryScript 2.2.0 Assertion Failure in JerryScript 2.2.0: Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' Failed at js-parser.c:2185 Assertion Failure in JerryScript 2.2.0: scanner_literal_is_created at js-scanner-util.c:2510 Assertion Failure in JerryScript 2.2.0: parser_parse_try_statement_end at js-parser-statm.c:2003 ASSERTION failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta Vulnerability: Assertion Failure in parser_emit_cbc_backward_branch in JerryScript 2.2.0 Vulnerability: Assertion Failure in parser_parse_function_arguments in JerryScript 2.2.0 Heap Buffer Overflow in lit_read_code_unit_from_utf8 in JerryScript 2.2.0 Vulnerability: Assertion Failure in parser_parse_object_initializer in JerryScript 2.2.0 Heap Buffer Overflow in re_parse_char_escape in JerryScript 2.2.0 Arbitrary Code Execution via Cross Site Scripting in ZblogCN ZblogPHP v.1.0 NULL Pointer Dereference in AP4_Stz2Atom::GetSampleSize in Bento4 version 06c39d9 NULL Pointer Dereference in AP4_DescriptorListWriter::Action Component Heap-based Buffer Overflow in AP4_StdcFileByteStream::ReadPartial in Bento4 version 06c39d9 Heap-based Buffer Overflow in AP4_CttsAtom Component of Bento4 Version 06c39d9 Segmentation Fault Vulnerability in AP4_NullTerminatedStringAtom Component of Bento4 Version 06c39d9 Reflected Cross-Site Scripting (XSS) Vulnerability in ATutor 2.2.4's /header.tmpl.php Component CSRF Vulnerability in Anchor CMS 0.12.7 Allows Unauthorized Deletion of Admin Users Intent Redirection Vulnerability in Sina Weibo Android SDK 4.2.7 Authentication Bypass Vulnerability in Z-BlogPHP 1.6.0 Valyria Magic Hash Authentication Bypass Vulnerability in Codiad 2.8.4 Vulnerability: Type Juggling in Login Bypass in Nibbleblog v3.7.1c Weak Password Rechecking Vulnerability in WeBid 1.2.2 Admin/Newuser.php Vulnerability: Password Bypass in osCommerce v2.3.4.1 User Registration and Password Reset Type Juggling Vulnerability in phpList 3.5.3 Allows Login Bypass Privilege Escalation Vulnerability in Shop_CMS YerShop CSRF Vulnerability in Verytops Verydows All Versions Allows Arbitrary Code Execution XSS Vulnerability in YzmCMS 5.6 via IFRAME SRC Attribute in UEditor 1.4.3.3 Stored XSS Vulnerability in YzmCMS 5.6 via Ueditor Plugin's controller.php Action Parameter Arbitrary Script Injection Vulnerability in noneCms v1.3.0 Arbitrary Script Injection in noneCMS v1.3.0 admin/nav/add.html Arbitrary Code Injection via name parameter in noneCMS v1.3.0 CSRF Vulnerability in NoneCMS v1.3 Allows Stored XSS Attack via Arbitrary Navigation Column Injection Access Control Vulnerability in zzcms 201910 Allows Privilege Escalation and Data Modification Unauthenticated Information Disclosure Vulnerability in Verint Workforce Optimization Suite 15.1 (15.1.0.37634) Cross-Site Scripting Vulnerability in newbee-mall 1.0's Order Management Office Incorrect Access Control in AdminLoginInterceptor.java Allows Remote Privilege Escalation in newbee-mall Remote Privilege Escalation in NewBeeMall: Unauthorized User Information Modification Stored XSS vulnerability in Spiceworks Version <= 7.5.00107 Custom Groups function CSRF Vulnerability in Spiceworks Version <= 7.5.00107 Allows Privilege Escalation via /settings/v1/users Cross-Site Scripting (XSS) Vulnerability in Selenium Grid v3.141.59 via Crafted Payload in Hub Parameter Arbitrary Code Execution through Cross Site Scripting (XSS) in phpgurukul Online Marriage Registration System 1.0 Gmate v0.12+bionic: Critical ReDoS Vulnerability in Gedit3 Plugin Regular Expression Denial of Service (ReDoS) Vulnerability in Leo Editor v6.2.1 Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple 2.2.14 File Deletion Vulnerability in Avideo's import.json.php Allows Privilege Escalation Local File Disclosure Vulnerability in AVideo < 8.9 via Proxy Streaming Unauthenticated Remote Access Vulnerability in VR CAM P1 Model P1 v1 Arbitrary Web Script Injection in Aryanic HighMail (High CMS) LoginForm UltimateKode Neo Billing - XSS Vulnerability in Version 3.5 Authenticated File Upload and Remote Code Execution in imcat 5.2 via Picture Functionality Cross-Site Request Forgery Vulnerability in Pixelimity 1.0 via admin/setting.php [Password] Parameter CWE-347: Free Shopping Exploit in Union Pay Web and Mobile Apps SSRF Vulnerability in gopeak masterlab 2.1.5 Upgrade.php via 'source' Parameter Denial of Service Vulnerability in Realtek rtl8723de BLE Stack <= 4.1 User-mode Write Access Violation in IrfanView 4.54 at FORMATS!ReadXPM_W+0x0000000000000531 Denial of Service Vulnerability in IrfanView 4.54 via Crafted XBM File Denial of Service Vulnerability in IrfanView 4.54 via Crafted .cr2 File User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000007e82 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000007e30 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000007e62 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000007d33 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000007e20 User-Mode Write Access Violation in IrfanView 4.54 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!GetPlugInInfo+0x0000000000007e28 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b User-mode Write Access Violation in IrfanView 4.54 at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722 User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!ShowPlugInSaveOptions_W+0xaefe User-Mode Write Access Violation in IrfanView 4.54 at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba Arbitrary Code Execution Vulnerability in SEMCMS 3.9 via SEMCMS_Upfile.php JPEG 2000 File Code Execution Vulnerability in Irfanview v4.53 JPEG2000 Infinity Loop Vulnerability in Irfanview v4.53 JPEG 2000 Integer Divide By Zero Denial of Service Vulnerability in Irfanview v4.53 Arbitrary File Upload Vulnerability in BEESCMS v4.0 via /admin/upload.php Buffer Overflow Vulnerability in Sysax Multi Server 6.90 Upload File Functionality Kyocera Printer d-COPIA253MF plus Directory Traversal Vulnerability Stored Cross Site Scripting (XSS) Vulnerability in Laborator Neon Dashboard v3 Chat Tab Critical Remote Code Execution Vulnerability in PbootCMS 2.0.8 Message Board Cross-Site Request Forgery (CSRF) Vulnerability in optilink OP-XT71000N V2.2 Remote Code Execution Vulnerability in OPTILINK OP-XT71000N V2.2 Unauthenticated Remote Code Execution in OPTILINK OP-XT71000N via Command Injection CSRF Vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 Cross-Site Request Forgery (CSRF) Vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 Cross-Site Request Forgery (CSRF) Vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 Cross-Site Request Forgery (CSRF) Vulnerability in OPTILINK OP-XT71000N Cross-Site Request Forgery (CSRF) Vulnerability in OPTILINK OP-XT71000N Router Allows Remote Reboot Cross-Site Request Forgery (CSRF) Vulnerability in Optilink OP-XT71000N Hardware Arbitrary File Upload and Remote Code Execution Vulnerability in OPTILINK OP-XT71000N Cross-Site Request Forgery (CSRF) Vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP_V3.3.1-191028 Allows Reset to Factory Default and Privilege Escalation Cross-Site Request Forgery (CSRF) Vulnerability in OPTILINK OP-XT71000N Firmware Version: OP_V3.3.1-191028 CSRF Vulnerability in yzmcms Version 5.6: Privilege Escalation and Information Disclosure in sitemodel/add.html Endpoint Cross Site Scripting (XSS) Vulnerability in Totolink N200RE and N100RE Routers 2.0 Error Page Reflected Cross Site Scripting (XSS) Vulnerability in Xtend Voice Logger 1.0 Insecure Deserialization Vulnerability in Orlansoft ERP's Java Remote Management Interface Insecure Deserialization Vulnerability in SVI MS Management System's Java Remote Management Interface Denial of Service Vulnerability in 4thline Cling UPnP Protocol Blind SQL Injection Vulnerability in zzcms ver201910 (Time-Based Cookie Injection) CSRF Vulnerability in WDJA CMS 1.5 Allows XSS Attacks via tongji Parameter Command Injection Vulnerability in Moxa Inc VPort 461 Series Firmware Version 3.4 or Lower Cross-Site Scripting (XSS) Vulnerability in JIZHICMS 1.7.1 via WechatController.php Cross-Site Scripting (XSS) Vulnerability in JIZHICMS 1.7.1 via ErrorController.php Arbitrary Code Execution via Cross Site Scripting (XSS) in BoxBilling 4.19-4.21 Asus RT-N12E 2.0.0.39 Incorrect Access Control Vulnerability: Unauthorized Password Change Arbitrary Remote Code Execution Vulnerability in ThinkAdmin Versions 4.x-6.x Cross Site Scripting (XSS) Vulnerability in NavigateCMS 2.9 via Shop Module Cross Site Scripting (XSS) Vulnerability in NavigateCMS 2.9 Configuration Module Cross Site Scripting (XSS) Vulnerability in NavigateCMS 2.9 Content Module Cross Site Scripting (XSS) Vulnerability in NavigateCMS 2.9 Configuration Module Cross Site Scripting (XSS) Vulnerability in PHP-Fusion 9.03.60 via poll_admin.php Cross Site Scripting (XSS) Vulnerability in WebPort-v1.19.17121 Connections Feature Cross Site Scripting (XSS) Vulnerability in webTareas v2.1 Search Function Buffer Overflow Vulnerability in Renleilei1992 Linux_Network_Project 1.0: Arbitrary Code Execution via Password Field Denial of Service Vulnerability in pdfcorner text2pdf 1.1 SQL Injection Vulnerability in 188Jianzhan v2.1.0: Arbitrary Code Execution and Privilege Escalation via login.php CSRF Vulnerability in AyaCMS 3.1.2 Allows Unauthorized Password Changes and More Stored XSS Vulnerability in Comments Section of YFCMF v2.3.1 News Page YFCMF v2.3.1 Remote Command Execution (RCE) Vulnerability in index.php Cross-Site Scripting Vulnerability in Monstra CMS 3.0.4 via Admin Page Feature XSS Vulnerability in LavaLite-CMS 5.8.0 Menu Links Feature XSS Vulnerability in PHP-Fusion 9.03.60 Shoutbox Administration Panel Global Buffer Overflow Vulnerability in ffjpeg's jfif_encode Function Heap-based Buffer Overflow Vulnerability in ok_jpg_decode_block_subsequent_scan() Function Heap-based Buffer Overflow Vulnerability in ok_jpg_decode_block_progressive() Function XSS Vulnerability in LimeSurvey 4.2.5: Exploiting Textbox in Notifications & Data Feature SQL Injection Vulnerability in NavigateCMS 2.9: Exploiting URL Encoded GET Input Category in navigate.php Webport CMS 1.19.10.17121 Directory Traversal Vulnerability XSS Vulnerability in Xujinliang Zibbs 1.0 via Route Parameter in index.php Arbitrary Code Execution via XSS Vulnerability in xujinliang zibbs 1.0 Cross-Site Scripting (XSS) Vulnerability in FUEL CMS V1.4.7 Escalation of Privilege Vulnerability in FUEL CMS 1.4.7 via id and fuel_id Parameters Local Denial of Service Vulnerability in Wise Care 365 5.5.4: Triggering Computer Crash (BSOD) Local Denial of Service Vulnerability in Antiy Zhijia Terminal Defense System 5.0.2.10121559: Triggering Computer Crash (BSOD) Local Privilege Escalation Vulnerability in Saibo Cyber Game Accelerator 3.7.9 Local Denial of Service Vulnerability in DaDa Accelerator 5.6.19.816: Exploitable Crash (BSOD) Vulnerability Local Denial of Service Vulnerability in Advanced SystemCare 13 PRO 13.5.0.174: Triggering Computer Crash (BSOD) Local Privilege Escalation Vulnerability in DriverGenius 9.61.5480.28 Driver Wizard Local Denial of Service Vulnerability in AnyView Network Monitoring Software 4.6.0.1 Arbitrary Code Execution via Cross Site Scripting (XSS) Vulnerability in PHP-Fusion 9.03.50 Arbitrary Web Script Execution via Payment Gateway Column in Subrion CMS Version <= 4.2.1 Cross Site Scripting (XSS) Vulnerability in Larsens Calendar Plugin for WordPress (<= 1.2) via titel Column SQL Injection Vulnerability in admin.php in Online Book Store 1.0 Bludit 3.12.0 File Upload Vulnerability Arbitrary File Deletion Vulnerability in htmly v2.7.5 Alipay PHPPYUN Information Disclosure Vulnerability Reflected XSS Vulnerability in Winmail 6.5's tohtml/convert.php SSRF Vulnerability in Winmail 6.5 Allows Remote Request Manipulation Arbitrary File Upload Vulnerability in Golo Laravel Theme v1.1.5 Unauthorized Restart of KVM Virtual Machines Vulnerability in spice-server Denial of Service Vulnerability in poppler 0.89.0 Information Disclosure in xxl-job 2.2.0 via UserController.java Cross-Site Scripting (XSS) Vulnerabilities in xxl-job v2.2.0 ArGo Soft Mail Server 1.8.8.9 Cross Site Request Forgery (CSRF) Vulnerability in Administration Dashboard Yale WIPC-303W Camera: Remote Command Execution (RCE) via HTTP API Command Injection Remote Code Execution (RCE) via File Upload Vulnerability in SourceCodester Online Course Registration v1.0 Authenticated File Upload Vulnerability in LibreHealth EHR 2.0.0 Allows Remote Code Execution CSRF Vulnerability in SourceCodester Stock Management System v1.0 Allows Username Manipulation Reflected XSS Vulnerability in SourceCodester Stock Management System v1.0 Login Portal Persistent XSS Vulnerability in Projectworlds Car Rental Management System v1.0 Unauthenticated SQL Injection Vulnerability in Projectworlds House Rental v1.0 Privilege Escalation via Insecure Service File Permissions in Real Time Logic BarracudaDrive v6.5 Reflected Cross-Site Scripting (XSS) Vulnerability in SourceCodester Tailor Management System v1.0 Login-Portal CSRF Vulnerability in OSWAPP Warehouse Inventory System Allows Password Change CSRF Vulnerability in Multi User Plugin 1.8.2 for GetSimple CMS Allows Unauthorized User Addition Reflected XSS Vulnerability in GetSimple CMS v3.3.16 Login Portal Stored XSS Vulnerability in Tree Mode of jsoneditor (Versions before 9.0.2) Stack-based Buffer Overflow Vulnerability in ffjpeg's jfif_decode() Function Heap-based Buffer Overflow Vulnerability in ffjpeg's jfif_decode() Function Use-after-Free vulnerability in cflow 1.6: Denial of Service via caller->callee pointer Heap-based Buffer Overflow Vulnerability in LibreDWG 0.10.1 via read_system_page Function Local Privilege Escalation Vulnerability in IOBit Malware Fighter 8.0.2.547 Cross-Site Scripting (XSS) vulnerability in NeDi 1.9C inc/rt-popup.php NULL Pointer Dereference Vulnerability in TextPage::restoreState Function of pdf2xml v2.0 Heap-Buffer Overflow Vulnerability in pdf2xml v2.0's TextPage::dump Function Heap-Buffer Overflow Vulnerability in pdf2xml v2.0's TextPage::addAttributsNode Function Memory Leak Vulnerability in pdf2xml v2.0's TextPage::testLinkedText Function Stack Buffer Overflow in pdf2xml v2.0's getObjectStream Component Stack Buffer Overflow in pdf2json v0.71: Vulnerability in XRef::fetch Component NULL Pointer Dereference Vulnerability in pdf2json v0.71's ObjectStream::getObject Component Buffer Overflow Vulnerability in Nomacs v3.15.0 Allows DoS via Crafted MNG File Heap Overflow Vulnerability in XnView MP v0.96.4 Allows DoS via Crafted Pict File Heap Overflow Vulnerability in XnView MP v0.96.4 Allows DoS via Crafted ICO File User Mode Write AV Vulnerability in WildBit Viewer v6.6 Allows DoS via Crafted PSD File User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted ICO File Buffer Overflow Vulnerability in WildBit Viewer v6.6 via Crafted JPG File User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted TIFF File User Mode Write AV Vulnerability in WildBit Viewer v6.6 User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted TIFF File User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted TIFF File User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted TIFF File User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted TGA File User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted TGA File User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted TGA File Buffer Overflow Vulnerability in WildBit Viewer v6.6 via Crafted TGA File User Mode Write AV Vulnerability in WildBit Viewer v6.6 via Crafted TGA File Buffer Overflow Vulnerability in WildBit Viewer v6.6 via Crafted TGA File Divide by Zero Vulnerability in Speex v1.2's read_samples Function Allows DoS via Crafted WAV File Stack Buffer Overflow in Speexenc.c of Speex v1.2 Allows DoS via Crafted WAV File Insufficient Data Authenticity Verification in FFmpeg N-98388-g76a3ee996b Allows DoS via Crafted Audio File Heap Buffer Overflow in retdec v3.3: Denial of Service, Memory Disclosure, and Possible Code Execution Heap-based Buffer Over-read in png_convert_4 function of AdvanceMAME through 2.1 Stack-based Buffer Overflow Vulnerability in asn1c v0.9.28: genhash_get Function in genhash.c NULL Pointer Dereference in _default_error_logger() Function in asn1c NULL Pointer Dereference in AP4_StszAtom::GetSampleSize() Function Allows for Denial of Service NULL Pointer Dereference in peg::AstOptimizer::optimize() in cpp-peglib: Denial of Service Vulnerability Heap-based Buffer Over-read in cpp-peglib's resolve_escape_sequence() Function Heap-Based Buffer Over-Read in fast_ber through v0.4 Heap-based Buffer Over-read in giflib's DumpScreen2RGB Heap-Based Buffer Over-Read in gpac before 1.0.1 NULL Pointer Dereference in nhmldump_send_header Function Allows for Denial of Service in gpac Heap-Based Buffer Over-Read in gpac before 1.0.1 NULL Pointer Dereference in gpac's dump_isom_sdp Function Leads to Denial of Service Vulnerability Arbitrary Command Execution via File Upload in RiteCMS 2.2.1 Authentication Bypass in Kabir Alhasan Student Management System 1.0 via Username: admin'# && Password: (Write Something) Authentication Bypass Vulnerability in PHPGurukul Vehicle Parking Management System 1.0 SQL Injection Vulnerability in Victor CMS V1.0 - Exploiting the cat_id Parameter Cross-Site Scripting (XSS) Vulnerability in Pega Platform 8.4.x via ConnectionID Parameter Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Fork Admin Console Allow Unauthorized Actions Cross Site Scripting (XSS) Vulnerability in Catfish CMS 4.9.90 via announcement_gonggao Parameter Arbitrary Command Execution via SQL Injection in Victor CMS 1.0 Elevation of Privilege Vulnerability in Dr.Web Security Space Versions 11 and 12 Elevation of Privileges Vulnerability in Ilex International Sign&go Workstation Security Suite 7.1 Insecure Permissions and Unrestricted File Upload Vulnerability in GMapFP J3.30pro Joomla Component Unauthenticated File Upload Vulnerability in Joomla Component GMapFP Version J3.5 and J3.5free SQL Injection Vulnerability in KandNconcepts Club CMS 1.1 and 1.2 via 'team.php,player.php,club.php' id parameter Title: Multiple Persistent XSS and HTML Injection Vulnerabilities in Create-Project Manager 1.07 Cross-Site Scripting (XSS) Vulnerability in Webexcels Ecommerce CMS 2.x, 2017-2020 SQL Injection Vulnerability in Webexcels Ecommerce CMS 2.x (2017-2020) via 'content.php' id Parameter Cross-Site Scripting (XSS) Vulnerability in KandNconcepts Club CMS 1.1 and 1.2 via 'team.php, player.php, club.php' id parameter SQL Injection Vulnerability in Soluzione Globale Ecommerce CMS v1 via offerta.php Parameter SQL Injection Vulnerability in 13enforme CMS 1.0 via 'content.php' id Parameter SQL Injection Vulnerability in DesignMasterEvents Conference Management 1.0.0 via Username Field Cross Site Scripting Vulnerability in 13enforme CMS 1.0 via content.php id Parameter Cross-Site Scripting Vulnerability in DesignMasterEvents Conference Management 1.0.0 via 'certificate.php' Persistent Cross-site Scripting in Michael-design iChat Realtime PHP Live Support System 1.6 via chat and text-field tags Persistent Cross-site Scripting in Customer Registration-Form All-Tags in Online Hotel Booking System Pro PHP Version 1.3 Reflected Cross-Site Scripting (XSS) Vulnerability in Github Read Me Stats via renderError Function NeDi 1.9C Vulnerability: pwsec.php oid XSS Arbitrary Code Execution via Cross Site Scripting (XSS) in Nagios XI 5.7.1 ILIAS Information Disclosure Vulnerability: Remote Path Disclosure via Workspace Upload Arbitrary Code Execution via Personal Data Import in ILIAS SQL Injection Vulnerability in eYouCMS CMS v1.4.7: Arbitrary Code Execution and Information Disclosure via tid Parameter Unprompted Microphone and Camera Access Vulnerability in Microsoft Skype for macOS Unlimited Authentication Attempts Vulnerability in Umanni RH 1.0 User Enumeration Vulnerability in Umanni RH 1.0 Password Recovery Buffer Overflow Vulnerability in FFMpeg 4.2.3: Remote Code Execution in dnn_execute_layer_pad Certificate Validation Bypass in node-sass Binary Downloads Stored XSS Vulnerability in TinyShop 1.2.0: Remote Code Execution and Information Disclosure Buffer Overflow Vulnerability in liblivemedia Version 20200625: RTSP PLAY Command Absolute Time Seeking Privilege Escalation Vulnerability in ForLogic Qualiex v1 and v3 Unauthenticated Password Changes in ForLogic Qualiex v1 and v3 Allow Unauthorized Access to Customer and Admin Permissions and Data Weak Token Expiration in ForLogic Qualiex v1 and v3: Remote Privilege Escalation and Sensitive Data Access Command Injection Vulnerability in XoruX LPAR2RRD and STOR2RRD 2.70 Virtual Appliances via Timezone Parameter Unauthenticated Remote Attackers Can Manipulate Settings and User Privileges in fs.com S3900 24T4S 1.7.0 and Earlier Privilege Escalation via Insecure Deserialization in Sagemcom F@ST 5280 Routers PHP Object Injection in ForkCMS Ajax Endpoint (<= v5.8.3): Remote Code Execution Sensitive Information Exposure in myFax Version 229 Export Log Module Sandbox Escape Vulnerability in TitanHQ SpamTitan Gateway 7.07 Sandbox Escape Vulnerability in TitanHQ SpamTitan Gateway 7.07 Authentication Bypass Vulnerability in Moog EXO Series IP-based Physical Security Protocol XML External Entity (XXE) Vulnerabilities in Moog EXO Series EXVF5C-2 and EXVP7C2-3 Units: Remote File Read Hardcoded Credentials Vulnerability in Moog EXO Series EXVF5C-2 and EXVP7C2-3 Units Arbitrary Command Execution as Root in Moog EXO Series Administration Console Unauthenticated Stack Buffer Overflow in Verint 5620PTZ and Verint 4320 Units Hardcoded Credentials Vulnerability in Verint 5620PTZ, Verint 4320, and Verint S5120FD Units Command Injection Vulnerability in Verint S5120FD Verint_FW_0_42 Management Website SSRF Vulnerability in Canto Plugin 1.3.0 for WordPress Buffer Overflow Vulnerability in silk-v3-decoder Version:20160922 Build By kn007 Arbitrary Code Execution via Cross Site Scripting (XSS) in Laborator Kalium Contact Us Form Cross-Site Scripting (XSS) Vulnerability in MISP v2.4.128 UserSettingsController.php Privilege Escalation Vulnerability in Foxconn Live Update Utility 2.1.6.26 Denial of Service Vulnerability in IOBit Malware Fighter 8.0.2 XSS Vulnerability in PIX-Link Repeater/Router LV-WR07 Firmware v28K.Router.20170904 Yealink W60B Contacts File Upload Interface Directory Traversal Vulnerability Projectworlds Online Book Store 1.0: Hard-coded Credentials Vulnerability Allows Unauthorized Admin Panel Access Heap Buffer Overflow Read Vulnerability in upx 4.0.0 CSRF Vulnerability in Ponzu 0.11.0 Allows Unauthorized Account Manipulation Heap Buffer Overflow Vulnerability in Radare2-extras' r_asm_swf_disass Function Reflected Cross Site Scripting (XSS) Vulnerability in Wcms 0.3.2 via type parameter in wex/cssjs.php Arbitrary File Read Vulnerability in Wcms 0.3.2 Arbitrary File Read Vulnerability in Wcms 0.3.2 via Path Parameter in wex/cssjs.php Arbitrary Web Script Injection Vulnerability in wcms 0.3.2 Server-side Request Forgery in Wcms 0.3.2: Exploiting the Path Parameter in wex/cssjs.php Server-side Request Forgery (SSRF) in Wcms 0.3.2: Exploiting the Pagename Parameter to Perform Command Execution and Network Scanning Server-side Request Forgery in WP-DownloadManager Plugin 1.68.4 for WordPress Allows Port Scanning, Network Host Identification, and Command Execution Server-side Request Forgery in Video Downloader for TikTok Plugin for WordPress Directory Traversal Vulnerability in Video Downloader for TikTok WordPress Plugin 1.3 Directory Traversal Vulnerability in Media File Organizer WordPress Plugin 1.0.1 Arbitrary Web Script Injection Vulnerability in CM Download Manager Plugin for WordPress Arbitrary File Deletion and Denial of Service Vulnerability in CM Download Manager Plugin 2.7.0 WP Smart Import Plugin 1.0.0 SSR Vulnerability via File Field SSRF Vulnerability in WordPress Import XML and RSS Feeds Plugin Server-side Request Forgery (SSRF) in Podcast Importer SecondLine Plugin for WordPress DLL Hijacking Vulnerability in 360 Speed Browser 12.0.1247.0: Exploiting the Dual-Core Browser's Weakness DLL Hijacking Vulnerability in NetEase Youdao Dictionary 8.9.2.0 DLL Hijacking Vulnerability in Shenzhen Tencent TIM Windows Client 3.0.0.21315 DLL Hijacking Vulnerability in Guangzhou NetEase Mail Master 4.14.1.1004 on Windows DLL Hijacking Vulnerability in Shenzhen Tencent App 5.8.2.5300 for PC Platforms Taoensso Nippy Deserialization Vulnerability Vulnerability in TCG Accelerator in QEMU 4.2.0 Allows Arbitrary Code Execution, Privilege Escalation, and DoS Arbitrary Code Execution Vulnerability in Yz1, IZArc, ZipGenius, and Explzh Remote Code Execution Vulnerability in gVectors wpDiscuz Plugin 7.0 through 7.0.4 for WordPress Null Pointer Dereference Vulnerability in JerryScript 2.3.0 Intrexx Search Functionality XSS Vulnerability Authentication Bypass via SQL Injection in Sourcecodetester Daily Tracker System 1.0 Arbitrary Script Injection in SourceCodester Daily Tracker System v1.0 via 'user-profile.php' Arbitrary File Upload Vulnerability in Sourcecodester Online Bike Rental v1.0 Remote Code Execution Vulnerability in Online Bike Rental v1.0 SQL Injection Vulnerability in Stock Management System v1.0 Login Component Persistent Cross-Site Scripting Vulnerability in Sourcecodester Stock Management System v1.0 via 'Brand Name' Field Arbitrary File Upload Vulnerability in Vehicle Image Upload Component of Project Worlds Car Rental Management System v1.0 Arbitrary File Upload Vulnerability in Projects World House Rental v1.0 Arbitrary File Upload and Remote Code Execution in Projects World Travel Management System v1.0 SQL Injection Vulnerability in SourceCodester Online Shopping Alphaware 1.0 Allows Authentication Bypass YGOPro ygocore v13.51 Integer Overflow Vulnerability: Memory Leak Exploit Buffer Overflow Vulnerability in HiSilicon IPTV/H.264/H.265 Video Encoders Hard-coded Credentials and Arbitrary Code Execution Vulnerability in HiSilicon IPTV/H.264/H.265 Video Encoders Unauthenticated Access to Private Video Streams via Default Name Vulnerability Unauthenticated File Upload and Arbitrary Code Execution in HiSilicon IPTV/H.264/H.265 Video Encoders Hard-coded Root Password Vulnerability in URayTech IPTV/H.264/H.265 Video Encoders Path Traversal and Pattern-Matching Flaws Allow Unauthorized Access to Configuration File and Administrative Password Command Execution Vulnerability in ShopXO v1.8.1: Arbitrary Command Execution and Server Takeover Denial of Service Vulnerability in miniupnp ngiflib 0.4 Buffer Overflow Vulnerability in jfif_decode() Function in rockcarry ffjpeg Cross-Site Scripting (XSS) Vulnerability in Mara CMS 7.5 via contact.php Plain Text Storage of User Credentials in Playground Sessions v2.5.582 (and earlier) for Windows Arbitrary Code Execution via Unauthenticated JMX Access in Symmetric DS <3.12.0 Use-after-free vulnerability in GNU Bison's _obstack_free in lib/obstack.c Heap Use-After-Free Vulnerability in NASM 2.15rc10's saa_wbytes Function Vulnerability: SEGV in tok_text in asm/preproc.c due to READ memory access in NASM 2.15rc10 Unauthenticated File Download Vulnerability in Peplink Balance Web Admin Insecure Permissions Vulnerability in Portainer 1.24.1 and Earlier: Remote Arbitrary Code Execution Remote Arbitrary Code Execution via Incorrect Access Control in Portainer 1.24.1 and Earlier Heap Buffer Overflow Vulnerability in MemcmpInterceptorCommon() in tcpreplay tcpprep v4.3.3 Heap Buffer Overflow Vulnerability in tcpreplay tcpprep v4.3.3 CSRF Vulnerability in EasyCMS v1.6 Allows Unauthorized Admin Account Creation Arbitrary Code Execution via HTTP Response Header Injection in Swoole v4.5.2 Intelbras TIP200 IP Phone - Information Disclosure Vulnerability Buffer Overflow Vulnerability in FreeImage 3.19.0: Remote Code Execution via Crafted ICO File Buffer Overflow Vulnerability in FreeImage 3.19.0 [r1859] Allows Remote Code Execution via Crafted PSD File Buffer Overflow Vulnerability in FreeImage 3.19.0: Remote Denial of Service via Crafted PSD File Buffer Overflow Vulnerability in FreeImage 3.19.0 [r1859] Allows Remote Code Execution via Crafted PSD File Arbitrary OS Command Execution in TP-Link TL-WPA4220 (Versions 2-4) XSS Vulnerability in HAPI FHIR Testpage Overlay 5.0.0 and Below XSS Vulnerability in Grafana's ElasticSearch Datasource Query Alias Privilege Escalation Vulnerability in mRemoteNG v1.76.20 Unrestricted Access to Site Backups in WP File Manager v6.4 and Lower Reflected XSS vulnerability in Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower Reflected XSS vulnerability in Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower SQL Injection Vulnerability in Vinoj Cardoza WordPress Poll Plugin v36 and Lower Reflected XSS vulnerability in WP Plugin Rednumber Admin Menu v1.1 and lower SSRF Vulnerability in Discourse Email Function Allows Remote Website Picture Upload Privilege Escalation Vulnerability in TrouSerS Privilege Escalation Vulnerability in TrouSerS through 0.3.14 Symlink Attack Vulnerability in TrouSerS through 0.3.14 Unauthorized File Download Vulnerability in Arista CloudVision Portal (CVP) DNS Response Processing Vulnerability in uIP through 1.0 DNS Packet Parsing Vulnerability in uIP Buffer Overflow Vulnerability in Contiki and Contiki-NG DNS Parsing Denial-of-Service Vulnerability in picoTCP and picoTCP-NG through 1.7.0 DNS Domain Name Record Decompression Vulnerability in picoTCP DNS Domain Name Record Decompression Vulnerability in picoTCP and picoTCP-NG DNS Response Processing Vulnerability in picoTCP and picoTCP-NG Out-of-Bounds Read Vulnerability in picoTCP and picoTCP-NG Stack Redzone Cross in luaO_pushvfstring: Incorrect Double Call to luaD_callnoyield Use-After-Free Vulnerability in Artifex MuJS 1.0.7 Buffer Over-read Vulnerability in JerryScript through 2.3.0 Stack Consumption Vulnerability in JerryScript through 2.3.0 Use-After-Free Vulnerability in njs through 0.4.3 Out-of-Bounds Read Vulnerability in njs through 0.4.3 Out-of-Bounds Read Vulnerability in njs through 0.4.3 Control-flow hijack vulnerability in njs_value_property in njs_value.c of njs through 0.4.3 Out-of-Bounds Memory Access in ATI VGA Device Implementation XSS Vulnerability in Pega Platform before 8.4.0 via Stream Rule Parameters in Request Header Shell Injection Vulnerability in Zyxel VMG5313-B30B Router Firmware 5.13(ABCJ.6)b3_1127 and Earlier Insecure Permissions Allow Unauthorized User Privilege Escalation in Zyxel VMG5313-B30B Router Local Privilege Escalation Vulnerability in `cloudflared` on Windows Systems Vulnerability: Incorrect Acceptance of Vault-issued SSH OTPs based on Subnet ARP Packet Vulnerability in Arista EOS Remote Code Execution in SNMPTT before 1.4.2 via EXEC, PREXEC, or unknown_trap_exec Unauthenticated Factory Reset and Access Control Bypass in TP-Link TL-WA855RE V5 Arbitrary Command Execution via Notes Field in MineTime Meeting Command Execution Vulnerability on Gemtek WRTM-127ACN and WRTM-127x9 Devices Disclosure of Sensitive Information in JetBrains YouTrack Application Backups (Android) Privilege Escalation via Incorrect File Permissions in BlueStacks 4 on Windows Directory Traversal Vulnerability in Icinga Web2 2.0.0 through 2.6.4, 2.7.4, and 2.8.2 NULL Pointer Dereference in ldebug.c of Lua 5.4.0 Lua 5.4.0 Negation Overflow and Segmentation Fault Vulnerability in ldebug.c Memory Access Violation in Lua 5.4.0 due to Mishandling of Barriers and Sweep Phase in lgc.c Out-of-Bounds Read Vulnerability in LuaJIT through 2.1.0-beta3 CSRF Vulnerability in Freebox Server's UPnP MediaServer Implementation Freebox v5 DNS Rebinding Vulnerability: Exploiting Weakness in Version 1.5.29 and Earlier Freebox Server UPnP MediaServer DNS Rebinding Vulnerability DNS Rebinding Vulnerability in Freebox UPnP IGD Implementations Freebox OS Web Interface DNS Rebinding Vulnerability XXE Injection Vulnerability in Yaws Web Server Versions 1.81 to 2.0.7 Directory Listing Vulnerability in GUnet Open eClass Platform Out-of-Bounds Read Vulnerability in mDNS Query Processing Unauthenticated Remote Code Execution (RCE) Vulnerability in A10 Networks ACOS and aGalaxy GUIs NULL Pointer Dereference in Linux Emulation Layer Allows Kernel Crash Unhibernation and Email Access Vulnerability in Dovecot Out-of-Bounds Read/Write Vulnerability in yubihsm-shell Denial of Service Vulnerability in yubihsm-shell through 2.0.2 Pre-Authentication Stored XSS in EyesOfNetwork before 5.3-7 Unsafe Implementation of Advanced Syntax in mongo-express before 1.0.0 Missing TLS Hostname Validation in voloko twitter-stream 0.1.10: Exploiting EventMachine Misuse for Man-in-the-Middle Attacks Insecure TLS Hostname Validation in TweetStream 2.6.1 Allows Man-in-the-Middle Attacks Incorrect Permissions on New Filesystem Objects in Linux NFS Server Homee Brain Cube v2 Firmware Update Vulnerability: Unauthorized Installation of Compromised Firmware Sensitive SSH Keys Exposed in homee Brain Cube v2 Firmware: Remote Proxy Exploitation Integer Overflow and Heap-Based Buffer Overflow in Zoho ManageEngine Desktop Central 10.0.0.SP-534 SQL Injection Vulnerability in Magento Versions 2.4.0 and 2.3.5 (and Earlier) Allows for Sensitive Information Disclosure Incorrect Authorization Vulnerability in Magento Versions 2.4.0 and 2.3.5p1 (and earlier) Incorrect Permissions Vulnerability in Magento Integrations Component Allows Unauthorized Deletion of Customer Details Incorrect User Permissions Vulnerability in Magento Inventory Component Unauthorized Deletion of CMS Pages via REST API in Magento 2.4.0 and 2.3.5p1 Inventory Module Incorrect Permissions Vulnerability Magento Version 2.4.0 and 2.3.4 (and earlier) Information Disclosure Vulnerability Unsafe File Upload Vulnerability in Magento Versions 2.4.0 and 2.3.5p1 (and Earlier) Allows Arbitrary Code Execution Persistent XSS Vulnerability in Magento Allows for Remote Code Execution Adobe Illustrator 24.2 (and earlier) Out-of-Bounds Read Vulnerability in PDF Parsing Adobe Illustrator 24.2 (and earlier) Out-of-Bounds Read Vulnerability in PDF Parsing Adobe Illustrator 24.2 (and earlier) Out-of-Bounds Write Vulnerability in PDF Handling Memory Corruption Vulnerability in Adobe Illustrator 24.1.2 and Earlier Memory Corruption Vulnerability in Adobe Illustrator 24.1.2 and Earlier Memory Corruption Vulnerability in Adobe Illustrator 24.1.2 and Earlier Memory Corruption Vulnerability in Adobe Illustrator 24.1.2 and Earlier Blind Stored XSS Vulnerability in Marketo Sales Insight Plugin (v1.4355 and earlier) Adobe After Effects Version 17.1.1 (and Earlier) Out-of-Bounds Read Vulnerability Uncontrolled Search Path Vulnerability in Adobe After Effects for Windows Allows Arbitrary Code Execution Uncontrolled Search Path Element Vulnerability in Adobe Photoshop for Windows (CVE-2020-9686) Adobe InDesign 15.1.2 (and earlier) NULL Pointer Dereference Denial-of-Service Vulnerability Uncontrolled Search Path Vulnerability in Adobe Creative Cloud Desktop Application for Windows Uncontrolled Search Path Vulnerability in Adobe Media Encoder 14.4 for Windows Uncontrolled Search Path Element Vulnerability in Adobe Premiere Pro 14.4 and Earlier Uncontrolled Search Path Element Vulnerability in Dreamweaver 20.2 and Earlier: Privilege Escalation Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions 2020.012.20048 and Earlier Input Validation Vulnerability in Acrobat Reader Allows Memory Disclosure Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability in Acrobat Reader DC for macOS Signature Verification Bypass Vulnerability in Acrobat Reader DC for macOS Use-After-Free Vulnerability in Acrobat Reader DC Security Feature Bypass Vulnerability in Acrobat Reader DC for macOS Arbitrary JavaScript Execution via Certified PDF Document in Acrobat Reader DC and Adobe Acrobat Pro DC Local Privilege Escalation Vulnerability in Adobe Acrobat Reader DC Out-of-Bounds Read Vulnerability in Acrobat Reader DC Versions 2020.012.20048 and Earlier Heap-based Buffer Overflow Vulnerability in Acrobat Reader DC Out-of-Bounds Write Vulnerability in Adobe Acrobat Pro DC Use-After-Free Vulnerability in Acrobat Reader DC: Arbitrary Code Execution Use-After-Free Vulnerability in Acrobat Reader DC Versions 2020.012.20048 and Earlier Security Feature Bypass in Acrobat Reader DC for macOS Uncontrolled Search Path Element Vulnerability in Adobe Prelude 9.0.1 and Earlier Insecure Directory Access in Adobe Acrobat Reader for Android Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect 11.0 and Earlier Reflected Cross-Site Scripting (XSS) Vulnerability in Adobe Connect 11.0 and Earlier Blind Server-Side Request Forgery (SSRF) Vulnerability in AEM Forms SP6 and Forms add-on Package Stored Cross-Site Scripting (XSS) Vulnerability in AEM Cloud Service and Version 6.5.6.0 and Below Uncontrolled Search Path Vulnerability in Adobe Lightroom Classic for Windows Denial of Service Vulnerability in Intel(R) Graphics Drivers Privilege Escalation Vulnerability in Intel(R) Graphics Drivers Uncontrolled Search Path Vulnerability in Intel(R) Optane(TM) DC Persistent Memory Installer Denial of Service Vulnerability in Intel(R) SGX Platform Software for Windows* Improper Input Validation in Intel(R) EPID SDK: Local Privilege Escalation Vulnerability XML External Entity (XXE) Vulnerability in Intel Quartus Prime Editions Uninitialized Variable Vulnerability in TPM2 Source Privilege Escalation Vulnerability in Intel(R) Board ID Tool v.1.01 BIOS Firmware Logic Error: Potential Privilege Escalation, Denial of Service, and Information Disclosure Vulnerability in Intel Core Processors Incomplete cleanup in Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0: Privileged user information disclosure and denial of service vulnerability via adjacent access Denial of Service Vulnerability in Intel(R) DSA Intel Graphics Driver Out of Bounds Write Vulnerability BMC Firmware Out of Bounds Write Vulnerability Buffer Overflow Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Denial of Service Vulnerability in Intel Server Boards and Systems Denial of Service Vulnerability in Intel(R) XTU Prior to Version 6.5.3.25 Insecure Inherited Permissions in Intel(R) Quartus Prime Software: Potential Privilege Escalation via Local Access Buffer Overflow Vulnerability in Intel(R) 7360 Cell Modem Firmware Improper Conditions Check in Intel FPGA OPAE Driver for Linux: Potential Privilege Escalation Vulnerability Firmware Vulnerability in Intel(R) Processors Allows Local Denial of Service Incomplete Cleanup in Intel(R) VT-d Products: Local Access Privilege Escalation Vulnerability BlueZ Vulnerability: Unauthenticated Denial of Service via Adjacent Access Intel(R) 10th Generation Core Processors SGX Debug Message Information Disclosure Vulnerability Insufficient Access Control in Intel(R) 722 Ethernet Controllers Firmware: Potential Denial of Service Vulnerability Vulnerability: Insufficient Access Control in Intel(R) 700-Series Ethernet Controllers Firmware Insufficient Access Control in Intel(R) 722 Ethernet Controllers Firmware: Potential Denial of Service Vulnerability Insufficient Access Control in Intel(R) 700-Series Ethernet Controllers Firmware: Potential Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) 722 Ethernet Controllers Firmware Insufficient Access Control in Intel(R) E810 Ethernet Controllers Firmware: Potential Denial of Service Vulnerability Buffer Overflow Vulnerability in Intel(R) E810 Ethernet Controllers Firmware Buffer Overflow Vulnerability in Intel(R) E810 Ethernet Controllers Firmware Firmware Vulnerability: Buffer Overflow in Intel(R) E810 Ethernet Controllers Denial of Service Vulnerability in Intel(R) Ethernet E810 Adapter Drivers Insufficient Access Control in Intel(R) Ethernet E810 Adapter Drivers for Linux: Potential Information Disclosure Vulnerability Uncontrolled Resource Consumption in Intel(R) Ethernet E810 Adapter Drivers for Linux: Local Denial of Service Vulnerability Denial of Service Vulnerability in Intel(R) 700-series Ethernet Controllers Firmware Intel(R) CSME Out of Bound Read Vulnerability Improper Initialization Vulnerability in Intel(R) CSME Subsystem Privilege Escalation Vulnerability in Intel(R) SPS Subsystem Intel(R) Processors Vulnerability: Local Access Information Disclosure Timing Discrepancy Vulnerability in Intel(R) Processors Allows Local Information Disclosure Intel Atom(R) Processors Domain-Bypass Transient Execution Vulnerability: Local Access Information Disclosure Intel(R) RealSense(TM) IDs Vulnerability: Unauthorized Privilege Escalation via Physical Access Intel(R) RealSense(TM) IDs Vulnerability: Physical Access Privilege Escalation Vulnerability in Intel(R) CSME Versions Before 15.0.22 Allows Privilege Escalation via Physical Access Insecure Inherited Permissions in Intel(R) NUC Firmware Update Tool: Potential Privilege Escalation Vulnerability SSRF Vulnerability in Ericom Access Server 9.2.0 Allows Outbound WebSocket Connection Requests Arbitrary JSP Code Execution Vulnerability in openMAINT Open Redirect Vulnerability in EpiServer Find before 13.2.7 Unvalidated Parameter Vulnerability in IProom MMC+ Server Login Page Allows for Credential Theft and Malicious Site Redirection Command Injection Vulnerability in Atop Technology Industrial 3G/4G Gateway XSS Vulnerability in Go before 1.14.8 and 1.15.x before 1.15.1 Unlimited 404 Error Redirect Denial of Service Vulnerability in Liferay Portal Privilege Escalation and Code Execution via Hard Link Vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1, and Worry-Free Business Security Services on Microsoft Windows Vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows: Privilege Escalation via Product Folder Manipulation Out-of-Bounds Read Vulnerability in Trend Micro Apex One and Worry-Free Business Security Arbitrary Code Execution Vulnerability in Trend Micro Apex One and Worry-Free Business Security on macOS Improper SSL Server Certificate Validation Vulnerability in Trend Micro Security 2019 (v15) Command Injection Vulnerability in Trend Micro ServerProtect for Linux 3.0 Vulnerability in Trend Micro OfficeScan XG SP1 on Windows: Privilege Escalation and Code Execution via Hard Link Manipulation Privilege Escalation and Code Execution Vulnerability in Trend Micro Apex One Title: Local Information Disclosure Vulnerability in Trend Micro Apex One Title: Local Information Disclosure Vulnerability in Trend Micro Apex One Cleartext Exposure of Account Password in Octopus Deploy Azure Steps Privilege Escalation via Trojan Horse urlmon.dll in voidtools Everything (before 1.4.1 Beta Nightly 2020-08-18) Blind SQL Injection Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Blind SQL Injection Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 CSRF Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Directory Traversal Vulnerability in NexusQA NexusDB before 4.50.23 Unrestricted Web Console Allows OS Command Execution in RaspAP 2.5 Denial of Service Vulnerability in BAB TECHNOLOGIE GmbH eibPort V3 (CVE-2021-XXXX) Local Privilege Escalation Vulnerability in GOG GALAXY Client Privilege Escalation Vulnerability in Netskope Client 77 Sensitive Information Disclosure in D-Link DSL-2888A One Touch Application Misconfigured FTP Service on D-Link DSL-2888A Devices Allows Unauthorized Access to System Files Authentication Bypass Vulnerability in D-Link DSL-2888A Devices Unauthenticated IP Address Assignment Vulnerability in D-Link DSL-2888A Devices Remote Command Execution Vulnerability on D-Link DSL-2888A Devices Cross-Site Scripting (XSS) Vulnerability in Zulip Desktop Inadequate Permissions for Intermediate-level Directories in Django File Uploads and Collectstatic Improper Filesystem Cache Permissions in Django DTLS Handshake Implementation in wolfSSL Allows Out-of-Order Application Data Messages Memory Fragmentation Vulnerability in Wi-Fi Protocols Fragmented Frame Key Mismatch Vulnerability Unauthenticated A-MSDU Injection Vulnerability in Wi-Fi Protected Access (WPA/WPA2/WPA3) XML External Entity Injection (XXE) Vulnerability in WSO2 API Manager and API Microgateway XML Entity Expansion Vulnerability in WSO2 API Manager and API Microgateway XML External Entity (XXE) Vulnerability in WSO2 Management Console Insufficient Output Sanitization in Mitel MiCloud Management Portal Allows Information Disclosure SQL Injection Vulnerability in Mitel MiCloud Management Portal Mitel MiCloud Management Portal XSS Vulnerability Insufficient Access Control in Mitel MiCloud Management Portal before 6.1 SP5 Allows Information Retrieval Open Redirect Vulnerability in Joomla! com_content Vote Feature Cross-Site Scripting (XSS) Vulnerability in Joomla! mod_latestactions SQL Injection Vulnerability in Shilpi CAPExWeb 1.1 via cap_sendMail GET Request Stored Cross-site Vulnerability in Ignite Realtime Openfire 4.5.1: Arbitrary URL Execution via searchName and alias Parameters Reflected Cross-site Scripting Vulnerability in Ignite Realtime Openfire 4.5.1 Server Properties and Security Audit Viewer JSP Page Ignite Realtime Openfire 4.5.1 - Reflected XSS Vulnerability in server-properties.jsp and security-audit-viewer.jsp Denial of Service Vulnerability in Squid Cache Digest Handling XSS Vulnerability in Savsoft Quiz 5.5 and Earlier Allows Cookie Theft SELinux Policy Mishandles .config/Yubico Directory Vulnerability TLS 1.3 Server Impersonation Vulnerability in wolfSSL Arbitrary Code Execution Vulnerability in Fossil Versions 2.10.2, 2.11.x, and 2.12.x Pexip Infinity Vulnerability: Temporary Denial of Service via SIP Deserialization Vulnerability in FasterXML Jackson-databind 2.x SQL Injection Vulnerability in Mailtrain 1.24.1 via statsClickedSubscribersByColumn in campaigns.js Unauthorized Access to Issue Descriptions in JetBrains YouTrack TLS Misuse in Upgrade Check Allows for Man-in-the-Middle Attack in Shotcut (before 20.09.13) Unisys Stealth(core) Vulnerability: Passwords Stored in Recoverable Format OpenMRS htmlformentry Module Path Traversal Remote Code Execution Vulnerability Exposure of S3 Secret Key by Admin User in Sonatype Nexus Repository 3.26.1 Remote SQL Injection Vulnerability in HPE Universal API Framework Unauthenticated Directory Traversal Vulnerability in HPE Pay Per Use (PPU) UCS Meter 1.9 Unauthenticated Directory Traversal Vulnerability in HPE Pay Per Use (PPU) UCS Meter 1.9 Unauthenticated Directory Traversal Vulnerability in HPE Pay Per Use (PPU) UCS Meter 1.9 Critical Remote Stored XSS Vulnerability in HPE KVM IP Console Switches (G2 4x1Ex32) Prior to 2.8.3 Remote Code Injection Vulnerability in HPE KVM IP Console Switches (G2 4x1Ex32) Prior to 2.8.3 HPE Intelligent Management Center (iMC) Remote URLAccessController Authentication Bypass Vulnerability HPE Intelligent Management Center (iMC) Remote Operator Online List Content Privilege Escalation Vulnerability Aruba Airwave Software Prior to 1.3.2 Remote Command Execution Vulnerability Aruba Airwave Software Prior to 1.3.2 Remote Command Execution Vulnerability Aruba Networks AP Management Protocol Buffer Overflow Vulnerability Aruba Networks AP Management Protocol Remote Command Injection Vulnerability Aruba Instant Access Point (IAP) Remote Command Execution Vulnerability Aruba Instant Access Point (IAP) Remote Command Execution Vulnerability ArubaOS GRUB2 SecureBoot Bypass Vulnerability Authenticated Remote Command Execution in Airwave Glass 1.3.3 and Earlier Arbitrary Command Execution Vulnerability in Airwave Glass 1.3.3 and Earlier Arbitrary Command Execution Vulnerability in Airwave Glass 1.3.3 and Earlier Aruba AirWave Glass Unauthenticated Server-Side Request Forgery Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) TFTP Server Stack-Based Buffer Overflow Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) AccessMgrServlet Classname Deserialization Remote Code Execution Vulnerability Code Execution Vulnerability in HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) HPE Intelligent Management Center (iMC) Legend Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Expression Language Injection RCE Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Remote Code Execution Vulnerability Insecure kSecAttrAccessibleAlwaysThisDeviceOnly Policy in Expo Secure-Store on iOS KDE Ark Symlink Vulnerability Race Condition Vulnerability in Twilio Authy 2-Factor Authentication App for Android Maltego XXE Vulnerability Stack Protection Bypass Vulnerability in Arm Compiler 5 through 5.06u6 NULL pointer dereference vulnerability in GnuTLS TLS 1.3 Client Bypassing URL-based Access Control in LemonLDAP::NG with NGINX Pinned TLS Certificate Verification Vulnerability in GNOME Geary XSS Vulnerability in SmartStream TLM RP <3.1.0 Stored XSS Vulnerability in Trace Financial CRESTBridge <6.3.0.02 Reflected Cross-site Scripting Vulnerability in Hitachi Vantara Pentaho Dashboard Editor XML Entity Expansion Injection Vulnerability in Hitachi Vantara Pentaho Dashboard Editor Stored Cross-site Scripting Vulnerability in Hitachi Vantara Pentaho Analysis Report (7.x - 8.x) Authenticated SQL Injection Vulnerability in Trace Financial CRESTBridge <6.3.0.02 Stored XSS Vulnerability in Trace Financial Crest Bridge <6.3.0.02 DOM-based Cross-site Scripting Vulnerability in Hitachi Vantara Pentaho Analysis Report Description Field Reflected Cross-site Scripting Vulnerability in Hitachi Vantara Pentaho Dashboard Editor Authenticated SQL Injection Vulnerability in Trace Financial CRESTBridge <6.3.0.02 Arbitrary Code Execution Vulnerability in SoftControl Base Software Critical SQL Injection Vulnerability in S+ Operations and S+ Historian: Confidentiality, Integrity, and Availability at Risk Vulnerability: Unauthorized Remote Users Can Execute DoS Attacks and Arbitrary Code in S+ Operations and S+ Historian Unauthenticated Injection Vulnerability in S+ Operations and S+ History Privilege Escalation Vulnerability in Symphony Plus Operations and Historian S+ Operations and S+ Historian Web Application Vulnerabilities: Code Execution, Privilege Escalation, and Data Manipulation Remote Code Execution Vulnerability in S+ Operations and S+ Historian Vulnerability: Denial of Service and Remote Code Execution in S+ Operations and S+ Historian Service Improper Storage of Encrypted Internal User Passwords in S+ Operations and S+ Historian Privilege Escalation through Incorrect Permission Assignment in B&R Industrial Automation Automation Studio Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio and NET/PVI Client-Side Authentication Vulnerability in S+ Operations Denial-of-Service (DoS) Vulnerability in ABB AC500 V2 PLCs with Ethernet Version 2.8.4 and Prior Web Visualization Component Vulnerability in ABB AC500 V2 Products with Onboard Ethernet Cross-Site Scripting (XSS) Vulnerability in Mitel MiContact Center Business before 9.3.0.0 Insufficient Output Sanitization in Mitel MiContact Center Business Ignite Portal Race Condition Vulnerability in PowerDNS Authoritative Denial of Service Vulnerability in PowerDNS Authoritative through 4.3.0 with Experimental GSS-TSIG Double-Free Vulnerability in PowerDNS Authoritative through 4.3.0 with Experimental GSS-TSIG Cross-Site Scripting (XSS) Vulnerability in Chamber Dashboard Business Directory Plugin 3.2.8 for WordPress SSRF Vulnerability in OX App Suite 7.10.3 Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.4 Session Hijacking Vulnerability in WSO2 Products Reflected XSS Vulnerability in WSO2 Products Session Hijacking Vulnerability in WSO2 Products Reflected XSS Vulnerability in WSO2 Products CSV Injection Vulnerability in Gophish before 0.11.0 XSS Vulnerability in Gophish: Host Field on Send Profile Form Gophish XSS Vulnerability via Crafted Landing Page or Email Template SSRF Vulnerability in Gophish before 0.11.0 Clickjacking Vulnerability in Gophish Account Settings Reset Button Gophish XSS Vulnerability via IMAP Host Field Gophish 0.10.1: Insecure Cookie Handling Missing SSL Certificate Validation in Scalyr Agent before 2.1.10 Missing SSL Certificate Validation in Scalyr Agent before 2.1.10 Directory Execute Permissions Vulnerability in OpenZFS on FreeBSD Misinterpretation of Group Permissions as User Permissions in OpenZFS on FreeBSD Privilege Escalation via VMCS and VMCB Read/Write Operations in bhyve Erlang Cookie Exposure Vulnerability Allows Remote Command Execution (RCE) Coercion Vulnerability in GAEN Protocol: Persistent State of Private Framework Vulnerability: Lack of Checksum in GAEN Protocol Allows Contamination Attack Amplification XSS Vulnerability in PHPGurukul User Registration & Login System SQLite3 v.3.27.1 Buffer Overflow Denial of Service Vulnerability CSRF Vulnerability in iCMS v7.0.0 Allows Unauthorized Deletion of Administrator Accounts CSRF Vulnerability in Pluck 4.7.10-dev2 Allows Unauthorized Page Editing Arbitrary Code Execution Vulnerability in Qt QPluginLoader Privilege Escalation Vulnerability in Zoho ManageEngine Applications Manager FasterXML jackson-databind 2.x Vulnerability: Mishandling of Serialization Gadgets and Typing Uninitialized Stack Value Exploit in Objective Open CBOR Run-time (oocborrt) Library Validation Vulnerability in Ubiquiti UniFi Video v3.10.13 Unauthenticated Remote Reading of Self-Diagnostic Archive in InterMind iMind Server through 3.13.65 Arbitrary SQL Command Execution in NexusPHP 1.5 via takeconfirm.php Arbitrary SQL Command Execution in NexusPHP 1.5 via modrules.php Unrestricted Access to Published Content in NexusPHP 1.5.beta5.20120707 Remote Code Execution via Malicious SMB Share in Dreamacro Clash for Windows v0.11.4 Authentication Bypass Vulnerability in ManageEngine Suite SQL Injection Vulnerability in FUEL CMS 1.4.8 via 'fuel_replace_id' Parameter Kentico CMS XSS Vulnerability: Version Prior to 12.0.75 Plaintext Password Vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1 Arbitrary Code Execution via Modified JSON Name Field in socket.io-file Package (Unsupported Versions) Server-Side Request Forgery (SSRF) Vulnerability in MicroStrategy 10.4, 2019, and 2020 Libelfin v0.3: Denial of Service Vulnerability in dwarf::cursor::skip_form Function Libelfin v0.3: Denial of Service Vulnerability in dwarf::cursor::uleb Function DOS Vulnerability in Libelfin v0.3's dwarf::to_string Function Buffer Overflow Vulnerability in Libelfin v0.3's dwarf::line_table::line_table Function Denial of Service Vulnerability in Libelfin v0.3's line_table::line_table Function Denial of Service Vulnerability in Libelfin v0.3's elf::section::as_strtab Function Libelfin v0.3: Denial of Service Vulnerability in dwarf::cursor::skip_form Function Heap-based Buffer Overflow in GPAC v0.8.0: Denial of Service via Crafted MP4 File Integer Underflow Vulnerability in ZCFees Allows Attackers to Block Execution Integer Overflow Vulnerability in Issuer: Potential Private Key Exposure SQL Injection Vulnerability in PNPSCADA 2.200816204020 via 'interf' Parameter in /browse.jsp Cross-Site Scripting (XSS) Vulnerability in PNPSCADA 2.200816204020 CSRF Vulnerability in FruityWifi Allows Unauthorized Configuration Changes Unsafe Sudo Configuration in FruityWifi 2.4: Root-Level Local Privilege Escalation Vulnerability Remote Code Execution Vulnerability in FruityWifi through 2.4 via Improperly Escaped Shell Metacharacters Easywebpack-cli Directory Traversal Vulnerability Arbitrary Code Execution Vulnerability in IXPManager v5.6.0 via Looking Glass Component Persistent XSS Vulnerability in CMS Made Simple 2.2.14 Allows Cookie Theft Persistent Cross Site Scripting in GetSimple CMS 3.3.16 via 'permalink' Parameter on Settings Page Time-Based Blind SQL Injection Vulnerability in Pharmacy Medical Store and Sale Point v1.0 Memory Corruption Vulnerability in kern_getfsstat Function Stack Buffer Overflow in LibRaw::identify_process_dng_fields in identify.cpp Arbitrary Code Execution via Cross Site Scripting (XSS) in Lepton-CMS 4.7.0 Hard-coded Cryptographic Key Vulnerability in Pancake Versions < 4.13.29 Possible Access Restriction Bypass via SQL Injection in zzzphp v1.8.0 SSRF Vulnerability in osTicket Allows File Upload and Port Scanning Buffer Overflow Vulnerability in LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp Null Pointer Dereference Vulnerability in libraw 20.0's parse_tiff_ifd Function Cross-Site Scripting (XSS) Vulnerability in Table Filter and Charts for Confluence Server App SSRF Vulnerability in Table Filter and Charts for Confluence Server App Remote Code Execution (RCE) Vulnerability in Nagios XI 5.7.2 Title: Remote Command Execution Vulnerability in QNAP Systems Inc. QTS Versions Prior to 4.4.3.1421 Reflected XSS Vulnerability in Krpano Panorama Viewer version <=1.20.8 Reflected XSS Vulnerability in Krpano Panorama Viewer version <=1.20.8 Reflected Cross-Site Scripting (XSS) in Quixplorer <=2.4.1 Reflected Cross-Site Scripting (XSS) Vulnerability in Cute Editor for ASP.NET 6.4 Remote Information Disclosure Vulnerability in GNOME Gmail 2.5.4 Local Privilege Escalation in Checkmk Before 1.6.0p17 via Trojan Horse Shell Script Cross-Site Scripting Vulnerability in Photo Station Allows Remote Code Injection Reflected XSS Vulnerability in qcubed (All Versions) Allows Session Theft SQL Injection Vulnerability in qcubed (All Versions Including 3.1.1) in profile.php PHP Object Injection Vulnerability in qcubed profile.php (all versions including 3.1.1) OS Command Injection Vulnerability in Yaws Web Server Versions 1.81 to 2.0.7 Cross-Site Scripting (XSS) Vulnerability in osTicket before 1.14.3 via Crafted Filename in DraftAjaxAPI::_uploadInlineImage() Buffer Overflow Vulnerability in Ambarella Oryx RTSP Server 2020-01-07 Allows Remote Code Execution Title: Remote Command Execution Vulnerability in QNAP Systems Inc. QTS Versions Prior to 4.4.3.1421 CSRF Vulnerability in xxl-job-admin/user/add in xuxueli xxl-job 2.2.0 Persistent Cross-site Scripting Vulnerability in ElkarBackup v1.3.3: Session Cookie Theft via Policies >> action >> Name Parameter Sensitive Source Code Path Disclosure in ElkarBackup v1.3.3 Open SocketIO Web Server in PreMiD Allows Unauthorized Access to Discord User Information Cross-Site Scripting Vulnerability in Multimedia Console Allows Remote Code Injection Arbitrary File Deletion Vulnerability in Beijing Wuzhi CMS 4.0.1 SQL Injection Vulnerability in Sourcecodester Complaint Management System 1.0 via cid Parameter in complaint-details.php Prototype Pollution Vulnerability in Stampit Supermixer 1.0.3 Cross-Site Scripting Vulnerability in Music Station Allows Remote Code Injection Unvalidated Value Persistence in Laravel Mass Assignment Improper Handling of $guarded Property in Laravel JSON Column Nesting Expressions Denial of Service Vulnerability in picoquic (before 3rd of July 2020) via Crafted QUIC Frame Arbitrary File Upload and Remote Command Execution in Autoptimize WordPress Plugin 2.7.6 Remote Command Execution (RCE) Vulnerability in PHP-Fusion 9.03.50 Downloads Module Cross-Site Scripting Vulnerability in File Station Allows Remote Code Injection Arbitrary Code Execution via SQL Injection in Daylight Studio FUEL-CMS 1.4.9 Local Privilege Escalation in SUPERAntiSyware Professional X Trial 10.0.1206 via Malicious DLL Restoration Cross-Site Scripting Vulnerability in File Station Allows Remote Code Injection Authenticated Persistent XSS Vulnerability in Best Support System v3.0.4 Remote Code Injection in System Connection Logs: Cross-Site Scripting Vulnerability Arbitrary Code Execution Vulnerability in Kleopatra Component of GnuPG Global Buffer Over-read Vulnerability in libxml2 v2.9.10's xmlEncodeEntitiesInternal Double-Free Vulnerability in NASM 2.15.04rc3's pp_tokline asm/preproc.c Remote Code Injection Vulnerability in Certificate Configuration Incorrect Access Control Vulnerability in UCMS 1.4.8 Allows Information Leak via Direct Access CSRF Vulnerability in Quadbase ExpressDashboard (EDAB) 7 Update 9 Allows Unauthorized Email Address Change CSRF Vulnerability in Quadbase EspressReports ES 7 Update 9 CSRF Vulnerability in Quadbase EspressReports ES 7 Update 9 Allows Unauthorized File Upload Arbitrary File Retrieval and Execution in Quadbase EspressReports ES 7 Update 9 Unrestricted File Upload Vulnerability in Concrete5 8.5.2 Remote Code Execution Vulnerability in Tenda AC18 Router Hard-Coded Password Vulnerability in Earlier Versions of QES QSC Q-SYS Core Manager 8.2.1 TFTP Directory Traversal Vulnerability Stored XSS Vulnerability in CmsWing 1.3.7 Content Management Module Stored XSS Vulnerability in CmsWing 1.3.7 Article Module Stack Overflow in parse_tag function in libass: Remote Code Execution Vulnerability Buffer Overflow Vulnerability in sniff_channel_order Function in FFmpeg 3.1.2 Invalid Memory Access Vulnerability in Xpdf 4.0.2's TextString::~TextString() Function Invalid Memory Access Vulnerability in Xpdf 4.0.2 Allows Remote DoS or Possible Other Impact Improper Access Control Vulnerability in Helpdesk Allows Unauthorized Control of QNAP Kayako Service SQL Injection Vulnerability in Heybbs v1.2 User.php File via ID Parameter SQL Injection Vulnerability in Heybbs v1.2 via ID Parameter in msg.php SQL Injection Vulnerability in Heybbs v1.2 Login.php File Stack-based Buffer Overflow Vulnerability in QNAP NAS Surveillance Station Arbitrary Code Execution Vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 Sensitive Information Disclosure Vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 Denial of Service Vulnerability in JetBrains ToolBox Browser Protocol Handler Remote Code Execution Vulnerability in Zyxel UTM and VPN Gateways Remote Password Change Vulnerability in Genexis Platinum 4410 V2-1.28 Router Structs as Bytes: Arbitrary Pointer Dereferencing and Uninitialized Memory Disclosure in rgb crate (Rust) Header Value Overwriting Vulnerability in Envoy Proxy Vulnerability: Envoy master fails to parse request URL requiring host canonicalization Unverified URL Handling in Jitsi Meet Electron (CVE-2021-21300) Cross-Site Scripting Vulnerability in Photo Station Allows Remote Code Injection XXE Vulnerability in MPXJ 8.1.3: Exploiting GanttProjectReader and PhoenixReader Components Out-of-Bounds Access Vulnerability in Noise-Java's ChaChaPolyCipherState.encryptWithAd() Out-of-Bounds Access Vulnerability in AESGCMFallbackCipherState.encryptWithAd() Out-of-Bounds Access Vulnerability in AESGCMOnCtrCipherState.encryptWithAd() Information Disclosure in l10nmgr Extension for TYPO3 Information Disclosure Vulnerability in TYPO3 sf_event_mgt Extension Stored Cross-Site Scripting Vulnerability in QNAP File Station Vulnerability: Insecure File Permissions in checkinstall 1.6.2 Directory Traversal Vulnerability in Flask-CORS Blubrry Subscribe-Sidebar Plugin 1.3.1 for WordPress Reflected XSS Vulnerability SQL Injection Vulnerability in eMPS Prior to eMPS 9.0 FireEye EX 3500 Devices Arbitrary Code Execution with Root Privileges in UCOPIA Wi-Fi Appliances 6.0.5 Unprotected Less Command Vulnerability in UCOPIA Wi-Fi Appliances 6.0.5 Arbitrary Code Execution with Admin Privileges in UCOPIA Wi-Fi Appliances 6.0.5 Insecure Permissions on Temporary Directories in Sylabs Singularity Container Execution Absolute Path Traversal Vulnerability in QNAP File Station Insecure Permissions on Temporary Directories in Sylabs Singularity (CVE-2020-25040) Arbitrary File Upload Vulnerability in Mara CMS 7.5 Arbitrary File Deletion Vulnerability in Kaspersky VPN Secure Connection Installer Arbitrary File Corruption Vulnerability in Kaspersky Virus Removal Tool (KVRT) DLL Hijacking Vulnerability in Kaspersky Security Center and Kaspersky Security Center Web Console USB Driver Address Information Leakage Vulnerability S Secure Application Password Bypass Vulnerability Unauthenticated File Injection Vulnerability in Samsung Quick Share Feature Insufficient DEX Access Control in StatusBarService on Samsung Mobile Devices (SVE-2020-17797) Error Message Information Disclosure Vulnerability in QNAP QES 2.1.1 and Earlier Sensitive Information Disclosure Vulnerability in Samsung Mobile Devices (SVE-2020-17288) Bypassing Factory Reset Protection (FRP) via AppInfo on Samsung Mobile Devices (SVE-2020-17758) H-Arx Vulnerability: Arbitrary Code Execution and Memory Corruption on Samsung Mobile Devices RKP Vulnerability: Arbitrary Code Execution on Samsung Mobile Devices Heap-based Buffer Over-read Vulnerability in Samsung Exynos Modem Chipsets (SVE-2020-17239) Vulnerability: Bypassing Admin Restrictions in KnoxContainer on Samsung Mobile Devices (SVE-2020-18133) Improper Version Checking in S.LSI NFC Chipset on Samsung Q(10.0) (Galaxy S20) Devices (SVE-2020-16169) Vulnerability: Unrestricted APK Installations on LG Mobile Devices with Android OS 10 LG Mobile Devices Network Configuration Vulnerability LG Mobile Devices Android OS Service Crash Vulnerability Improper Access Control Vulnerability in QNAP Systems Inc. Helpdesk Versions Prior to 3.0.3 LAF and SBL1 Privilege Escalation Vulnerability on LG Mobile Devices Vulnerability: Property Overwrite in LG Mobile Devices with Android OS 9 and 10 on VZW Network LG Mobile Devices: Privilege Restriction Bypass Vulnerability LG Mobile Devices Application Crash Vulnerability Automated Testing Mishandling Vulnerability on LG Mobile Devices LG Mobile Devices Key Logging Vulnerability Heap-based Buffer Overflow in Treck HTTP Server Component Command Injection Vulnerability in NETGEAR R8300 Devices Local File Inclusion Vulnerability in Setelsa Conacwin v3.7.1.2 Arbitrary Code Execution Vulnerability in USVN (User-friendly SVN) before 1.0.10 Command Injection Vulnerability in QNAP Systems Inc. Helpdesk Versions Prior to 3.0.3 CSRF Vulnerability in USVN (User-friendly SVN) before 1.0.10 due to Lack of SameSite Strict Feature XSS Vulnerability in Nifty Project Management Web Application 2020-08-26 Remote Information Disclosure in FreedomBox through 20.13 via Apache mod_status Vulnerability Remote Code Execution via Directory Traversal in MoinMoin's Cache Action Unauthenticated Remote Administrator Password Disclosure in D-Link DCS-2530L and DCS-2670L Devices Authenticated Command Injection in D-Link DCS-2530L and DCS-2670L Devices Command Injection Vulnerability in QTS and QuTS Hero Observable Timing Discrepancy Vulnerability in Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) Allows Extraction of ECC Private Key Use-After-Free Vulnerability in QEMU 5.0.0's hw/usb/hcd-xhci.c Heap-based Buffer Overflow in QEMU 5.0.0: Exploiting mishandled write operation in SDHC_BLKSIZE case Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap (before 2020-08-03) in adminUsers.php Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap (before 2020-08-03) in languages.php Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap (before 2020-08-03) in blogpublish.php Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap Command Injection Vulnerability in QTS and QuTS hero Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap (before 2020-08-03) in add_product.php Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap Cross-Site Scripting (XSS) Vulnerability in Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 in blog.php Command Injection Vulnerability in LogRhythm Platform Manager 7.4.9 Cross-Site WebSocket Hijacking (CSWH) Vulnerability in LogRhythm Platform Manager (PM) 7.4.9 Incorrect Access Control in LogRhythm Platform Manager (PM) 7.4.9 Allows Unauthorized Interaction with Back-End Components HTTP Request Smuggling Vulnerability in Squid Proxy Server Oracle Database Server Core RDBMS Component Takeover Vulnerability Cross-Site Scripting (XSS) Vulnerability in SilverStripe Advanced Reports Module Cross-Site Scripting (XSS) Vulnerability in eramba C2.8.1 and Enterprise before e2.19.3 via Crafted Filename Weak Password Recovery Token in eramba C2.8.1 and Enterprise before e2.19.3 LocalSystem Access Vulnerability in Nanosystems SupRemo 4.1.3.2348 DNS Implementation in Ethernut in Nut/OS 5.1 Allows for Denial-of-Service and Remote Code Execution Arbitrary Length DNS Response Vulnerability in Ethernut Unbounded DNS Query/Response Vulnerability in Ethernut Oracle Database Server Core RDBMS Component Denial of Service Vulnerability DNS Length Byte Vulnerability in Ethernut Nut/OS 5.1 IPv6 Stack Vulnerability: Insufficient Check for IPv6 Header Length Inconsistent IPv6 Header Extension Length Check Vulnerability Cross-Site Scripting (XSS) Vulnerability in vBulletin 5.6.3 User Profile Field Manager XSS Vulnerability in vBulletin 5.6.3 Admin CP via Announcement Title in Channel Manager XSS Vulnerability in vBulletin 5.6.3 Admin CP via Junior Member Title XSS Vulnerability in vBulletin 5.6.3 Admin CP via Style Options Settings Title XSS Vulnerability in vBulletin 5.6.3 Admin CP via Child Help Item Title Database Gateway for ODBC Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in vBulletin 5.6.3 Admin CP via admincp/search.php?do=dosearch URI XSS Vulnerability in vBulletin 5.6.3 Admin CP's Paid Subscription Email Notification Field XSS Vulnerability in vBulletin 5.6.3 Admin CP via Rank Type to User Rank Manager XSS Vulnerability in vBulletin 5.6.3 Admin CP Smilies Manager XSS Vulnerability in vBulletin 5.6.3 Admin CP Attachment Rebuild Array Overflow Vulnerability in GnuPG 2.2.21 and 2.2.22 Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) SQL Injection Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 SQL Injection Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Directory Traversal and Local File Inclusion Vulnerability in Observium 20.8.10631 Directory Traversal and Local File Inclusion Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Unrestricted File Inclusion and Remote Code Execution in Observium Professional, Enterprise & Community 20.8.10631 Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 CSRF Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 SQL Injection Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Directory Traversal and Local File Inclusion Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Unrestricted File Inclusion and Remote Code Execution in Observium Professional, Enterprise & Community 20.8.10631 Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 SQL Injection Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Cross-Site Scripting (XSS) Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Directory Traversal and Local File Inclusion Vulnerability in Observium Professional, Enterprise & Community 20.8.10631 Vulnerability in Oracle Database Server's Database Gateway for ODBC Component Relative Path Traversal Vulnerability in B. Braun Melsungen AG SpaceCom and Data Module compactplus Denial-of-Service Vulnerability in NIO 50 (All Versions) Session Fixation Vulnerability in B. Braun Melsungen AG SpaceCom Administrative Interface Weak Password Requirement in MOXA NPort IAW5000A-I/O Firmware v2.1 or Lower Open Redirect Vulnerability in B. Braun Melsungen AG SpaceCom Device and Data Module Compactplus Unencrypted Transmission of Sensitive Information on NIO 50 (All Versions) Root Access Vulnerability in B. Braun Melsungen AG SpaceCom Version L8/U61 and Data Module compactplus Versions A10 and A11 R-SeeNet Webpage SQL Injection Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in B. Braun Melsungen AG SpaceCom and Data Module Compactplus Stack-Based Buffer Overflow in 499ES EtherNet/IP (ENIP) Adaptor Source Code Oracle Database Server Core RDBMS Component Unauthorized Data Manipulation Vulnerability Vulnerability: Unauthorized Access and Tampering of Network Configuration in B. Braun Melsungen AG SpaceCom and Data module compactplus Remote Code Execution Vulnerability in WADashboard Component of WebAccess/SCADA Versions 9.0 and Prior XPath Injection Vulnerability in B. Braun Melsungen AG SpaceCom and Data Module CompactPlus Code Injection Vulnerability in OSIsoft PI Vision 2020 User Credential Recovery Vulnerability in B. Braun Melsungen AG SpaceCom and Data Module compactplus BD Alaris PC Unit and Systems Manager Network Session Authentication Vulnerability Firmware Signature Verification Vulnerability in B. Braun Melsungen AG SpaceCom and Data module compactplus Information Disclosure Vulnerability in OSIsoft PI Vision 2020 Vulnerability: Hard-coded Credentials in B. Braun Melsungen AG SpaceCom and Data module compactplus Insufficient Data Protection in Reolink P2P Products: Exposing Sensitive Information and Camera Feeds Vulnerability in Oracle Database Server's Database Gateway for ODBC Component Excel Macro Injection Vulnerability in B. Braun OnlineSuite Version AP 3.0 and Earlier Remote Code Execution Vulnerability in Fuji Electric V-Server Lite Versions Prior to 3.3.24.0 Relative Path Traversal Vulnerability in B. Braun OnlineSuite Version AP 3.0 and Earlier Local Network Access Vulnerability: Exploiting Fixed Cryptography Key in Reolink P2P Cameras Local Privilege Escalation via DLL Hijacking in B. Braun OnlineSuite Version AP 3.0 and Earlier Transport Layer Credential Exposure in GE Healthcare Imaging and Ultrasound Products Remote Code Execution via Directory Traversal in Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) Protocol Stack-Based Buffer Overflow Vulnerability in WECON PLC Editor Versions 1.3.8 and Prior Unencrypted File Transfer Vulnerability in ISaGRAF Workbench Transport Layer Credential Exposure in GE Healthcare Imaging and Ultrasound Products Java VM Component Vulnerability in Oracle Database Server Information Disclosure Vulnerability in Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x Heap-Based Buffer Overflow Vulnerabilities in WECON PLC Editor Versions 1.3.8 and Prior: Arbitrary Code Execution Uncontrolled DLL Loading Vulnerability in Rockwell Automation ISaGRAF Runtime on Windows Systems Authentication Bypass Vulnerability in Medtronic MyCareLink Smart 25000 Plaintext Password Storage Vulnerability in Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x Remote Code Execution Vulnerability in IP150 Firmware Versions 5.02.09 XXE Vulnerability in LeviStudioU Release Build 2019-09-21 and Prior: File Disclosure Heap Overflow Vulnerability in Medtronic MyCareLink Smart 25000 Allows Remote Code Execution Out-of-Bounds Read Vulnerability in LAquis SCADA (Versions prior to 4.3.1.870) Allows Code Execution Remote Code Execution Vulnerability in IP150 Firmware Versions 5.02.09 Oracle WebLogic Server Console Unauthenticated Remote Code Execution Vulnerability Cleartext Storage and Transmission of Third-Party Service Credentials in MOXA NPort IAW5000A-I/O Firmware Default API Entry-Point Permissions Allow Remote Reboot of CompactRIO Unauthorized Access to Sensitive Information in MOXA NPort IAW5000A-I/O Firmware Cryptographic Key Exposure Vulnerability in GE Reason RT430, RT431 & RT434 GNSS Clocks Privilege Escalation Vulnerability in MOXA NPort IAW5000A-I/O Firmware v2.1 or Lower Client-side input validation vulnerability in Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules Vulnerability: Brute Force Authentication Bypass in MOXA NPort IAW5000A-I/O Firmware Code Injection Vulnerability in GE Reason GNSS Clocks Session Fixation Vulnerability in MOXA NPort IAW5000A-I/O Firmware Version 2.1 or Lower Heap-based Buffer Overflow Vulnerability in WECON LeviStudioU Release Build 2019-09-21 and Earlier Username Enumeration Vulnerability in Pritunl VPN Server Namespace Replication Bug in HashiCorp Consul Enterprise 1.7.0 - 1.8.4: Denial of Service via Infinite Raft Writes Framer Preview App 12 for Android Allows Unauthorized Loading of Web Content Unauthenticated In-Game Push Notification Vulnerability in God Kings Android App Stored XSS Vulnerability in Mimosa B5, B5c, and C5x Web Console Command Injection Vulnerability in Mimosa B5, B5c, and C5x Web Console Remote Code Execution via Browser Protocol Handler in JetBrains ToolBox User Enumeration Vulnerability in JetBrains YouTrack REST API Improper Access Control in JetBrains YouTrack Allows Information Disclosure via REST API Unauthenticated Access to Workflow Rules in JetBrains YouTrack Buffer Overflow Vulnerability in Linux Kernel's Conntrack Netlink Configuration (CID-1cc5ef91d2ff) TOCTOU Vulnerability in Linux Kernel NFS Client Code Arbitrary PHP Code Execution Vulnerability in File Manager Plugin for WordPress Unauthenticated Access and Influence of Overwolf Client Channel yWorks yEd Desktop: XML/GraphML XXE Vulnerability Code Execution Vulnerability in yWorks yEd Desktop before 3.20.1 via XSL Transformation Command Injection Vulnerability in Grandstream GRP261x VoIP Phone Firmware 1.0.3.6 (Base) Authentication Bypass Vulnerability in Grandstream GRP261x VoIP Phone Firmware 1.0.3.6 (Base) Uncontrolled Recursion Vulnerability in libproxy 0.4.x through 0.4.15 Oracle Knowledge Product Vulnerability: Unauthorized Data Manipulation Use-after-free vulnerability in Linux kernel 4.9.x, 4.14.x, and 4.19.x due to incomplete backport of CVE-2020-14356 patch in cgroups feature. Privilege Escalation via Incorrect Reference Counting in Linux Kernel 5.7.x and 5.8.x Remote Code Execution Vulnerability in Sophos SG UTM WebAdmin Buffer Overflow Vulnerability in SCALANCE X-200 and X-200IRT Switches Unauthenticated Access to LOGO! 8 BM (incl. SIPLUS variants) on Port 10005/tcp Vulnerability Replay Attack Vulnerability in LOGO! 8 BM (incl. SIPLUS variants) Outdated Cipher Mode Vulnerability in LOGO! 8 BM (incl. SIPLUS variants) Static Key Encryption Vulnerability in LOGO! 8 BM and LOGO! Soft Comfort Insecure Random Number Generation and Cryptographic Function Vulnerability in LOGO! 8 BM Insecure Firmware Update: Exposure of Private RSA Key in LOGO! 8 BM Vulnerability: Reverse Engineering of Password Protected User-Defined Functions in LOGO! 8 BM and LOGO! Soft Comfort Vulnerability: Passwords Sent in Recoverable Format in LOGO! 8 BM (incl. SIPLUS variants) Title: Multiple LOGO! Series Vulnerability: Remote Code Execution and Device Crash Zip-Slip Vulnerability in SINEC NMS and SINEMA Server Privilege Escalation Vulnerability in PCS neo and TIA Portal Unauthorized Actions and Rogue Server Addition Vulnerability in SINEMA Remote Connect Server (All versions < V3.0) Oracle Knowledge InQuira Search Unauthenticated Remote Denial of Service Vulnerability Unprivileged User Access Vulnerability in SINEMA Remote Connect Server (All versions < V3.0) TCP Sequence Number Validation Vulnerability in SIMATIC MV400 Family (All Versions < V7.0.6) Denial-of-Service Vulnerability in SIMATIC NET CP 343-1 Devices Zip Slip Vulnerability in LOGO! Soft Comfort (All versions < V8.4) Allows System Takeover DLL Hijacking Vulnerability in LOGO! Soft Comfort (All versions < V8.4) Allows System Takeover Vulnerability in DIGSI 4 Allows Unauthorized DLL Execution Directory Traversal Vulnerability in Hyland OnBase Directory Traversal Vulnerability in Hyland OnBase Insufficient Server-Side Logging in Hyland OnBase Arbitrary Data Write Vulnerability in Hyland OnBase Client-side Authentication Vulnerability in Hyland OnBase CSRF Exploit Allows Unauthorized Access and Actions via Default Credentials in Hyland OnBase SQL Injection Vulnerability in Hyland OnBase SQL Injection Vulnerability in Hyland OnBase Denial of Service Vulnerability in Hyland OnBase Shared Private Key Vulnerability in Hyland OnBase XXE Vulnerability in Hyland OnBase: Arbitrary File Read/Write Access Remote Code Execution via BinaryFormatter.Deserialize in Hyland OnBase XML Deserialization Vulnerability in Hyland OnBase Remote Code Execution Vulnerability in Hyland OnBase CSRF Vulnerability in PyroCMS 3.7 Allows Unauthorized Deletion of Pages CSRF Vulnerability in PyroCMS 3.7: Arbitrary Plugin Deletion via admin/addons/uninstall/anomaly.module.blocks URI Arbitrary Overwrite of System-installed .desktop File in AppImage libappimage AppImage appimaged before 1.0.3 allows installation of malicious AppImages disguised as other file types ILIAS 6.4 XSS Vulnerability in Question-Pool File-Upload Preview Feature Remote Code Execution via External News Feed in ILIAS 6.4: Incorrect Parameter Sanitization for Magpie RSS Data Use After Free Vulnerability in InspIRCd Server Oracle Database Server Core RDBMS Unauthorized Read Access Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in PHPGurukul Hostel-Management-System 2.1 Cross-Site Scripting (XSS) Vulnerability in PHPGurukul Hospital Management System XSS Vulnerability in SourceCodester Online Bus Booking System 1.0 via book_now.php Authentication Bypass via SQL Injection in SourceCodester Online Bus Booking System 1.0 Dovecot 2.3.13 Vulnerability: Application Crash via Crafted Email Message Revocation Check Bypass in PrimeKey EJBCA Quram Image Codec Library Memory Overwrite Vulnerability Buffer Overflow Vulnerability in Samsung Mobile Devices with Exynos Chipsets (SVE-2020-18098) Unauthenticated Remote Command Execution on Samsung Mobile Devices with Q(10.0) Software LG Mobile Devices Android OS Sensitive Security Settings Mishandling Vulnerability LG Mobile Devices with Android OS 10 Software: Bypassing Access Restrictions in lguicc Software LG Mobile Devices BT Manager Access Restriction Bypass Vulnerability Incomplete Permission Checking in Linux Kernel's rbd Block Device Driver (CID-f44d04e696fe) Race Condition in hugetlb sysctl Handlers in Linux Kernel Unauthenticated Access to Private Comments in WordPress Arbitrary Command Execution in Pligg 2.0.3 via Template Editor HTML Injection and JavaScript Execution in MantisBT Custom Field Regular Expression Property Local Privilege Escalation via Weak Permissions in AVAST SecureLine VPN Remote Heap Corruption Vulnerability in Kingsoft WPS Office via Crafted PNG Data Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware: Unauthorized Data Access and Manipulation Unauthenticated Unauthorized Read Access Vulnerability in Oracle Business Intelligence Enterprise Edition Vulnerability in Oracle Reports Developer of Oracle Fusion Middleware: Unauthorized Data Access and Manipulation Vulnerability in Oracle Reports Developer of Oracle Fusion Middleware: Unauthorized Data Access and Manipulation Memory Leak Vulnerability in NFStream 5.2.0 Arbitrary Script Injection in Symphony CMS 3.0.0 via events\event.publish_article.php Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access rConfig 3.9.5 - Information Disclosure Vulnerability in configcompare.crud.php Stored Cross-Site Scripting (XSS) Vulnerability in rConfig 3.9.5 Allows Arbitrary JavaScript Execution Fixed SSRF Vulnerability in rConfig 3.9.5 - Version 3.9.6 Patch Released Arbitrary File Deletion Vulnerability in rConfig 3.9.5 Vulnerability in Oracle Outside In Technology: Unauthorized Data Access and Manipulation Error-Based Blind SQL Injection Vulnerability in Online Shopping Alphaware 1.0 Denial of Service Vulnerability in D-Link DIR-823G REVA1 1.02B05's /cgi-bin/upload_firmware.cgi Component Command Injection Vulnerability in D-Link DIR-823G Devices with Firmware V1.0.2B05 Command Injection Vulnerability in D-Link DIR-823G Devices with Firmware V1.0.2B05 Vulnerability in Oracle Business Intelligence Enterprise Edition: Unauthorized Data Access and Partial Denial of Service CyberArk Privileged Session Manager (PSM) 10.9.0.15 Information Disclosure Vulnerability Cross Site Scripting (XSS) Vulnerabilities in WP SMART CRM V1.8.7 Plugin Cross Site Scripting (XSS) Vulnerability in AccessPress Themes WP Floating Menu V1.3.0 SQL Injection Vulnerability in Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 Vulnerability in Oracle WebCenter Sites: Unauthorized Access and Partial Denial of Service Cross Site Scripting (XSS) Vulnerability in Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 Cross-Site Scripting (XSS) Vulnerability in Nagios Log Server 2.1.7 Vulnerability in Oracle WebCenter Sites: Unauthorized Data Access and Manipulation Cross-Site Scripting Vulnerability in CSZ CMS 1.2.9 via Crafted Payload in 'New Pages' Field CSZ CMS 1.2.9 'Article' Plugin XSS Vulnerability Stored XSS Vulnerability in moziloCMS 2.0 Allows Arbitrary Code Execution CSV Injection Vulnerability in InterMind iMind Server Stored XSS Vulnerability in InterMind iMind Server (<= 3.13.65) Enables Session Hijacking via Malicious File in Chat Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Manipulation and Partial Denial of Service Cross-Site Scripting (XSS) Vulnerability in Taskcafe Project Management Tool Arbitrary File Upload Vulnerability in lemocms 1.8.x CSRF Vulnerability in ProjectWorlds College Management System Php 1.0 Allows Unauthorized Data Manipulation Multiple SQL Injection Vulnerabilities in Projectsworlds College Management System Php 1.0 Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Manipulation and Partial Denial of Service CSRF Vulnerability in Projectworlds Online Examination System 1.0 Allows Remote User Deletion Out-of-Bounds Write Vulnerability in com_line() Function of gnuplot 5.4 Monstra 3.0.4 Local File Inclusion Vulnerability Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Manipulation and Partial Denial of Service Cross Site Scripting (XSS) Vulnerability in Mara CMS 7.5 menuedit.php Null Pointer Dereference Vulnerability in MP4Box - GPAC Version 0.8.0-rev177-g51a8ef874-master via gf_isom_get_track_id Function Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Oracle WebLogic Server Console Unauthenticated Access Vulnerability Multiple Cross Site Scripting (XSS) Vulnerabilities in Booking Core - Ultimate Booking System Booking Core 1.7.0 CSV Formula Injection Vulnerability in Ultimate Booking System Booking Core 1.7.0 Arachnys Cabot 0.11.12 XSS Vulnerability in Address Column Oracle HTTP Server OSSL Module Denial of Service Vulnerability CSRF Vulnerability in BlackCat CMS Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in grocy 2.7.1 via Add Recipe Module Sensitive Information Disclosure in WeBank FATE Machine Learning Joint Modeling Oracle WebLogic Server T3 Vulnerability Denial of Service Vulnerability in fxProxyGetter Function in Moddable SDK Heap Buffer Overflow in fxCheckArrowFunction function Denial of Service Vulnerability in fxUTF8Decode at xsCommon.c:916 Heap Buffer Overflow in Moddable SDK: Partially Initialized Stack Frame Crash Null Pointer Dereference in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 Remote Code Execution via SSRF in CRMEB 3.0's Downloadimage Interface Null Pointer Dereference Vulnerability in Irzip 0.621 Allows for Denial of Service Vulnerability in Oracle WebLogic Server Console Allows Unauthorized Data Access and Manipulation Cross-Site Scripting (XSS) Vulnerability in AntSword 2.1.8.1's View Site Function Cross Site Request Forgery (CSRF) Vulnerability in SimplePHPscripts News Script PHP Pro 2.3 Allows Unauthorized User Addition Improper HttpOnly Flag Setting in SimplePHPscripts News Script PHP Pro 2.3 Cross Site Scripting (XSS) Vulnerability in SimplePHPscripts News Script PHP Pro 2.3 via editor_name Parameter SQL Injection Vulnerability in SimplePHPscripts News Script PHP Pro 2.3 via id Parameter in editNews Action Blind Persistent XSS Vulnerability in Liferay CMS Portal 7.1.3 and 7.2.1 Oracle WebLogic Server Vulnerability: Unauthorized Data Access and Manipulation Arbitrary Command Execution Vulnerability in UCMS v1.4.8's fopen() Function SQL Injection Vulnerability in PHPGURUKUL Zoo Management System Heap Overflow Vulnerability in Sqreen PyMiniRacer (Python Mini Racer) before 0.3.0 Oracle WebLogic Server Vulnerability: High Privileged Takeover via HTTP Vulnerability: Lack of Cryptographic Signature Verification in Sqreen PHP Agent Daemon Cross Site Scripting (XSS) Vulnerability in Kare Emakin 5.0.341.0 via /rpc/membership/setProfile DisplayName Field Insecure Communication and Weak Encryption in Oclean Mobile Application 2.1.2 Arbitrary Command Execution Vulnerability in Xinuos Openserver v5 and v6 Reflected XSS Vulnerability in Xinuo Openserver 5 and 6 via 'section' Parameter Beetel Router 777VR1 XSS Vulnerability via NTP Server Name and URL Filter Keyword Authenticated Remote Command Execution in TOTOLINK A3002RU-V2.0.0 B20190814.1034 Oracle WebLogic Server Vulnerability: Unauthorized Access and Data Compromise DLL Hijacking Vulnerability in Cybereason EDR Command Injection Vulnerability in D-Link DNS-320 FW v2.06B01 Revision Ax Incorrect Permission Assignment in TeamworkCloud Installation Script Allows Local Unprivileged Code Execution as Root Oracle WebLogic Server IIOP Unauthenticated Remote Code Execution Vulnerability Incorrect Access Control via the Login Panel in Sourcecodester Simple Library Management System 1.0 Insecure Permissions Vulnerability in Sourcecodester Simple Library Management System 1.0 Stored Cross-Site Scripting (XSS) Vulnerability in WSO2 Enterprise Integrator 6.6.0 or Earlier BPMN Explorer Tasks Oracle WebLogic Server Vulnerability: Unauthorized Data Access and Manipulation Unauthenticated Remote Code Execution Vulnerability in Oracle Knowledge Privilege Escalation Vulnerability in Malwarebytes for macOS UCMS 1.5.0 File Upload Vulnerability: Exploiting Server Management Permissions Remote Code Execution Vulnerability in CMSuno 1.6.2 via lang Parameter Injection Directory Traversal Vulnerability in ThinkAdmin v6 Allows Unauthorized File Access Oracle Coherence Remote Code Execution Vulnerability Arbitrary PHP Code Execution Vulnerability in CMSuno 1.6.2 Double Free Vulnerability in gnuplot 5.5: Context-Dependent Arbitrary Code Execution Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Data Access and Partial Denial of Service Hardcoded Credential and Command Injection Vulnerability in SapphireIMS 5.0 Default Credentials Stored in ServerConf.config File in SapphireIMS 5 CSRF Vulnerability in SapphireIMS 5.0: Lack of CSRF Token in Critical Application Forms Unauthenticated Local Administrator Creation Vulnerability in SapphireIMS 5.0 Privilege Escalation Vulnerability in SapphireIMS 5.0 Hardcoded Credential and Command Injection Vulnerability in SapphireIMS 5.0 Account Takeover Vulnerability in SapphireIMS 5.0 Vulnerability in Oracle Demantra Demand Management Allows Unauthorized Data Manipulation Uninitialized NonNull Pointer Violation in linked-hash-map Crate Integer Overflow in HeaderMap::reserve() Leading to Denial of Service Type Confusion Flaw in Failure Crate (CVE-2020-XXXX) Alignment Constraint Mishandling in rand_core Crate Vulnerability: Potential Overflow in rtsold(8) due to Unverified RDNSS Option Uninitialized Kernel Stack Leak in FreeBSD File Systems Uninitialized Byte Leak in msdosfs(5) Dirent Structure Oracle Solaris SMB Remote Code Execution Vulnerability Vulnerability: Regression in login.access(5) Rule Processor Allows Access Despite Denial Race Condition in jail_remove(2) Implementation Can Fail to Kill Processes Vulnerability: Privilege Escalation via ptrace(2) in FreeBSD Jail Attach Buffer Overflow Vulnerability in rtsold(8) when Processing DNSSL Option Race Condition Vulnerability in FreeBSD Jails Allows Access to Filesystem Hierarchy Outside the Jail Unauthenticated Remote Data Read Vulnerability in Oracle Siebel CRM Authentication Bypass Vulnerability in SaltStack Salt through 3002 Insecure Folder Permissions in Acronis True Image on macOS: Local Privilege Escalation Vulnerability Unauthenticated Enumeration of Secrets Engine Mount Paths in HashiCorp Vault Vulnerability: Denial of Service and Privilege Escalation in Xen's PCI Passthrough Denial of Service Vulnerability in Xen through 4.14.x via SYSENTER Instruction Vulnerability: Event Channel Mishandling in Xen Xen 4.14.x RCU Reference Leak Denial of Service Vulnerability Xen EVTCHNOP_reset Race Condition Vulnerability Vulnerability in Oracle Siebel CRM: Unauthorized Read Access in Siebel UI Framework Out of Bounds Event Channel Allocation Vulnerability in Xen Denial of Service (DoS) Attack via evtchn_reset() / evtchn_destroy() in Xen Xen x86 PV Guest Access to MSR_MISC_ENABLE Host OS Crash Vulnerability Missing Memory Barriers in Xen Event Channel Access/Allocation Vulnerability Race condition vulnerability in Xen allows for Denial of Service (DoS) in x86 HVM guests Cleartext Transmission Vulnerability in Agora Video SDK: Unauthorized Access to Audio and Video Streams Cross-Site Scripting (XSS) Vulnerability in Mitel MiCollab AWV Component SQL Injection Vulnerability in Mitel MiCollab SAS Portal Cross-Site Scripting (XSS) Vulnerability in Mitel MiCollab's NuPoint Messenger Portal Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise HCM Human Resources Insufficient Access Control for Conference Codes in Mitel MiCollab AWV Component XSS Vulnerability in Mitel MiCollab AWV Portal Allows Unauthorized Access to Conference Information Insufficient Access Control in NuPoint Messenger of Mitel MiCollab before 9.2 Allows Unauthorized Access to User Files HTTP Request Smuggling Vulnerability in Ruby's WEBrick Server XMLQuery LoadURL Response XML Format Check Bypass Vulnerability Relative Path Traversal Vulnerability in SolarWinds N-Central 12.3.0.670 Privilege Escalation Vulnerability in SolarWinds N-Central 12.3.0.670 Unrestricted SSH Communication Channel Vulnerability in SolarWinds N-Central 12.3.0.670 Vulnerability in Primavera Portfolio Management: Unauthorized Data Access and Manipulation Hard-coded Credentials in SolarWinds N-Central 12.3.0.670 Unauthenticated Access to SolarWinds N-Central Local Database CSRF Vulnerability in SolarWinds N-Central 12.3.0.670 Directory Traversal Vulnerability in Erlang/OTP 22.3.x and 23.x Stack-based Buffer Over-read in QEMU 5.0.0 via HCD-OHCI Driver Infinite Loop Vulnerability in QEMU 5.0.0 when Processing TD Lists Cross-Site Scripting (XSS) Vulnerability in Django REST Framework's Browseable API Viewer Stored XSS Vulnerability in MoodleNetProfile User Profile Field Reflected XSS Vulnerability in Tag Manager Moodle Vulnerability: Unauthorized Access to Site Administration Capabilities Vulnerability in Oracle Hyperion Financial Close Management Allows Unauthorized Data Manipulation Unrestricted Zip File Extraction Vulnerability in Moodle JavaScript Injection Vulnerability in Moodle Book Chapter Titles Grub2 Use-After-Free Vulnerability Allows Arbitrary Code Execution and Secure Boot Bypass RESTEasy Client Information Disclosure Vulnerability Unauthenticated Access to Red Hat 3scale API Docs Allows Information Disclosure and API Modification Unsecured Data Exposure in Ansible Base's aws_ssm Connection Plugin Vulnerability: Namespace Collision in Ansible Base aws_ssm Connection Plugin Double Free Memory Vulnerability in libvirt API SQL Injection Vulnerability in Hibernate-Core (CVE-2020-10693) Linux Kernel GPU Nouveau Driver NULL Pointer Dereference Vulnerability Unauthenticated Unauthorized Read Access Vulnerability in Oracle Siebel CRM Sensitive Information Exposure in WildFly Resource Adapter Logs Linux Kernel Denial of Service Vulnerability in biovecs Implementation Memory Corruption and Read Overflow Vulnerability in Linux Kernel's HDLC_PPP Module WildFly OpenSSL Memory Leak Vulnerability Unencrypted Traffic Vulnerability in Linux Kernel's Geneve Endpoint Confidentiality Vulnerability: Exposing Private Key in Ansible Collection community.crypto Logs Grub2 USB Initialization Vulnerability: Bypassing Secure Boot and Arbitrary Code Execution Multiple CCS Messages Denial of Service Vulnerability in NSS Library FasterXML Jackson Databind XXE Vulnerability Oracle Solaris Consolidation Infrastructure Vulnerability Memory Denial of Service Vulnerability in spice-vdagentd SPICE File Transfer Protocol Vulnerability: Data Leakage and Denial of Service Denial of Service Vulnerability in spice-vdagentd Daemon Race Condition Vulnerability in spice-vdagentd Daemon Pacemaker ACL Bypass Vulnerability Unauthorized Disclosure of Secrets in ManagedClusterView API Use-After-Free Vulnerability in Linux Kernel's Console Subsystem Allows Out-of-Bounds Memory Read Access Bleichenbacher Timing Attack Vulnerability in m2crypto's RSA Decryption API Bleichenbacher Timing Attack Vulnerability in python-rsa Bleichenbacher Timing Attack Vulnerability in python-cryptography 3.2 RSA Decryption API Vulnerability in Oracle Applications Framework: Unauthorized Data Manipulation Cephx Authentication Protocol Replay Attack Vulnerability Title: Red Hat Linux Kernel Bluetooth L2CAP Packet Handling Remote Code Execution Vulnerability Vulnerability: Red Hat Linux Kernel Bluetooth Stack Memory Leak (CVE-2020-12352) Heap-use-after-free or heap-buffer-overflow vulnerability in ImageMagick's SetImageAlphaChannel() routine Out-of-bounds Write Vulnerability in PNG Coder of ImageMagick Improper Call to AcquireQuantumMemory() in PALM Image Coder in ImageMagick Integer Overflow Vulnerability in HistogramCompare() Function in ImageMagick Out-of-Bounds Read Vulnerability in TIFFGetProfiles() in ImageMagick Use After Free Vulnerability in Linux Kernel's con_font_op Due to Improper Synchronization of fg_console Use After Free Vulnerability in Linux Kernel's sunkbd_reinit Function Vulnerability in Oracle Retail Customer Management and Segmentation Foundation: Unauthorized Data Access and Manipulation Refcount Leak in llcp_sock_bind(): A Privilege Escalation Vulnerability in Linux Kernel Linux Kernel Refcount Leak in llcp_sock_connect(): Privilege Escalation Vulnerability Linux Kernel LLCP_SOCK_CONNECT Memory Leak Vulnerability Non-blocking Socket Vulnerability in Linux Kernel: Leaking and Hanging System Improper Exit Condition in WriteOnePNGImage() Allows Heap-Buffer-Overflow READ Integer Overflow and Out-of-Range Vulnerability in ImageMagick's CropImage() and CropImageToTiles() Routines Unconstrained Pixel Offset Calculation Vulnerability in ImageMagick Insecure Default Permissions in Ceph-ansible v4.0.41 Allows Unauthorized Access to Sensitive Information Clear Text Storage of Mgr Module Passwords in Ceph Vulnerability in Oracle Applications DBA component of Oracle Database Server (CVE-2021-1234) Vulnerability: SSL Certificate Validation Bypass in JBCS httpd 2.4.37 SP3 Heap-based Buffer Overflow in dnsmasq (CVE-2020-25681) Buffer Overflow Vulnerability in dnsmasq (CVE-2021-34556) Heap-based Buffer Overflow in dnsmasq with DNSSEC Enabled Vulnerability: DNS Cache Poisoning in dnsmasq (CVE-2020-25687) Vulnerability: Weak Hash Collision in dnsmasq Unbounded Query Forwarding Vulnerability in dnsmasq Heap-based Buffer Overflow in dnsmasq with DNSSEC Enabled Insecure Provisioning of Internal Service APIs in rhacm Versions Before 2.0.5 and 2.1.0 Memory Leak Vulnerability in WildFly: Denial of Service via Out of Memory (OOM) Vulnerability in Oracle Applications DBA component of Oracle Database Server FontForge Out-of-Bounds Write Vulnerability in SFD File Parsing Darkhttpd Denial-of-Service Vulnerability through Invalid Error Handling OpenLDAP Server Remote Denial of Service Vulnerability Heap Buffer Overflow Vulnerability in CImg's load_pnm() Function PostgreSQL Vulnerability: Man-in-the-Middle Attack on Database Connections Arbitrary SQL Function Execution Vulnerability in PostgreSQL Arbitrary Code Execution Vulnerability in PostgreSQL's psql Interactive Terminal Xorg-x11-server Privilege Escalation Vulnerability Insufficient Enrollment Check Vulnerability in Moodle Insufficient Capability Checks in Moodle Could Lead to Unauthorized Role Modifications MySQL Client Denial of Service Vulnerability Moodle Database Module Web Services Group Entry Vulnerability Unintended Enrollment Method Activation Vulnerability in Moodle JavaScript Injection Vulnerability in Moodle Content Bank Renaming User Email Disclosure Vulnerability in Moodle Versions 3.7 to 3.9.2 Linux Kernel Performance Monitoring Subsystem Memory Leak Vulnerability Linux Kernel Vulnerability Allows Off-Path Remote Attackers to Bypass UDP Source Port Randomization Improper Escaping of Error Message in Cacti 1.2.13 templates_import.php (XSS Vulnerability) Denial of Service Vulnerability in libvncserver-0.9.12 OpenLDAP Assertion Failure Vulnerability Oracle VM Server for SPARC Vulnerability: Unauthorized Data Access OpenLDAP Vulnerability: Assertion Failure in csnNormalize23() Infinispan 10 REST API Authorization Bypass Vulnerability Heap-Buffer Overflow in XkbSetDeviceInfo: Privilege Escalation Vulnerability in xorg-x11-server Out of Bounds Array Access Vulnerability in raptor_xml_writer_start_element_common DOM-based XSS Vulnerability in pki-core 10.9.0 Privilege Escalation Vulnerability in Cloudforms Allows Unauthorized Administrator File Export/Import Samba Privilege Escalation Vulnerability Vulnerability: RODC Privilege Escalation in Samba Kerberos Name-Based Authentication Vulnerability in Samba AD DC Vulnerability in MySQL Server Audit Plugin Allows Unauthorized Data Manipulation Enhanced Kerberos Integration in Samba: Reliable SID and samAccountName Retrieval for Linux Applications Samba AD DC Vulnerability: Total Domain Compromise USB EHCI Emulation Code Vulnerability: Denial of Service via Bogus USB Requests RESTEasy Vulnerability: Unauthorized Access to Privileged Information Heap-use-after-free vulnerability in Xpdf 4.02's SplashOutputDev::endType3Char() function CMIS-SQL Injection Vulnerability in Alfresco Reset Password Add-on Vulnerability: Password Reset Add-on Allows Unauthorized Password Changes Cross-Site Scripting (XSS) Vulnerability in ZoneMinder before 1.34.21 MySQL Client Denial of Service Vulnerability File Upload Vulnerability in webTareas 2.1 Allows Upload of Dangerous .exe and .shtml Files Directory Listing Vulnerability in webTareas 2.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in webTareas 2.1 Insecure XPC Service Configuration in Acronis True Image 2019-2021 on macOS Allows Local Privilege Escalation Elevation of Privilege Vulnerability in Hackolade Versions Prior to 4.2.0 on Windows Bypassing Credential Theft Protection in CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 XSS Vulnerability in gon Gem: Lack of Escape Mode Parameter Handling MySQL Client Denial of Service Vulnerability NULL Pointer Dereference in fdctrl_write_data in QEMU 5.0.0 NULL Pointer Dereference in QEMU's pci_change_irq_level Function NULL Pointer Dereference in QEMU's hw/ide/pci.c Arbitrary File Creation and Overwrite Vulnerability in SaferVPN for Windows Local attacker can obtain sensitive information via debug interface in QED ResourceXpress Qubi3 devices Unauthenticated Remote Access Vulnerability in Rubetek RV-3406, RV-3409, and RV-3411 Cameras Cleartext Transmission Vulnerability in Rubetek RV Cameras Default and Static Password Vulnerability in Rubetek Cameras Vulnerability in Oracle VM VirtualBox Allows Takeover XXE Vulnerability in Pay2PayPayment.php's checkResult Function SQL Injection Vulnerability in paGO Commerce Plugin 2.5.9.0 for Joomla! Hardcoded Web-Panel Login Passwords in Enphase Envoy R3.x and D4.x Devices Default Admin Password Vulnerability on Enphase Envoy R3.x and D4.x Devices Insecure User Authentication on Enphase Envoy R3.x and D4.x Devices Arbitrary Command Execution Vulnerability in Enphase Envoy R3.x and D4.x Devices Buffer Overflow Vulnerability in Cesanta Mongoose 6.18's mg_get_http_header Function Arbitrary Command Execution Vulnerability in Lua CGIs on D-Link DSR VPN Routers Arbitrary Crontab Injection Vulnerability in D-Link DSR-250 3.17 Devices Arbitrary Command Execution Vulnerability in D-Link DSR-250 3.17 Devices Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Manipulation and Partial Denial of Service SQL Injection Vulnerability in Projectworlds Visitor Management System in PHP 1.0 Cross-Site Scripting (XSS) Vulnerability in Projectworlds Visitor Management System in PHP 1.0 Authentication Bypass and Information Disclosure in SourceCodester Seat Reservation System 1.0 Unauthenticated File Upload Vulnerability in Seat Reservation System v1.0 Allows Remote Code Execution Remote Code Execution Vulnerability in Western Digital My Cloud Devices Unauthenticated POST Operation Vulnerability in MISP Out-of-bounds Read and Denial-of-Service Vulnerability in HCC Embedded NicheStack IPv4 4.1 Improper Input Validation in Contao Forms Allows for Insert Tag Injection MySQL Server Denial of Service Vulnerability Title: Local Information Disclosure Vulnerability in Trend Micro Apex One Title: Local Information Disclosure Vulnerability in Trend Micro Apex One Title: Local Information Disclosure Vulnerability in Trend Micro Apex One Arbitrary Code Execution Vulnerability in Trend Micro Apex One ServerMigrationTool Out-of-Bounds Read Information Disclosure in Trend Micro Apex One ServerMigrationTool Trend Micro Security 2020 (v16) Arbitrary File Deletion Vulnerability Symbolic Link Privilege Escalation Vulnerability in Trend Micro Antivirus for Mac 2020 (Consumer) Kernel Extension Request Bypass Vulnerability in Trend Micro Antivirus for Mac 2020 Kernel Pointer Leakage Vulnerability in Trend Micro Antivirus for Mac 2020 (Consumer) Vulnerability: Internationalized Domain Name Homograph Attack Exploitation in Trend Micro Antivirus for Mac 2020 Oracle Solaris SMB Remote Code Execution Vulnerability Directory Traversal Vulnerability in CommCell in Commvault Unauthenticated Access to Private Attachments in MantisBT Unauthenticated Stack-Based Buffer Overflow in Accfly Wireless Security IR Camera 720P System Unauthenticated Heap-Based Buffer Overflow in Accfly Wireless Security IR Camera System 720P Unauthenticated Stack-Based Buffer Overflow in Accfly Wireless Security IR Camera System 720P Unauthenticated Stack-Based Buffer Overflow in Accfly Wireless Security IR Camera System 720P XSS Vulnerability in D-Link DIR-816L and DIR-803 Devices via HTTP Referer Header Unvalidated URL Request Vulnerability in Tiny Tiny RSS Improper Handling of User Input in imgproxy Plugin of Tiny Tiny RSS JavaScript Execution in SVG Documents Vulnerability MySQL Server Denial of Service Vulnerability Arbitrary PHP Code Execution via ZIP Archive Upload in Typesetter CMS 5.x through 5.1 Unbounded Array Size Vulnerability in sized-chunks Crate Unchecked Array Size in sized-chunks Crate for Rust Unchecked Array Size in Chunk Implementation Memory-Safety Issue in sized-chunks Crate: Panic-Induced Clone Vulnerability Memory-Safety Issue in sized-chunks Crate: Panic-Induced Vulnerability in Chunk Implementation Unaligned Reference Vulnerability in sized-chunks Crate Cross-Site Scripting (XSS) Vulnerability in LimeSurvey 3.21.1's Add Participants Function (First and Last Name Parameters) Stored XSS Vulnerability in LimeSurvey 3.21.1 and Earlier: Arbitrary Code Injection via ParticipantAttributeNamesDropdown Parameter Cross-Site Scripting (XSS) Vulnerability in LimeSurvey 3.21.1 Quota Component MySQL Server Denial of Service Vulnerability Crafter Studio OS Command Execution Vulnerability Command Execution Vulnerability in Crafter Studio of Crafter CMS Oracle GraalVM Enterprise Edition 19.3.0.2 - Partial Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in MediaWiki 1.34.x Exposure of Hidden Users in MediaWiki Special:UserRights XSS Vulnerability in MediaWiki's jQuery Parsing Insecure Option Generation in MediaWiki LogEventList Lease Expiration Time Vulnerability in HashiCorp Vault Versions 1.0 and Newer XXE Vulnerability in CSSContentParser in SilverStripe through 4.6.0-rc1 Oracle iStore Vulnerability: Unauthorized Access and Data Compromise File Disclosure and SSRF Vulnerability in BigBlueButton NULL Pointer Dereference in peg-markdown 0.4.14: Unsupported Product Vulnerability Unauthenticated Export Key Vulnerability in Telegram Desktop Sensitive Information Disclosure in Octopus Deploy Task Logs Privilege Escalation through PingID Integration for Windows Login Concurrent OATH Token Requests Vulnerability Unescaped HTML Vulnerability in MediaWiki DNS ANY Query Vulnerability in PowerDNS Recursor Java SE, Java SE Embedded Serialization Vulnerability Arbitrary JavaScript Execution via Custom Field Injection in MantisBT Critical Reflected Cross Site Scripting Vulnerability in Micro Focus Filr 4.2.1 Persistent XSS Vulnerability in Micro Focus IDOL Product (Versions < 12.7) Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight Logger 7.1 Remote Exploitation of Stored Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight Management Center Critical Sensitive Information Disclosure Vulnerability in Micro Focus Self Service Password Reset (SSPR) Critical Data Exposure Vulnerability in Micro Focus Filr: Exploiting Unauthorized Disclosure of Sensitive Information Injection Vulnerability in NetIQ Identity Manager 4.8 MySQL Server Vulnerability: Unauthorized Access to Critical Data Critical Cross-Site Scripting Vulnerability in Micro Focus Access Manager: Configuration Destruction Risk Arbitrary File Access Vulnerability in NHIServiSignAdapter Heap Overflow Vulnerability in NHIServiSignAdapter Stack Overflow Vulnerability in NHIServiSignAdapter's Digest Generation Function File Path Verification Failure in NHIServiSignAdapter: A Gateway to Credential Leakage Unverified Digest Generation in NHIServiSignAdapter Allows Credential Leakage Command Injection Vulnerability in QNAP's QTS and QuTS hero: Fixed in Latest Versions Weak Authentication Flaw in HGiga MailSherlock Allows Remote Privilege Escalation via Default Password Generation Command Injection Vulnerability in MailGates and MailAudit Products Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE 8u231 Arbitrary File Download Vulnerability in HGiga MailSherlock's View Source Code Function Stack Buffer Over-read Vulnerability in Realtek RTL8195A Wi-Fi Module Stack Buffer Overflow in DecWPA2KeyData() Function in Realtek RTL8195A Wi-Fi Module Stack Buffer Overflow in AES_UnWRAP() Function of Realtek RTL8195A Wi-Fi Module Stack Buffer Overflow in DecWPA2KeyData() Function in Realtek RTL8195A Wi-Fi Module Stack Buffer Overflow in Realtek RTL8195A Wi-Fi Module Denial of Service Vulnerability in Qualcomm QCMAP Software Suite Arbitrary Command Execution and Privilege Escalation in Qualcomm QCMAP Software Suite Oracle E-Business Suite Human Resources Hierarchy Diagrammers Vulnerability Time-of-Check Time-of-Use Vulnerability in Pengutronix RAUC Update Client TCP Dissector Crash Vulnerability in Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20 MIME Multipart Dissector Crash Vulnerability in Wireshark Cross-Site Scripting (XSS) Vulnerability in HashiCorp Consul and Consul Enterprise NULL Pointer Dereference Vulnerability in Wireshark BLIP Protocol Dissector Insecure Security Key Validation in SoPlanning 1.47 and Earlier Improper Input Validation in Pexip Infinity 22.x-24.x: Remote Software Abort Vulnerability MediaWiki Information Leak: Incorrect Handling of Actor ID Oracle Human Resources Product Vulnerability: Unauthorized Access and Data Manipulation Directory Traversal Vulnerability in FileManagerController.php in FrogCMS 0.9.5 Arbitrary Folder Deletion Vulnerability in Baijiacms V4 Stored XSS Vulnerability in Codoforum v5.0.2 Smileys Feature Stored XSS Vulnerability in Codoforum v5.0.2 'Pages' Feature Stored XSS Vulnerability in BlackCat CMS 1.3.6 'Add Page' Title Parameter Stored XSS Vulnerability in BlackCat CMS 1.3.6 Admin-Tools Feature Stored XSS Vulnerability in Codoforum v5.0.2 'Manage Users' Feature MySQL Server Denial of Service Vulnerability Directory Traversal Vulnerability in RKCMS Master Version Buffer Overflow in Mongoose 6.18: Exploiting mg_resolve_from_hosts_file Vulnerability SQL Injection Vulnerability in Online Bus Booking System Project MySQL Server Denial of Service Vulnerability Stored XSS Vulnerability in Kyocera ECOSYS M2640IDW Printer's Web Application Allows Session Hijacking and Unwanted Actions Vulnerability in Oracle Java SE Allows Unauthorized Data Manipulation Host Header Injection Vulnerability in Spiceworks 7.5.7.0: Exploiting Arbitrary Link Rendering with Poisoned Host Header Webpages Cross-Site Scripting (XSS) Vulnerability in Blackboard Collaborate Ultra 20.02 Allows Cookie Theft SQL Injection Vulnerability in Sourcecodester Mobile Shop System in PHP MySQL 1.0 Vulnerability in Oracle Web Applications Desktop Integrator Allows Unauthorized Access and Data Manipulation XML External Entity (XXE) Vulnerability in modRestServiceRequest Component of MODX CMS 2.7.3 XML External Entity (XXE) Vulnerability in Symphony 2.7.10: Information Disclosure and Denial of Service (DOS) Arbitrary Code Execution via Cross Site Scripting (XSS) in ThinkCMF 5.1.5 UserController.php Privilege Escalation Vulnerability in Stratodesk NoTouch Center Oracle AutoVue 21.0.2 Vulnerability: Unauthorized Read Access to Data Arbitrary Code Injection through p4 Field in IceWarp WebClient 10.3.5 Webmail Calendar Insufficient Entropy in DNS Transaction ID Leads to Remote DNS Cache Poisoning in InterNiche NicheStack TCP/IP 4.0.1 Out-of-bounds Read Vulnerability in InterNiche NicheStack TCP/IP 4.0.1 DNS Response Processing Buffer Overflow in InterNiche NicheStack TCP/IP 4.0.1 DNS Response Processing Functions Vulnerability in Oracle Java SE Networking Component Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Data Access and Partial Denial of Service Oracle GraalVM Enterprise Edition Multiple Protocol Vulnerability CSRF Vulnerability in Advanced Webhost Billing System 3.7.0 Allows Unauthorized Deletion of Contacts Arbitrary SQL Command Execution and Authentication Bypass in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 Stored Cross-Site Scripting (XSS) Vulnerability in SourceCodester Student Management System Project in PHP version 1.0 Vulnerability in Oracle CRM Technical Foundation: Unauthorized Data Manipulation Unauthenticated Information Leakage in Sectona Spectra SOAP API Endpoint Server-Side Template Injection (SSTI) Vulnerability in FastAdmin V1.0.0.20200506_beta Member Center Function Buffer Overflow Vulnerability in gnuplot v5.5 via plotrequest() Function Vulnerability in Oracle One-to-One Fulfillment Allows Unauthorized Data Manipulation Vulnerability in PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Arbitrary File Deletion Vulnerability in MonoCMS Blog 1.0 Password Change CSRF Vulnerability in MonoCMS Blog 1.0 Hard-coded Admin Hashes Stored in MonoCMS Blog 1.0's log.xml File Vulnerability: Credential Leakage via UPnP Service in Genexis Platinum 4410 Router V2.1 Arbitrary File Write Privilege Escalation in Pritunl Electron Client Oracle Hospitality Cruise Materials Management Physical Access Vulnerability SQL Injection Vulnerability in WebsiteBaker 2.12.2 via 'display_name' Parameter in /websitebaker/admin/preferences/save.php Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Cross Site Scripting (XSS) Vulnerability in Project Worlds Online Examination System 1.0 via account.php Arbitrary Code Execution Vulnerability in ShopXO v1.9.0 Upload Payment Plugin Arbitrary File Upload Vulnerability in ShopXO v1.9.0 PluginsUpload Function Vulnerability in Oracle Java SE Allows Unauthorized Access to Critical Data Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Unauthorized Access to Tickets by Admin Users without Permission Improper Authorization Checks in Zammad Impersonation via X-On-Behalf-Of Header Oracle Field Service Product Vulnerability: Unauthorized Data Access and Manipulation Authentication Bypass in Zammad SSO Endpoint Knowledge Base Draft Leakage in Zammad Global Search SSRF Vulnerability in Zammad: Information Disclosure via SMS Configuration Interface CSRF Token Bypass in Zammad Tag and Link REST API Endpoints Account Enumeration Vulnerability in Zammad before 3.4.1 Stored XSS Vulnerability in Zammad Ticket Tags Element Directory Traversal Vulnerability in Even Balance Punkbuster Server Functionality Java SE, Java SE Embedded Serialization Vulnerability Remote Code Execution Vulnerability in Hoosk CmS v1.8.0 Install/index.php SQL Injection Vulnerability in Hoosk CMS v1.8.0 Install/Index.php XSS Vulnerability in Hoosk CMS v1.8.0 Install/Index.php SQL Injection Vulnerability in FUEL CMS 1.4.11 via 'name' Parameter in /fuel/permissions/create/ Stored XSS in Blocks/Navigation/Site Variables in FUEL CMS 1.4.11 Arbitrary Code Execution via Image Extension Manipulation in CuppaCMS File Manager Stored HTML Injection Vulnerability in Nifty-PM CPE 2.3 Allows Remote Code Execution Vulnerability in Oracle Solaris Filesystem Allows Unauthorized Data Access and System Crash Local Privilege Escalation Vulnerability in SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 via Crafted OpenSSL Configuration File SQL Injection Vulnerabilities in College Management System Php 1.0 Stored Cross-Site Scripting (XSS) Vulnerabilities in Online Marriage Registration System 1.0 Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Authentication Bypass Vulnerability in ClickStudios Passwordstate Password Reset Portal XML External Entity (XXE) Vulnerability in Cisco SD-WAN vManage Software Allows Unauthorized Access and Manipulation Path Traversal Vulnerability in Cisco SD-WAN vManage Software Allows Unauthorized File Access Insufficient Access Authorization in Cisco Telepresence CE Software and Cisco RoomOS Software Allows Unauthorized Token Generation Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Cisco ASR 9000 Series Aggregation Services Routers Denial of Service Vulnerability Unauthorized Access and Modification Vulnerability in Cisco IoT Field Network Director (FND) SOAP API Remote Code Execution Vulnerability in Cisco IoT Field Network Director (FND) REST API Unauthenticated Remote Access to Sensitive Database Information in Cisco IoT Field Network Director (FND) Improper Access Control in Cisco IoT Field Network Director Allows Unauthorized User List Access Insufficient File System Protections in Cisco IoT Field Network Director (FND) Allows Remote File Overwrite Insufficient Protection of User Credentials in Cisco IoT Field Network Director (FND) Web UI Allows Password Hash Retrieval Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Improper Domain Access Control in Cisco IoT Field Network Director (FND) Allows Unauthorized User Management Cross-Site Scripting (XSS) Vulnerabilities in Cisco IoT Field Network Director (FND) Web UI Zip Decompression Engine Vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance Allows Bypass of Content Filters Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Arbitrary File Overwrite Vulnerability in Cisco Edge Fog Fabric REST API Arbitrary Code Execution and Information Disclosure Vulnerabilities in Cisco Jabber Improper Storage of Sensitive Information in Cisco TelePresence Collaboration Endpoint Software Vulnerability: Missing CAP_NET_RAW Check in NFC Socket Creation Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Data Access and Partial Denial of Service Default Credentials Vulnerability in Unsupported PLANET Technology Corp NVR-915 and NVR-1615 Firmware Remote Code Execution in cPanel Exim Filter Path (SEC-485) Bypassing SMTP Greylisting Protection in cPanel (SEC-491) Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Jailshell Escape Vulnerability in cPanel (SEC-497) Insecure RNDC Credentials Vulnerability in cPanel (SEC-549) Insecure Auth Policy API Key Vulnerability in cPanel (SEC-550) Insecure Site Password Vulnerability in cPanel (SEC-551) Insecure SRS Secret Vulnerability in cPanel (SEC-552) Insecure Chkservd Test Credentials Vulnerability on cPanel (SEC-554) Insecure Permissions in cPanel Proxy Subdomains Log File (SEC-558) Predictable PowerDNS API Key Vulnerability in cPanel Code Execution Vulnerability in cPanel (SEC-488) Bypassing Package Modification Restriction in cPanel (SEC-557) Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Self XSS vulnerability in cPanel DNS Zone Manager DNSSEC interfaces (SEC-564) Self XSS vulnerability in cPanel's WHM Edit DNS Zone interface (SEC-566) File Overwriting Vulnerability in cPanel Email Quota Cache Self XSS vulnerability in cPanel before 90.0.10 via WHM Manage API Tokens interfaces (SEC-569) Self XSS vulnerability in cPanel Cron Jobs interface (SEC-573) Self XSS vulnerability in cPanel Cron Editor interface (SEC-574) CRLF Injection Vulnerability in Python's http.client Library TLS Certificate Impersonation Vulnerability in TigerVNC Post-Authentication Java Deserialization Vulnerability in SmartBear Collaborator Server Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Cross-Site Scripting (XSS) Vulnerability in MobileFrontend Extension for MediaWiki File Importer Extension Allows Creation of Pages with Disallowed Titles Remote Code Execution Vulnerability in Inspur NF5266M5 and Other M5 Server Devices via Weak BMC Firmware Verification Authenticated PHP Code Injection in openmediavault HTTP Request Smuggling Vulnerability in JetBrains Ktor before 1.4.1 Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Privilege Escalation Vulnerability in Open TFTP Server 1.66 Privilege Escalation through Binary Replacement in Open DHCP Server Privilege Escalation via Home DNS Server 0.10 Default Installation Directory Privilege Escalation Vulnerability in Dual DHCP DNS Server 7.40 Stored XSS Vulnerability in Live Helper Chat via BBCode Reflected XSS Vulnerability in Live Helper Chat before 3.44v via setsettingajax PATH_INFO Vulnerability: Lack of MFA Enforcement in SilverStripe GraphQL with Basic Authentication CRLF Injection in urllib3: HTTP Request Method Control Vulnerability Vulnerability: Bypassing Validation in SilverStripe FormFields with Square Brackets Vulnerability: Unauthorized EAPOL Frame Forwarding in NetBSD 7.1 Vulnerability in Oracle Enterprise Manager: APM Mesh Compromise Vulnerability: Arbitrary Data Injection in ALFA Windows 10 Driver for AWUS036H Vulnerability: Lack of Message Integrity Check Verification in ALFA Windows 10 Driver for AWUS036H Fragmented Frame Injection Vulnerability in OpenBSD 6.6 Arbitrary Data Injection Vulnerability in ALFA Windows 10 Driver 1030.36.604 for AWUS036ACH Vulnerability: Arbitrary Network Packet Injection on Samsung Galaxy S3 i9305 4.4.4 Devices Vulnerability: Arbitrary Network Packet Injection on Samsung Galaxy S3 i9305 4.4.4 Devices Fragmented Frame Exfiltration Vulnerability on Samsung Galaxy S3 i9305 4.4.4 Devices Fragment Reassembly Vulnerability in Linux Kernel 5.8.9 Uninitialized Memory Use in md_push_block_bytes Function in md4c 0.4.5 Credential Disclosure Vulnerability in NATS Libraries Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Sensitive Information Disclosure in Logaritmo Aware CallManager 2012 via info.php Arbitrary Web Script Injection Vulnerability in Event Espresso Core Plugin for WordPress Buffer Overflow Vulnerability in libproxy URL Parsing (CVE-2021-12345) Insecure File Permissions and DLL Hijacking Vulnerability in Utimaco SecurityServer Remote Code Execution via XSS in Leanote Desktop Syncing Remote Code Execution via XSS in Leanote Desktop Vulnerability in Oracle Enterprise Manager Base Platform Allows Unauthorized Access and Data Manipulation Bypassing Access Restrictions in jwt-go before 4.0.0-preview1 HTTP Host Header Redirection Vulnerability in Octopus Deploy Cross-Site Scripting (XSS) Vulnerability in Xerox WorkCentre EC7836 and EC7856 Devices via Description Pages HTTP Header Attacks in BigBlueButton Greenlight before 2.5.6: Exploiting Account Takeover via Spoofed Password-Reset Link KDE Connect Local Network Denial of Service Vulnerability PHP Object Injection Vulnerability in qdPM 9.1 via timeReportActions::executeExport Cross-Site Scripting (XSS) Vulnerability in qdPM 9.1 File Upload Functionality Critical Account Takeover Vulnerability in FUEL CMS 11.4.12 and Earlier Versions LDAP Authentication Bypass in Hazelcast IMDG and Jet Enterprise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Arbitrary Attachment Upload Vulnerability in tangro Business Workflow Reusable JWT Tokens without Expiration in tangro Business Workflow 1.18.1 and Earlier Insecure Document Download Vulnerability in Tangro Business Workflow Client-side file type restriction bypass in tangro Business Workflow before 1.18.1 User Profile Manipulation Vulnerability in tangro Business Workflow Insecure Access Control in tangro Business Workflow API Endpoint Server-side Vulnerability: Unrestricted Manipulation of Greyed-Out Profile Values in tangro Business Workflow Unauthenticated Download of Workitem Attachments in tangro Business Workflow Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Access Issue with Dell EMC Isilon OneFS and PowerScale OneFS: Unauthorized Data Access via Remotesupport User Account Privilege Escalation Vulnerability in Dell EMC Isilon OneFS and PowerScale OneFS Incorrect Privilege Assignment Vulnerability in Dell EMC NetWorker Versions Prior to 19.3.0.2 Improper Authorization Vulnerability in Dell EMC NetWorker Versions Prior to 19.3.0.2 Improper Certificate Validation Vulnerability in Dell BSAFE Micro Edition Suite Buffer Over-Read Vulnerability in Dell BSAFE Micro Edition Suite (Versions Prior to 4.5.1) Dell Inspiron 5675 BIOS Prior to 1.4.1 UEFI RuntimeServices Overwrite Vulnerability Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Privilege Escalation Vulnerability in Dell EMC PowerScale OneFS Versions 8.1.0 - 9.1.0 Privilege Escalation Vulnerability in Dell EMC PowerScale OneFS Versions 8.2.0 - 9.1.0 Arbitrary OS Command Execution Vulnerability in Dell EMC PowerScale OneFS Versions 8.1.0 - 9.1.0 Dell EMC PowerScale OneFS Incorrect Permission Assignment Vulnerability Dell EMC PowerScale OneFS SMB Directory Auto-Create Vulnerability Backup/Restore Privilege Implementation Issue in Dell EMC PowerScale OneFS Versions 8.1.0-9.1.0 LDAP Provider TLSv1.2 Connection Vulnerability in Dell PowerScale OneFS 8.1.0 - 9.1.0 Reflected Cross-Site Scripting Vulnerability in Dell EMC iDRAC9 Web Application Plain-text Password Storage Vulnerability in Dell EMC Unity, Unity XT, and UnityVSA Versions Prior to 5.0.4.0.5.012 Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Kaspersky Custom Boot Loader Vulnerability: Bypassing UEFI Secure Boot Weak Password Vulnerability in Askey AP5100W_Dual_SIG_1.01.097 and Prior Versions XSS Vulnerability in Sal's Machine List View Arbitrary Code Execution in DatabaseSchemaViewer v2.7.4.2 and earlier Heap-buffer-overflow vulnerability in JHEAD-3.04/jpgfile.c:285 ReadJpegSections Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Untrusted JavaScript Execution Vulnerability in BookStack (CVE-2021-12345) Cross-Site Scripting (XSS) and Open Redirect Vulnerability in BookStack before version 0.30.4 Unauthorized Access to User Planning in GLPI Denial-of-Service Vulnerability in teler Docker Container (CVE-2021-XXXX) LDAP Authentication Bypass Vulnerability in Alerta Open Redirect Vulnerability in Jupyter Notebook (Versions prior to 6.1.5) Cross-Site Scripting (XSS) Vulnerabilities in TYPO3 Fluid Remote Code Execution Vulnerability in XStream (Versions before 1.4.14) Cross-Site Scripting (XSS) Vulnerability in touchbase.ai (pre-2.0) Open Redirect Vulnerability in touchbase.ai (before version 2.0) Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Exif Data Leakage Vulnerability in toucbase.ai (before version 2.0) Cross-Site Scripting (XSS) Vulnerability in touchbase.ai (pre-2.0) Remote Code Execution Vulnerability in Dependabot-Core Authorization Bypass Vulnerability in Spree eCommerce Solution Unauthenticated Order Listing Vulnerability in PrestaShop (CVE-2020-XXXX) PrestaShop Product Comments Cross-Site Scripting (XSS) Vulnerability Vulnerability: Accidental Disclosure of Secrets in npm package semantic-release Cross-Site Scripting Vulnerability in TYPO3 Fluid Extension Cleartext Storage of User Session Identifiers in TYPO3 XML External Entity Processing Vulnerability in TYPO3 RSS Widgets Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Identification and De-anonymization Vulnerability in Radar COVID Bypass of CVE-2020-15247 in October CMS Open Redirect Vulnerability in Jupyter Server Git Credential Manager Core (GCM Core) Submodule Cloning Vulnerability Insecure HTTPS Hostname Verification in Opencast Dangling Pointer Segfault Vulnerability in Rust Time Crate (Versions 0.2.7 - 0.2.23) Vulnerability: Account Hijacking via ScratchVerifier Login Process Prototype Pollution vulnerability in Highlight.js versions before 9.18.2 and 10.1.2 Template Injection Vulnerability in Cron-utils Library (CVE-2021-12345) DOM-based XSS vulnerability in Scratch Addons More Links addon Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Ethash Mining DAG Generation Flaw in Geth 1.9.24 and Earlier Versions Consensus Vulnerability in Geth: Chain-Splitting via Shallow Copy Denial-of-Service Vulnerability in Geth before Version 1.9.18 Memory Leakage in Nanopb when Decoding Specifically Formed Messages Cryptographic vulnerabilities in Python oic before version 1.2.1 Prototype Pollution leading to Command Injection in systeminformation npm package (versions before 4.30.5) Unrestricted Website Settings Modification in Pimcore (CVE-2021-12345) XXE Vulnerability in Nokogiri Allows External Resource Access Blind SQL Injection Vulnerability in PrestaShop Module productcomments (Versions Prior to 4.2.1) RCE Exploit in Red Discord Bot Dashboard version 0.1.7a Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise OAuthenticator Ignoring Deprecated Whitelist Configuration Open Zaak Cross-Origin Resource Sharing (CORS) Policy Vulnerability Remote Code Execution Vulnerability in OpenMage Vulnerability: Unprotected Admin Panel Access on .dev Domains Email Address Spoofing Vulnerability in OmniAuth-Apple (CVE-2021-12345) Arbitrary PHP Execution Vulnerability in Kirby CMS Regular Expression Denial of Service (ReDoS) in fast-csv's ignoreEmpty parsing option (CVE-2021-23456) Injection Attack in Matrix Synapse Homeserver Allows Denial of Service Server-Side Forgery Request Vulnerability in XStream Arbitrary File Deletion Vulnerability in XStream Library Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise BookStack Image URL Manipulation Vulnerability Improper Access Control of User API Tokens in jupyterhub-systemdspawner Coturn Server Allows Unauthorized Loopback Peer Connections RSA PKCS#1 v1.5 Decryption Information Leakage Vulnerability in tlslite-ng Denial-of-Service Vulnerability in Geth LES Server (CVE-2020-26262) Consensus Vulnerability in Geth Leading to Chain Split Uninitialized Values Vulnerability in TensorFlow Unvalidated DataFormatVecPermute API in TensorFlow allows for Memory Access Vulnerabilities Segmentation fault vulnerability in TensorFlow's tf.raw_ops.ImmutableConst operation Vulnerability in TensorFlow 2.4.0rc*: Out-of-Bounds Access in Filesystem Path Matching MySQL Server Denial of Service Vulnerability Zero-length Input Denial of Service Vulnerability in TensorFlow LSTM/GRU Models with CUDA Backend Uninitialized Memory Access Vulnerability in TensorFlow's Saved Model Loading Electron Framework IPC Message Delivery Vulnerability Arbitrary SQLite Database Read/Write Vulnerability in osquery Command Injection Vulnerability in systeminformation (npm package) before version 4.31.1 Open Redirect Vulnerability in Jupyter Server before version 1.1.1 XML Parsing Vulnerability in Fleet Allows Unverified Logins via SAML Response Manipulation Unprivileged User Privilege Escalation via Malicious Tarball in DBdeployer Vulnerability in Weave Net Allows Host Takeover in Kubernetes Cluster Path Traversal Vulnerability in go-ipfs before version 0.8.0-rc1 Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Persistent Cross-Site Scripting (XSS) Vulnerability in OpenSlides 3.2 Request smuggling vulnerability in async-h1 before version 2.3.0 Server-Side Template Injection leading to Remote Code Execution in BrowserUp Proxy Unescaped Control Characters in Console Output Vulnerability in go-ipfs Arbitrary Command Execution in Hugo before v0.79.1 Remote Code Execution Vulnerability in OpenMage Arbitrary File Upload Vulnerability in HedgeDoc (CVE-2021-12345) Arbitrary JavaScript Execution via Mermaid Diagrams in HedgeDoc Cleartext Password Storage in Parse Server LDAP Authentication (CVE-2021-12345) Regular Expression Denial of Service (ReDoS) in date-and-time npm package (CVE-2021-23456) Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Critical Signature Bypass Vulnerability in Dex SAML Connector Hostname Spoofing Vulnerability in URI.js (npm package urijs) before version 1.19.4 Potential Malware in Creeper Interpreter 1.1.3 Binary Release XSS Bypass in HtmlSanitizer before version 5.0.372 Exposure of Server Configuration in Vela Compiler (CVE-2021-XXXX) Arbitrary File Execution via Layout XML in OpenMage XSS Vulnerability in Vega Expressions (CVE-2021-12345) Cross-Site Scripting (XSS) Vulnerability in mdBook Search Feature Cross-Site Scripting (XSS) Vulnerability in Redcarpet Library Path traversal vulnerability in ftp-srv before version 4.4.0 allows unauthorized access beyond user-defined root folder Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Command Injection Vulnerability in systeminformation npm Package (<=4.26.2) Command Injection Vulnerability in ssh2 (Windows Only) Regular Expression Denial of Service (ReDoS) Vulnerability in is.js Library (Versions 0.9.0 and Prior) Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager for Oracle Database: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise High Privilege Network Access Vulnerability in Oracle Enterprise Manager for Oracle Database Arbitrary Path Traversal Vulnerability in GitLab CE/EE Package Upload Functionality Unauthorized Access to Sensitive SAST CiConfiguration Information in GitLab EE Cross-Site Scripting (XSS) Vulnerability in Gitlab CE/EE: Remote Code Execution via Malicious Project Import Limited Information Disclosure Vulnerability in Gitlab CE/EE: User Profile Data Exposure Uncontrolled Resource Consumption Vulnerability in Gitlab CE/EE Vulnerability in Oracle Enterprise Manager for Oracle Database: Unauthorized Access and Data Compromise Gitlab Project Search Statement Timeout DOS Vulnerability Confidential Epics Information Disclosure Vulnerability in GitLab EE 13.2 to 13.6.2 Information Disclosure Vulnerability in GitLab CE/EE Allows User Email Exposure via GraphQL GitLab Vulnerability: Regex Execution Time Quadratic Growth Exposure of Starred Projects in GitLab GraphQL API (CVE-2021-22214) GitLab EE Advanced Search Information Disclosure Vulnerability GraphQL Information Disclosure Vulnerability in GitLab CE/EE 13.1 and later Kafka Protocol Dissector Memory Leak Vulnerability in Wireshark 3.4.0 and 3.2.0 to 3.2.8 Memory Leak Vulnerability in Wireshark 3.4.0: Denial of Service via Packet Injection or Crafted Capture File Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise RTPS Protocol Dissector Memory Leak Vulnerability Denial of Service Vulnerability in Wireshark 3.4.0 and 3.2.0 to 3.2.8 via USB HID Protocol Dissector QUIC Dissector Buffer Overflow Vulnerability in Wireshark 3.4.0 to 3.4.1 Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Data Access and Manipulation Oracle Solaris Kernel Denial of Service Vulnerability Physical Access Vulnerability in Oracle Retail Customer Management and Segmentation Foundation (Version 16.0) Vulnerability in Oracle Retail Customer Management and Segmentation Foundation Allows Unauthorized Data Access Oracle Retail Customer Management and Segmentation Foundation Unauthorized Data Access Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Marmind 4.1.141.0 Allows Code Injection via Malicious PDF Upload Authorization Bypass Vulnerability in Marmind Web Application (Version 4.1.141.0) Allows Unauthorized Access to Uploaded Files Remote Code Execution via CSV Injection in Marmind Web Application (v4.1.141.0) Unauthorized Retrieval of Stored SMB Credentials on Canon Oce ColorWave 3500 5.1.1.0 Devices Default Credentials Vulnerability in Airleader Master and Easy <= 6.21 Devices Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Default Credentials in Airleader Master <= 6.21 Devices Enable Remote Code Execution Authentication Bypass Vulnerability in wpo365-login Plugin for WordPress XML External Entity (XXE) Vulnerability in Intland codeBeamer ALM 10.x through 10.1.SP4 Insecure Encryption of User Credentials in Intland codeBeamer ALM 10.x through 10.1.SP4 CSRF Vulnerability in Intland codeBeamer ALM 10.x through 10.1.SP4 Cross-Site Scripting (XSS) Vulnerability in Intland codeBeamer ALM 10.x through 10.1.SP4 Unauthenticated SQL Injection Vulnerability in Artica Pandora FMS Heap-Based Buffer Overwrite Vulnerability in Artifex MuPDF 1.18.0 and Earlier Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Denial of Service Vulnerability in NATS nats-server JWT Library CSRF Vulnerability in Garfield Petshop Allows Unauthorized Creation of Administrative Accounts Cross-Site Scripting (XSS) Vulnerability in Froala Editor before 3.2.2 via Pasted Content Username Enumeration Vulnerability in CodeLathe FileCloud SQL Injection Vulnerability in Damstra Smart Asset 2020.7 via API Parameter Username Enumeration Vulnerability in Damstra Smart Asset 2020.7 Cross-Origin Resource Sharing (CORS) Misconfiguration in Damstra Smart Asset 2020.7 Vulnerability in Oracle CRM Technical Foundation Allows Unauthorized Access and Data Manipulation Use-after-free vulnerability in Foxit Reader and PhantomPDF before 10.1 Thread Local Storage Allocation Vulnerability in Foxit Reader and PhantomPDF NULL Pointer Dereference Vulnerability in Foxit Reader and PhantomPDF Out-of-Bounds Write Vulnerability in Foxit Reader and PhantomPDF Arbitrary Code Execution Vulnerability in Foxit Reader and PhantomPDF Use-after-free Vulnerability in Foxit Reader and PhantomPDF Java SE Libraries Vulnerability: Unauthorized Partial Denial of Service Code Injection Vulnerability in Foxit Reader and PhantomPDF on macOS Insecure Secure Boot Enforcement in Linux Kernel Authentication Bypass Vulnerability in MongoDB Simple LDAP Plugin SQL Injection Vulnerability in HelpDeskZ 1.0.2 (Unsupported Versions) Arbitrary Message Injection in Monal before 4.9 Insecure Sudo Rule Allows Unauthorized Execution of Commands in Aviatrix Controller Bypassing htaccess Protection Mechanism for File Downloading in Aviatrix Controller Unauthenticated Remote Code Execution Vulnerability in Oracle Java SE (CVE-2020-14781) Insecure Encryption of Credentials in Aviatrix Controller Sensitive Key Values Stored in Readable File Unauthenticated Access to API Endpoints in Aviatrix Controller Arbitrary File Upload Vulnerability in Aviatrix Controller XSS Vulnerability in REDDOXX MailDepot 2033 (aka 2.3.3022) via Incoming HTML E-mail Bluetooth Legacy BR/EDR PIN Code Spoofing Vulnerability Vulnerability: Brute-Force Attack on Insufficiently Random AuthValue in Bluetooth Mesh Provisioning Vulnerability: Brute-Force Attack on AuthValue in Bluetooth Mesh Provisioning Bluetooth LE and BR/EDR Secure Pairing Vulnerability: Passkey Identification and Man-in-the-Middle Attack Bluetooth Mesh Provisioning Vulnerability: AuthValue Identification and Unauthorized Provisioning Vulnerability in Oracle Solaris X Window System Allows Unauthorized Data Access Bluetooth Mesh Provisioning Vulnerability: Unauthorized Authentication and Key Acquisition Stack-based Buffer Overflow Vulnerability in Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 Devices (CVE-XXXX-XXXX) Reflected and Stored XSS Vulnerabilities in ObjectPlanet Opinio before 7.14 XXE Vulnerability in ObjectPlanet Opinio before 7.15 Expression Language Injection in ObjectPlanet Opinio before 7.14 via admin/permissionList.do parameter Remote Unauthenticated Denial of Service Vulnerability in Motion-Project Motion 3.2 through 4.3.1 Unauthenticated Access to Reboot Vulnerability in D-Link DSR-250N Devices EVPN VxLAN Setup Vulnerability: Incorrect MAC to IP Bindings and VLAN Boundary Forwarding Vulnerability in Oracle CRM Technical Foundation of Oracle E-Business Suite: Unauthorized Data Manipulation Heap-Based Buffer Overflow in Oberthur Smart Card Software Driver Stack-based Buffer Overflow in Gemsafe GPK Smart Card Software Driver Stack-based Buffer Overflow in TCOS Smart Card Software Driver Stored XSS in Leostream Connection Broker 8.2.x via webquery.pl User-Agent HTTP Header Infinite Loop Vulnerability in Wireshark's Facebook Zero Protocol Dissector Oracle iSupport Product Vulnerability: Unauthorized Access and Data Compromise Arbitrary Command Execution Vulnerability in D-Link DAP-1360U Devices Unauthenticated File Upload Vulnerability in Sage DPW 2020_06_x Reflected XSS Vulnerability in Sage DPW 2020_06_x Java SE and Java SE Embedded Networking Vulnerability Arbitrary Code Execution via Dynamic OOO Widget in Elementor Pro Plugin for WordPress LG Mobile Devices Wi-Fi Subsystem Input Validation Vulnerability LG Mobile Devices TCP Connection Termination Vulnerability Unauthenticated Acceptance of DynamicLockscreen Terms and Conditions on Samsung Mobile Devices (SVE-2020-17079) MySQL Server Denial of Service Vulnerability Auto Hotspot Vulnerability on Samsung Mobile Devices with Q(10.0) Software (SVE-2020-17288) Vulnerability: Privilege Escalation via Mishandled PendingIntent in DirEncryptService Vulnerability: Unprivileged Process Access to SDCard via PendingIntent in Samsung Mobile Devices Directory Traversal Vulnerability in Samsung Sticker Center (SVE-2020-18433) Contact Number Disclosure Vulnerability in Samsung SystemUI Sensitive Information Disclosure Vulnerability on Samsung Mobile Devices with Exynos Chipsets (SVE-2020-18596) Secure Folder Content Access Vulnerability TimaService Vulnerability: Privileged Action via Modified Intent (SVE-2020-18418) Cross-Site Scripting (XSS) Vulnerability in fastadmin V1.0.0.20200506_beta Oracle iSupport Product Vulnerability: Unauthorized Access and Data Compromise Oracle iSupport Product Vulnerability: Unauthorized Access and Data Compromise Arbitrary Web Script Execution via SQL Injection in Gila CMS 1.15.4 and Earlier Arbitrary Web Script Execution via SQL Injection in Gila CMS 1.15.4 and Earlier Arbitrary Web Script Execution via SQL Injection in Gila CMS 1.15.4 and Earlier Time-Based SQL Injection Vulnerability in Hospital Management System V4.0 XSS Vulnerability in Hospital Management System V4.0 Allows Arbitrary Code Execution Hospital Management System V4.0: Unrestricted Arbitrary File Upload Vulnerability Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Manipulation Time-Based SQL Injection Vulnerability in Hospital Management System V4.0 Allows Database Information Dump Vulnerability in Oracle Solaris Filesystem Allows Unauthorized Data Access iCMS 7.0.16 Cross Site Request Forgery (CSRF) Vulnerability Allows Arbitrary Web Script Execution Cross-Site Scripting (XSS) Vulnerability in SeaCMS Version 11 Login Page Incorrect Access Control in AtomXCMS 2.0 via admin/dump.php Oracle iSupport Product Vulnerability: Unauthorized Access and Data Compromise Arbitrary File Read Vulnerability in AtomXCMS 2.0 via admin/dump.php Denial of Service Vulnerability in rtl8812au v5.6.4.2 Oracle E-Business Suite Vulnerability: Unauthorized Data Manipulation via Attachments/File Upload Heap-based Buffer Overflow in EbmlTypeDispatcher::send in VideoLAN VLC Media Player 3.0.11 SQL Injection Vulnerability in BigTree CMS 4.4.10 and Earlier: Exploiting 'Create New Feed' Function Stored Cross-Site Scripting (XSS) Vulnerability in BigTree CMS 4.4.10 and Earlier Oracle iSupport Unauthenticated Remote Code Execution Vulnerability Arbitrary Command Execution Vulnerability in BigTree CMS 4.4.10 and Earlier Cross Site Scripting (XSS) Vulnerability in Testimonial Rotator WordPress Plugin 3.0.2 SQL Injection Vulnerability in vFairs 3.3 Virtual Conference and Event Platform vFairs 3.3 Remote Code Execution via Profile Picture Upload Insecure Permissions in vFairs 3.3: Profile Modification and XSS Vulnerability Oracle iSupport Unauthenticated Remote Code Execution Vulnerability Cross-Site Scripting (XSS) Vulnerability in vFairs 3.3 Allows Profile Modification and Payload Injection Signed Integer Overflow in `ass_outline_construct` Function of libass 0.14.0 Memory Leak Vulnerability in MuPDF 1.17.0 Allows Information Disclosure Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Stored Cross-Site Scripting (XSS) Vulnerability in pfSense 2.4.5-p1's load_balancer_monitor.php Function Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise XSS Vulnerability in Dashboards Section of Kaa IoT Platform v1.2.0 Easy-XML 0.5.0 XML External Entity (XXE) Vulnerability Arbitrary Code Execution Vulnerability in Shenzhim AAPTJS 1.3.1 XML External Entity Injection (XXE) Vulnerability in requests-xml v0.2.3 XML External Entity Injection (XXE) Vulnerability in py-xml v1.0 Allows Arbitrary Code Execution Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise XML External Entity Injection (XXE) Vulnerability in easy-parse v0.1.1 SQL Injection Vulnerability in REDCap 10.3.4 ToDoList Function via Sort Parameter Reflected XSS Vulnerability in REDCap 10.3.4 ToDoList Function Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Remote Code Execution Vulnerability in Tenda AC9 Routers via Shell Metacharacters Oracle Application Testing Suite: Unauthenticated Remote Access Vulnerability Insecure Session Cookie Handling in SKYWORTH GN542VF Boa version 0.94.13 Cross Site Scripting (XSS) Vulnerability in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 via DDNS Configuration Section Vulnerability in Oracle VM VirtualBox Allows Takeover Oracle Hospitality OPERA 5 Login Vulnerability Buffer Overflow Vulnerability in clickhouse-driver before 0.1.5 Allows Remote Code Execution Vulnerability in Oracle Hospitality OPERA 5 Printing Component Remote Code Execution Vulnerability in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07) Unauthenticated External Link Opening Vulnerability in Rocket.Chat Desktop Application 2.17.11 CSRF Vulnerability in PHPGurukul User Registration & Login System Reflected Cross-Site Scripting (XSS) Vulnerability in Formstone <=1.4.16 Vulnerability in Oracle Hospitality OPERA 5 Login: Unauthorized Access to Critical Data Remote Code Execution Vulnerability in PPGo_Jobs v2.8.0 via 'AjaxRun()' Function Authenticated SQL Injection Vulnerability in Restaurant Reservation System 1.0 Vulnerability in Oracle VM VirtualBox: Unauthorized Data Access and Modification MySQL Server Denial of Service Vulnerability Heap Buffer Overflow Vulnerability in Mediainfo (before version 20.08) via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping Oracle Solaris Filesystem Vulnerability: Unauthorized Hang or Crash of Oracle Solaris Stack Overflow Vulnerability in Aleth Ethereum C++ Client (<= 1.8.0) via Crafted config.json File Leading to Denial of Service Stored XSS Vulnerability in TrippLite SU2200RTXL2Ua Firmware 12.04.0055 CSRF Vulnerability in forma.lms 2.3.0.2 Allows Account Takeover via Admin Email Change Unrestricted File Upload Vulnerability in Sentrifugo 3.2 Unrestricted File Upload Vulnerability in Sentrifugo 3.2 SQL Injection Vulnerability in Sentrifugo 3.2 Allows Unauthorized Employee Information Modification Unrestricted File Upload Vulnerability in ObjectPlanet Opinio before 7.15 Insecure Default Filesystem Permissions in SAP ERP Client for E-Bilanz 1.0 Installation Folder Arbitrary Code Injection Vulnerability in SAP AS ABAP and SAP S4 HANA SAP Commerce Cloud: Authentication Bypass and Secure Media Folder Disclosure Vulnerability Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Unauthenticated Denial of Service Vulnerability in SAP Commerce Cloud (Accelerator Payment Mock) Server Side Request Forgery (SSRF) Vulnerability in SAP Commerce Cloud (Accelerator Payment Mock) PGP Key Exposure Vulnerability in SAP Process Integration (B2B Add-On) Server-Side Request Forgery Vulnerability in SAP Fiori Launchpad (News Tile Application) Unencrypted Key Storage in SAP AS JAVA: Confidentiality Impact Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability SAP NetWeaver AS ABAP (Web Dynpro) Information Disclosure Vulnerability Improper Access Control in SAP NetWeaver AS ABAP (Web Dynpro) Allows Unauthorized Access to Database Logfiles Vulnerability in Oracle VM VirtualBox Allows Takeover SAP NetWeaver AS JAVA Privilege Escalation and File System Exposure Vulnerability Unauthenticated Remote Code Execution in SAP Solution Manager (JAVA stack) 7.20 via SVG Converter Service Unauthenticated Remote Code Execution in SAP Solution Manager 7.20 Unauthenticated Remote Code Execution in SAP Solution Manager 7.20 Unauthenticated Remote Code Execution Vulnerability in SAP Solution Manager 7.20 SAP Fiori Launchpad News Tile Application Reflected XSS Vulnerability Unrestricted File Upload Vulnerability in SAP NetWeaver AS JAVA Remote Code Execution Vulnerability in SAP Disclosure Management 10.1 Arbitrary Connection Vulnerability in SAP NetWeaver AS JAVA Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Manipulation Inadequate Access Control in SAP Solution Manager 7.2 Allows Unauthorized User Operations XML Entity Injection Vulnerability in SAP BusinessObjects BI Platform (Crystal Report) Unauthorized Access to Sensitive Information and System Disruption in SAP AS ABAP and SAP S4 HANA SAP HANA Database 2.0 SAML Bearer Token Username Validation Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS ABAP Open Redirect Vulnerability in SAP Solution Manager (Trace Analysis) 720 Path Traversal Vulnerability in SAP Solution Manager 7.2 (User Experience Monitoring) Code Injection Vulnerability in SAP Business Warehouse and SAP BW4HANA Oracle FLEXCUBE Universal Banking: Unauthorized Access Vulnerability Vulnerability in Oracle FLEXCUBE Universal Banking: Unauthorized Data Access and Manipulation MySQL Server Vulnerability: Unauthorized Hang and Crash (CVE-XXXX-XXXX) Remote Code Execution Vulnerability in ARC Informatique PcVue Prior to Version 12.0.17 Denial-of-Service Vulnerability in ARC Informatique PcVue Prior to Version 12.0.17 Information Exposure Vulnerability in ARC Informatique PcVue Prior to Version 12.0.17 Unauthenticated Unauthorized Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools DOMPurify before 2.0.17 Vulnerability: Mutation XSS via Namespace Change Bypassing Payment Step in wp-courses Plugin for WordPress via /wp-json REST API Open Redirect Vulnerability in ApiFest OAuth 2.0 Server 0.3.1 Remote Command Injection in Ruckus through 1.5.1.0.21 via /service/v1/createUser Endpoint Ruckus vRioT API Backdoor Vulnerability Vulnerability in Oracle Financial Services Analytical Applications Infrastructure: Unauthorized Access and Data Compromise Local Privilege Escalation in Sympa through 6.2.57b.2 via sympa.conf Configuration File Data Amplification Vulnerability in Play Framework: Multipart/Form-Data JSON Input Unbounded Recursion Vulnerability in Play Framework JSON Parsing RSA Archer 6.8 through 6.8.0.3 and 6.9 URL Injection Vulnerability XSS Vulnerability in 2sic 2sxc Allows Remote Code Execution Softaculous before 5.5.7 Privilege Escalation Vulnerability Bypass of DNS Rebinding Protection in FRITZ!OS on FRITZ!Box Devices Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Denial of Service Vulnerability in Matrix Synapse XSS Vulnerability in AuthRestServlet of Matrix Synapse before 1.21.0 Incorrect Access Control in NATS nats-server: Expired Credentials Handling Vulnerability Privilege Escalation Vulnerability in ClamXAV 3 Helper Tool Privilege Escalation via Malicious cmd.exe in LiveCode v9.6.1 on Windows Vulnerability: Exploitable Counterparty High-S Signature in LND (Lightning Network Daemon) LND (Lightning Network Daemon) Vulnerability: Invoice Database Preimage Release Vulnerability: Disclosure of Administrative Credentials in NETGEAR Devices Incorrect Configuration of Security Settings in NETGEAR RAX40 Devices (CVE-XXXX-XXXX) Vulnerability: Sensitive Information Disclosure in NETGEAR Devices Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Vulnerability: Disclosure of Administrative Credentials in NETGEAR Devices Sensitive Information Disclosure Vulnerability in NETGEAR Devices Unauthenticated Command Injection Vulnerability in NETGEAR Devices Vulnerability: Disclosure of Administrative Credentials in NETGEAR Devices Vulnerability: Disclosure of Administrative Credentials in NETGEAR Devices Vulnerability: Disclosure of Administrative Credentials in NETGEAR Devices Vulnerability: Disclosure of Administrative Credentials in NETGEAR Devices Command Injection Vulnerability in NETGEAR RBK852, RBR850, and RBS850 Devices Authentication Bypass Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in NETGEAR D7800 and R7500v2 Routers Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Command Injection Vulnerability in NETGEAR Devices Function Level Access Control Vulnerability in Certain NETGEAR Devices CSRF Vulnerability in Certain NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Certain NETGEAR Devices Command Injection Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Vulnerability: Incorrect Configuration of Security Settings in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Lack of Function-Level Access Control in NETGEAR JGS516PE Devices Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Command Injection Vulnerability in NETGEAR SRK60, SRR60, and SRS60 Devices Authentication Bypass Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR WC Series Devices Stored XSS Vulnerability in NETGEAR WC7500, WC7600, and WC9500 Devices Sensitive Information Disclosure Vulnerability in NETGEAR WAC720 and WAC730 Devices Denial of Service Vulnerability in NETGEAR GS808E Devices Authentication Bypass Vulnerability in NETGEAR Devices Authentication Bypass Vulnerability in Certain NETGEAR Devices Authentication Bypass Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR R6220 and R6230 Devices Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Incorrect Configuration of Security Settings in NETGEAR EX7700 Devices Vulnerability: Sensitive Information Disclosure in NETGEAR WC Series Devices Improper Permissions for sympa_newaliases-wrapper in Debian Sympa Package Vulnerability: Incorrect Access Control during Non-Orderly TPM Shut-Down XSS Vulnerability in phpMyAdmin Transformation Feature SQL Injection Vulnerability in phpMyAdmin's SearchController CSRF Vulnerability in Cloudera Data Engineering (CDE) before 1.1 Improper URI Pattern Check in oauth2-server Allows XSS Payload Injection (CVE-2020-7741 Variant) Vulnerability: Information Leakage in RSA Private Exponent through Invalid Ciphertext Unauthorized Read Access Vulnerability in Oracle MySQL Server (CVE-2020-2819) Arbitrary File Overwrite Vulnerability in ESET Installers CVE-2020-26942 Code Execution Vulnerability in OpenStack Blazar-Dashboard Plugin Time-based SQL Injection in Aptean Product Configurator 4.61.0000 on Windows Deserialization Vulnerability in MyBatis before 3.5.6 Insecure RPATH Handling in Monero GUI Allows Privilege Escalation SSRF Vulnerability in Emby Server before 4.5.0 via Items/RemoteSearch/Image ImageURL Parameter Unauthenticated Read Access Vulnerability in PeopleSoft Enterprise CC Common Application Objects Use-after-free vulnerability in MCallGetProperty opcode in Firefox and Thunderbird Event Loading Mismatch Vulnerability in Firefox's SVG Code Allows Bypassing Sanitizer Memory Corruption and Crash Vulnerability in Firefox < 83 due to Incorrect Inlining of JIT-Compiled Functions Full-Screen Phishing Vulnerability in Firefox and Thunderbird Arbitrary File Path Manifest Injection Vulnerability in Firefox for Android (CVE-2020-26971) Cookie Leakage in Firefox for Android HTML Sanitization Vulnerability in Firefox and Thunderbird (CVE-2020-26951) Certificate Revocation List (CRL) Failure in Firefox for Android (CVE-2020-26971) Script Execution Vulnerability in Firefox and Thunderbird Use-after-free vulnerability during browser shutdown in Firefox and Thunderbird Oracle Solaris Common Desktop Environment Privilege Escalation Vulnerability Use-after-free vulnerability in Compact() method of nsTArray in Firefox and Thunderbird DNS Rebinding Attack Vulnerability in Firefox and Thunderbird Cross-Origin Login Autofill Vulnerability in Firefox < 83 Rate Limiting Vulnerability in Firefox < 83 Untrusted Apps Exploit Remote Debugging via USB in Firefox for Android Vulnerability: Password Exposure via Show Password Feature in Firefox and Thunderbird Local Network Information Leak via mDNS Request Mutation Observer Confusion in Firefox Screenshots: Exploiting Page Change Listener Memory Corruption Vulnerabilities in Firefox 82 and Firefox ESR 78.4 Memory Corruption Vulnerabilities in Firefox 82: Potential Arbitrary Code Execution Oracle Hospitality Suites Management Component Vulnerability Stack Corruption in Thunderbird SMTP Server Status Code Handling Heap Buffer Overflow in Video Drivers due to Improper Constraint Handling Use-after-free vulnerability in WebGL allows for potential exploitation in Firefox < 84 CSS Sanitizer Bypass Vulnerability in Firefox, Thunderbird, and Firefox ESR Heap User-After-Free and Memory Corruption Vulnerability in flex-basis Handling Arbitrary Header Injection Vulnerability in Firefox for Android (Versions < 84) Insecure Framing Vulnerability in Firefox < 84 Tab Content Manipulation in Firefox for Android (CVE-2020-26971) Slipstream Exploit: Exposing Internal Network and Local Services in Firefox and Thunderbird URL Spoofing Vulnerability in Firefox < 84 Vulnerability in Oracle VM VirtualBox: High Privileged Takeover Type Confusion Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-11881) Arbitrary File Disclosure Vulnerability in JT2Go and Teamcenter Visualization Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-11898) Out-of-Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-11900) Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-11972) Heap-based Buffer Overflow in JT2Go and Teamcenter Visualization (ZDI-CAN-11986, ZDI-CAN-11994) Heap-based Buffer Overflow in JT2Go and Teamcenter Visualization (ZDI-CAN-12014) Heap-based Buffer Overflow in JT2Go and Teamcenter Visualization (ZDI-CAN-12016, ZDI-CAN-12017) Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-11891) Stack-based Buffer Overflow in JT2Go, Solid Edge, and Teamcenter Visualization (ZDI-CAN-11892) Oracle FLEXCUBE Universal Banking Product Vulnerability: Unauthorized Access and Data Compromise Type Confusion Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-11897) Unvalidated User Input Parsing Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-11899) Stack-based Buffer Overflow in JT2Go and Teamcenter Visualization Stack-based Buffer Overflow in JT2Go and Teamcenter Visualization Heap-based Buffer Overflow in JT2Go and Teamcenter Visualization Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-11992) Memory Access Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12027) Unvalidated User Input Parsing Vulnerability in Solid Edge SE2020 and SE2021 (ZDI-CAN-11919) Memory Access Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12040) Memory Access Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12042) Oracle FLEXCUBE Universal Banking Unauthorized Data Access Vulnerability Memory Corruption Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12018) Stack-based Buffer Overflow in JT2Go and Teamcenter Visualization (ZDI-CAN-12041) Memory Access Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12043) Unvalidated User Input Parsing in JT2Go and Teamcenter Visualization Allows Code Execution (ZDI-CAN-12158) Memory Access Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12163) Out of Bounds Write Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12178) Memory Corruption Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12182) Memory Access Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12207) Memory Access Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12209) Vulnerability: DNS Domain Name Record Decompression Pointer Offset Validation Bypass Vulnerability in Oracle VM VirtualBox Allows Takeover Cross-Site Scripting (XSS) Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Vulnerability in Trend Micro Antivirus for Mac 2020: Unauthorized Access and Modification of Sensitive Data Race Condition Vulnerability in Trend Micro Antivirus for Mac 2020 (Consumer) Web Threat Protection Blocklist Component Error Message Information Disclosure Vulnerability in Trend Micro Antivirus for Mac 2020 (Consumer) CSRF Vulnerability in Trend Micro IMSVA 9.1 Allows Unauthorized Policy Rule Modification XML External Entity Processing (XXE) Vulnerability in Trend Micro IMSVA 9.1 Server Side Request Forgery Vulnerability in Trend Micro IMSVA 9.1 Information Disclosure Vulnerability in Trend Micro IMSVA 9.1 Vulnerability in Oracle VM VirtualBox: High Privileged Takeover Weak Cryptographic Strength in Kaspersky Password Manager's Password Generator Out-of-bounds Read Vulnerability in avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc Potential Permission Bypass and Information Disclosure in BluetoothMediaBrowserService.java Out-of-Bounds Read Vulnerability in Bluetooth State Machine Event Handling Possible Permission Bypass and Local Information Disclosure in EapFailureNotifier.java and SimRequiredNotifier.java Device Unlock Interface Information Disclosure Vulnerability Out of Bounds Read Vulnerability in nfc_ncif_proc_get_routing of Android-11 Out of Bounds Read Vulnerability in filter_incoming_event of hci_layer.cc Improper Input Validation in TextView.java Leads to Remote Denial of Service Vulnerability Vulnerability in Oracle VM VirtualBox: Unauthorized Hang or Crash Possible Permission Bypass and Local Privilege Escalation in HandleApiCalls.java Out of Bounds Read Vulnerability in NFC Data Event Handling Missing Permission Check in getRadioAccessFamily of PhoneInterfaceManager.java Allows Local Information Disclosure Out of Bounds Read Vulnerability in nfc_ncif_proc_get_routing of Android-11 Possible Permission Bypass in createSimSelectNotification of SimSelectNotification.java Use-after-free vulnerability in priorLinearAllocation of C2AllocatorIon.cpp allows for local information disclosure in media codec without additional privileges (Android-11). Out of Bounds Write Vulnerability in phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc Out of Bounds Read Vulnerability in phNxpNciHal_core_initialized of phNxpNciHal.cc Memory Leak in C2SoftVorbisDec.cpp leading to Remote Denial of Service Potential Permission Bypass in postNotification of ServiceRecord.java with Unsafe PendingIntent Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Out of Bounds Read Vulnerability in phNxpNciHal_core_initialized of phNxpNciHal.cc Unsafe PendingIntent in showProvisioningNotification of ConnectivityService.java allows local information disclosure without additional privileges Out-of-bounds Read Vulnerability in NFC Enabled of Android-11 Use-after-free vulnerability in restartWrite function of Parcel.cpp allows for local privilege escalation without additional execution privileges. Heap Buffer Overflow in CE_SendRawFrame in ce_main.cc Out of Bounds Read Vulnerability in nfc_ncif_proc_ee_action of nfc_ncif.cc Out of Bounds Read Vulnerability in ce_t4t_update_binary of ce_t4t.cc Out of Bounds Write Vulnerability in RW_SendRawFrame of rw_main.cc Out of Bounds Write Vulnerability in rw_t3t_send_raw_frame of Android-11 Vulnerability in Oracle VM VirtualBox Allows Unauthorized Access to Critical Data Heap Buffer Overflow in rw_i93_send_cmd_write_multi_blocks of rw_i93.cc Integer Overflow Vulnerability in NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc Allows for Local Privilege Escalation Permission Bypass Vulnerability in getLockTaskLaunchMode of ActivityRecord.java Location Permission Bypass in broadcastWifiCredentialChanged of ClientModeImpl.java Missing Permission Check in onFactoryReset of BluetoothManagerService.java Allows Local Privilege Escalation Insecure WiFi Configuration Vulnerability in WifiConfigController.java and WifiConfigController2.java Missing Permission Check in SELinux Policies of MLS in Android-11 Allows Local Information Disclosure Possible Permission Bypass in getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp in Android-11 Tapjacking Vulnerability in AuthenticationClient.java Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Data Access and Manipulation Use-after-free vulnerability in xfrm6_tunnel_free_spi in net/ipv6/xfrm6_tunnel.c allows local users to gain privileges via crafted system calls. Race condition vulnerability in l2tp subsystem allows for local privilege escalation Title: Android Kernel Vulnerability (A-127973231) Vulnerability in Primavera P6 Enterprise Project Portfolio Management: Unauthorized Data Access and Manipulation Oracle iLearning Learner Pages Unauthenticated Access Vulnerability Possible Permissions Bypass in checkGrantUriPermission of UriGrantsManagerService.java Contacts Information Disclosure Vulnerability in UriGrantsManagerService Vulnerability in Oracle Banking Payments: Unauthorized Data Access and Manipulation Oracle Banking Payments: Unauthorized Access to Critical Data Vulnerability Vulnerability in Oracle Banking Payments: Unauthorized Data Access and Manipulation Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability Privilege Escalation Vulnerability in Cisco Identity Services Engine (ISE) Active Directory Integration Arbitrary File Read Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Unauthenticated Remote Access to Sensitive Information in Cisco Security Manager Cross-Site Scripting Vulnerability in Cisco Webex Meetings API Arbitrary Code Execution and Information Disclosure Vulnerabilities in Cisco Jabber Arbitrary File Write Vulnerability in Cisco SD-WAN vManage Software Arbitrary Command Injection Vulnerability in Cisco SD-WAN vManage Software Oracle Banking Payments Product Vulnerability Title: Cisco Security Manager Directory Traversal Vulnerability Allows Unauthorized Access to Sensitive Information Java Deserialization Vulnerabilities in Cisco Security Manager Arbitrary Code Execution and Information Disclosure Vulnerabilities in Cisco Jabber Arbitrary Code Execution and Information Disclosure Vulnerabilities in Cisco Jabber Arbitrary Code Execution and Information Disclosure Vulnerabilities in Cisco Jabber Unauthorized Read Access Vulnerability in Oracle Banking Payments Cross Site Request Forgery (CSRF) Vulnerability in TIBCO iProcess Workspace (Browser) Unauthenticated Access to Authenticated Login URL in TIBCO PartnerExpress REST API XML External Entity (XXE) Vulnerability in TIBCO EBX Add-ons Privilege Escalation Vulnerability in NPort IA5150A/IA5250A Series (Version 1.5 and below) Allows Unauthorized Configuration Changes Vulnerability in Oracle Banking Corporate Lending Allows Unauthorized Data Manipulation Sensitive Data Exposure in NPort IA5000A Series Configuration Export Arbitrary Binary Execution Vulnerability in Kata Containers Infinite Loop Vulnerability in Linux Kernel's ioapic_lazy_update_eoi Function Double Free Vulnerability in BlueZ's gatttool disconnect_cb() Routine Arbitrary Code Execution Vulnerability in Mitel BusinessCTI Enterprise (MBC-E) Client for Windows WebSocket Endpoint Trust Vulnerability Unauthenticated Remote Code Execution in Veritas APTARE Versions Prior to 10.5 Authentication Bypass Vulnerability in Veritas APTARE versions prior to 10.5 Remote Code Execution Vulnerability in Western Digital My Cloud NAS Devices Remote Code Execution Vulnerability in Western Digital My Cloud NAS Devices Oracle Banking Corporate Lending Product Unauthorized Access Vulnerability Remote Code Execution Vulnerability in Western Digital My Cloud NAS Devices Cross-Site Scripting (XSS) Vulnerability in phpRedisAdmin before 1.13.2 via login.php username parameter Vulnerability in Oracle Banking Corporate Lending: Unauthorized Data Access and Manipulation Out-of-Bounds Speculation Vulnerability in Linux Kernel Off-by-one Error in Linux Kernel Allows Spectre Side-Channel Attacks (CVE-2021-28964) Arbitrary Write Elevation of Privileges Vulnerability in G-Data Unlimited Memory Usage Vulnerability in vm-superio before 0.1.1 Memory Leak Vulnerability in Amazon AWS Firecracker Mutation XSS in Mark Text through 0.16.2: Remote Code Execution via source code mode Insecure Secret Key Handling in Apereo CAS for Google Authenticator Multifactor Authentication Arbitrary Account Takeover in konzept-ix publiXone (before 2020.015) via Password-Reset Token Crafting Oracle Banking Corporate Lending Product Unauthorized Access Vulnerability File Download Vulnerability in konzept-ix publiXone (before 2020.015) via Iterating IXCopy FileID Parameter Hardcoded AES Key Vulnerability in konzept-ix publiXone Java Applet Multiple Cross-Site Scripting (XSS) Vulnerabilities in konzept-ix publiXone before 2020.015 Unrestricted RemoteFunctions Endpoint in konzept-ix publiXone (before 2020.015) Allows for Privilege Escalation and Data Disclosure Vulnerability: Lack of Encryption in Telnet Communication on NPort IA5000A Series Devices Cleartext Transmission Vulnerability in Moxa Service: Exposing Sensitive Information in NPort IA5000A Series Serial Devices Privilege Escalation via KDE Partition Manager's kpmcore_externalcommand Helper Oracle Banking Corporate Lending Unauthorized Data Access Vulnerability Local File Inclusion in LionWiki before 3.2.12 Privilege Escalation Vulnerability in BinaryNights ForkLift 3.4 Cross-Site Scripting (XSS) Vulnerability in CKEditor Color Dialog Plugin Bounds Tracking Mishandling in Linux Kernel's scalar32_min_max_or Function (CID-5b9fbeb75b6a) Subversion of Client File Sandbox Feature in HashiCorp Nomad and Nomad Enterprise Versions 0.9.0 - 0.12.5 StackOverflowError and Denial of Service Vulnerability in PlayJava SSRF Vulnerability in TAXII libtaxii through 1.1.117 Authentication Bypass Vulnerability in Magic Home Pro Application 1.5.1 for Android Vulnerability in Oracle FLEXCUBE Investor Servicing: Unauthorized Data Access and Manipulation Use-after-free vulnerability in Zetetic SQLCipher 4.x before 4.4.1 allows remote denial of service Vulnerability: Downgrade Attack on Flash Read-Out Protection (RDP) in SoloKeys Solo 4.0.0, Somu, and Nitrokey FIDO2 Token Power Analysis Vulnerability in micro-ecc Library 1.0 Allows Extraction of Private ECC Key Oracle FLEXCUBE Investor Servicing Product Vulnerability: Unauthorized Access to Critical Data Improper Protection Against Physical Side Channels in Nordic Semiconductor nRF52840 Devices Vulnerability: Fault Injection Exploit Degrades Flash Read-Out Protection on STMicroelectronics STM32L4 Devices Insufficiently Random Initial Sequence Number Generation in Ethernut Nut/OS 5.1 Race Condition Vulnerability in Eclipse Jetty Unverified Size Vulnerability in Eclipse Hono AMQP Protocol Adapter HTTP Request Body Injection in Multiplexed Connections in Eclipse Jetty Unsafe Characters in HTTP 404 JSON Response Body in Eclipse Hawkbit REST API Vulnerability in Oracle FLEXCUBE Investor Servicing: Unauthorized Data Access and Manipulation Insecure Command & Control Message Authorization in Eclipse Hono AMQP and MQTT Protocol Adapters Stack-based Buffer Overflow in UTF-8 to Platform Encoding Conversion in Eclipse OpenJ9 up to Version 0.23 Certificate-based DTLS Handshake Failure Leading to DoS Vulnerability in Eclipse Californium 2.3.0 to 2.6.0 Denial of Service (DoS) Vulnerability in Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114, 10.0.0, and 11.0.0 Arbitrary Code Execution Vulnerability in Eclipse Theia Markdown Preview (up to version 1.2.0) Unauthenticated Local Help Command Injection in Eclipse Platform SQL Injection Vulnerability in OpenClinic GA 5.173.3's 'quickFile.jsp' Page OpenClinic GA 5.173.3 Unauthenticated Command Injection Vulnerability Default Permissions Vulnerability in OpenClinic GA 5.173.3 Allows Privilege Escalation Authenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3 Application Oracle FLEXCUBE Investor Servicing Product Vulnerability Authenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3 Application Authenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3 Application SQL Injection Vulnerability in OpenClinic GA 5.173.3's 'manageServiceStocks.jsp' Page SQL Injection Vulnerability in 'getAssets.jsp' Page of OpenClinic GA 5.173.3 SQL Injection Vulnerability in 'getAssets.jsp' of OpenClinic GA 5.173.3 SQL Injection Vulnerability in 'getAssets.jsp' Page of OpenClinic GA 5.173.3 SQL Injection Vulnerability in 'getAssets.jsp' Page of OpenClinic GA 5.173.3 SQL Injection Vulnerability in OpenClinic GA 5.173.3's 'getAssets.jsp' Page Unauthenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3's 'getAssets.jsp' Page Unauthenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3 Oracle FLEXCUBE Investor Servicing Unauthorized Data Access Vulnerability SQL Injection Vulnerability in OpenClinic GA 5.173.3's 'getAssets.jsp' Page Unauthenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3 Authenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3: listImmoLabels.jsp Authenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3: 'listImmoLabels.jsp' Page Authenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3 Authenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3: 'listImmoLabels.jsp' Page Authenticated SQL Injection Vulnerability in OpenClinic GA 5.173.3: listImmoLabels.jsp immoComment Parameter Heap-based Buffer Overflow in SoftMaker Office PlanMaker 2021 (Revision 1014) Heap-based Buffer Overflow in SoftMaker Office PlanMaker 2021 (Revision 1014) Heap-based Buffer Overflow in SoftMaker Office PlanMaker 2021 (Revision 1014) Vulnerability in Oracle VM VirtualBox Allows Unauthorized Denial of Service Attacks Heap-based Buffer Overflow in SoftMaker Office PlanMaker 2021 (Revision 1014) Heap Overflow Vulnerability in FactoryTalk Linx Version 6.11 and Prior: Remote Code Execution via Malicious Port Ranges Race Condition Vulnerability in Medtronic MyCareLink Smart 25000 Allows Remote Code Execution Denial-of-Service Vulnerability in FactoryTalk Linx Version 6.11 and Prior Improper Authentication Vulnerability in Emerson Rosemount X-STREAM Gas Analyzer Heap Overflow Vulnerability in FactoryTalk Linx Version 6.11 and Prior: Remote Information Disclosure and ASLR Bypass Hard-coded Physician PIN Vulnerability in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i, and AnyDana-A Insulin Pumps Type-Confusion Vulnerability in Omron CX-One Version 4.60 and Prior Devices Allows Local Code Execution Information Disclosure Vulnerability in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i, and AnyDana-A: Extracting Keypad Lock PIN via Bluetooth Low Energy Arbitrary Code Execution Vulnerability in Omron CX-One Version 4.60 and Prior Vulnerability in Oracle VM VirtualBox: Remote Takeover (CVE-2020-2732) HL7 v2.x Injection Vulnerabilities in Innokas Yhtymä Oy Vital Signs Monitor VC150 Stack-Based Buffer Overflow in Omron CX-One Version 4.60 and Prior: Remote Code Execution Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in Innokas Yhtymä Oy Vital Signs Monitor VC150 Heap-Based Buffer Overflow in KEPServerEX and Industrial Connectivity Software Vulnerability: Brute-Force Attack on Deterministic Keys in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A Stack-Based Buffer Overflow Vulnerability in KEPServerEX and Industrial Connectivity Software Client-side control vulnerability in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i, and AnyDana-A: Bypassing User Authentication via Bluetooth Low Energy Heap-based Buffer Overflow in KEPServerEX, ThingWorx Kepware Server, ThingWorx Industrial Connectivity, OPC-Aggregator, KEPServer Enterprise, GE Digital Industrial Gateway Server, and TOP Server Client-side control vulnerability in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i, and AnyDana-A: Bypassing Default PIN Checks via Bluetooth Low Energy Insulin Pump Vulnerability: Lack of Replay Protection in SOOIL Diabecare RS and AnyDana Mobile Apps Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Inadequate Encryption Key Protection in SOOIL Developments CoLtd DiabecareRS and AnyDana-i, AnyDana-A Vulnerability Insecure Communication Protocol in SOOIL Developments CoLtd DiabecareRS and AnyDana-i, AnyDana-A Mobile Apps Allows Key Eavesdropping and Pump Spoofing via BLE Denial-of-Service Vulnerability in OPC UA Tunneller (versions prior to 6.3.0.8233) Out-of-Bounds Write Vulnerability in Delta Electronics DOPSoft Version 4.0.8.21 and Prior Inadequate Authentication Measures in SOOIL Developments Co Ltd DiabecareRS Insulin Pump and Mobile Apps Null Pointer Dereference Vulnerability in Delta Electronics DOPSoft Version 4.0.8.21 and Prior Hard-coded Credentials Vulnerability in Hamilton Medical AG T1-Ventillator Versions 2.2.3 and Prior NULL Pointer Dereference Vulnerability in Crimson 3.1 Protocol Converter Critical Vulnerability in Oracle Fusion Middleware Identity Manager: Unauthorized Access to Critical Data Use After Free Vulnerability in ISPSoft(v3.12 and prior) Allows Arbitrary Code Execution Stack-Based Buffer Overflow in Delta Electronics CNCSoft ScreenEditor XML Validation Vulnerability in Hamilton Medical AG T1-Ventillator Versions 2.2.3 and Prior: Device Rendered Persistently Unusable by Privileged Attackers Memory Leak Vulnerability in Crimson 3.1 (Build versions prior to 3119.001) Arbitrary Code Execution Vulnerability in TPEditor (v1.98 and prior) Unauthenticated Database Access in Crimson 3.1 (Build versions prior to 3119.001) Out-of-Bounds Write Vulnerability in Delta Electronics CNCSoft-B Versions 1.0.0.2 and Prior TPEditor v1.98 and Prior Untrusted Pointer Dereference Vulnerability Null Pointer Dereference Vulnerability in Delta Electronics CNCSoft-B Versions 1.0.0.2 and Prior Vulnerability in Oracle Fusion Middleware Identity Manager: Unauthorized Data Access and Manipulation Information Disclosure Vulnerability in Hamilton Medical AG T1-Ventilator Versions 2.2.3 and Prior: Obtaining Valid Checksums for Tampered Configuration Files Out-of-Bounds Read Vulnerability in Delta Electronics CNCSoft-B Versions 1.0.0.2 and Prior Type Confusion Vulnerability in Delta Electronics CNCSoft-B Versions 1.0.0.2 and Prior Uncontrolled Resource Consumption Vulnerability in OPC UA Tunneller Heap-Based Buffer Overflow Vulnerability in OPC UA Tunneller (versions prior to 6.3.0.8233) Command Injection Vulnerability in Philips Interventional Workspot, Coronary Tools, and ViewForum Software OPC UA Tunneller Out-of-Bounds Read Vulnerability Vulnerability in Oracle Financial Services Revenue Management and Billing: File Upload Component Remote Code Execution Vulnerability in Realtek RTL8710 and Ameba-based Devices via AES_UnWRAP Function Remote Code Execution Vulnerability in Realtek RTL8710 and Ameba-based Devices via Encrypted GTK in WPA2 Handshake Directory Traversal Vulnerability in CivetWeb Web Library Vulnerability in Oracle Database Server: Unauthorized Data Access and Partial Denial of Service Nested Virtualization Vulnerability: Exploiting L2 Guest to Access Sensitive L1 Resources Critical Remote Code Execution Vulnerability in Oracle JD Edwards EnterpriseOne Tools (9.2) IPv6 Component Out-of-Bounds Read Vulnerability IPv6 Component Out of Bounds Write Vulnerability Out of Bounds Read Vulnerability in Treck IPv6 DHCPv6 Client Component Insyde InsydeH2O 5.x SMM Drivers CommBuffer Validation Vulnerability Oracle Database Server RDBMS/Optimizer Component Unauthorized Read Access Vulnerability Unauthenticated User Redirection Vulnerability in Mitel MiCollab Online Help Portal XSS Vulnerability in cm-download-manager Plugin for WordPress Stack-based Buffer Overflow in tmux input_csi_dispatch_sgr_colon() Function Snapcraft Vulnerability: Code Execution via LD_LIBRARY_PATH Vulnerability: PolicyKit Check Bypass in Aptdaemon Java VM Component Vulnerability in Oracle Database Server (Versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c) Integer overflows and underflows in .deb package parsing in APT (GHSL-2020-168 GHSL-2020-169) Memory and File Descriptor Leaks in apt-python Files (GHSL-2020-170) XSS Vulnerability in WordPress Debug-Meta-Data Plugin 1.1.2 CSV Export Vulnerability in REDCap Messenger Arbitrary JavaScript Injection via Messenger File Attachment in REDCap Sensitive Information Disclosure in Akkadian Provisioning Manager 4.50.02 Privilege Escalation Vulnerability in Akkadian Provisioning Manager 4.50.02 SSH Console Arbitrary Code Execution via Cross Site Scripting (XSS) in Humax HGB10R-02 BRGCAB 1.0.03 Directory Indexing Vulnerability in TOTOLINK-A702R-V1.0.0-B20161227.1023 Login Portal Oracle Database Server Core RDBMS Component Takeover Vulnerability Buffer Overflow Vulnerability in Brandy Basic V Interpreter 1.21's run_interpreter Function Vulnerability: Plain Text Command Over BLE in Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 Replay Attack Vulnerability in Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 Transmitting Write Requests and Chars Vulnerability in Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 Missing Authentication Vulnerability in Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 Cross-Site Scripting (XSS) Vulnerability in CMS Made Simple 2.2.14 Administrator Panel CSRF Vulnerability in Booking Core - Unauthorized Email ID Change and Password Reset Siebel UI Framework Unauthorized Read Access Vulnerability Elevation of Privileges Vulnerability in Battle.Net 1.27.1.12428 Elevation of Privileges Vulnerability in Guild Wars 2 Launcher (Version 106916) Arbitrary File Read/Write Vulnerability in FlexDotnetCMS FileEditor Unrestricted File Upload and Execution Vulnerability in FlexDotnetCMS Unrestricted File Upload Vulnerability in HorizontCMS 1.0.0-beta Stored Cross Site Scripting (XSS) Vulnerabilities in YOURLS Admin Panel Versions 1.5 - 1.7.10 Oracle WebCenter Sites Unauthenticated Remote Code Execution Vulnerability Authenticated File Upload Vulnerability in Marital - Online Matrimonial Project In PHP version 1.0 Oracle Access Manager Authentication Engine Vulnerability Local Privilege Escalation Vulnerability in HK1 Box S905X3 TV Box Arbitrary File Download Vulnerability in TCL Android Smart TVs Arbitrary Code Execution via Groupname in DynPG 4.9.1 Unauthenticated Password Change Vulnerability in OpenSIS Community Edition through 7.6 Cross-Site Scripting (XSS) Vulnerability in OpenSIS Community Edition before 7.5 via modname Parameter in SideForStudent.php Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Cleartext Username and Password Exposure in Mahavitaran Android Application Information Disclosure in Mahavitaran Android Application 7.50 and Prior Account Takeover Vulnerability in Mahavitaran Android Application 7.50 and Prior Use After Free Vulnerability in Fedora Linux Kernel 5.9.0-rc9: Information Disclosure via vgacon_invert_region() Function Vulnerability in Oracle VM VirtualBox Allows Takeover Password Reset Link Expiration Vulnerability in Anuko Time Tracker v1.19.23.5311 Unrestricted Password Reset Vulnerability in Anuko Time Tracker v1.19.23.5311 DOM-based XSS vulnerability in Scratch-Svg-Renderer v0.2.0 via crafted sb3 file Vulnerability in Oracle VM VirtualBox: Unauthorized Access to Critical Data Vulnerability in Oracle Transportation Management: Unauthorized Data Access and Manipulation XSS Vulnerability in Zoho ManageEngine Password Manager Pro Allows Remote Code Execution and Cookie Theft Oracle Access Manager Vulnerability: Unauthorized Partial Denial of Service Stored XSS Vulnerability in Chronoforeum 2.0.11 Allows Execution of Crafted Payload via Posts Vulnerability in Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications (CVE-2021-12345) SEOPanel 4.6.0 Authenticated File Upload Remote Code Execution Vulnerability Arbitrary Code Execution Vulnerability in rConfig's /updater.php Component Arbitrary Code Execution via File Write Vulnerability in rConfig 3.9.6 Directory Traversal Vulnerability in Processwire CMS (before 2.7.1) via download parameter in index.php Vulnerability in Oracle Access Manager: Unauthorized Data Access and Manipulation Vulnerability in Oracle VM VirtualBox Allows Unauthorized Data Access Unauthenticated SQL Injection Vulnerability in Good Layers LMS Plugin <= 2.1.4 ConnectIQ TVM Array Index Error Vulnerability ConnectIQ TVM Integer Overflow Vulnerability ConnectIQ TVM Array Index Error Vulnerability ConnectIQ TVM Buffer Overflow Vulnerability Unauthenticated Cloud Service Access Vulnerability in Loxone Miniserver Devices Vulnerability in Oracle Solaris SMF Command svcbundle Allows Unauthorized Data Access Oracle General Ledger Account Hierarchy Manager Unauthenticated Remote Access Vulnerability Buffer Overflow Vulnerability in Kamailio SIP Server Vulnerability in Two-Factor Authentication: Exposing 2FA Secret Key in Response Account Takeover via Persistent XSS in Galaxkey Secure Mail Client Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Regular Expression Denial of Service (ReDOS) Vulnerability in Prototype 1.7.3's stripTags and unescapeHTML Components Directory Traversal Vulnerability in ZrLog 2.1.15 Allows Arbitrary File Deletion and DoS Cross Site Scripting (XSS) Vulnerability in Savsoft Quiz v5.0 via Skype ID Field Local Privilege Escalation Vulnerability in Windscribe VPN for Mac and Windows Local Privilege Escalation Vulnerability in Pritunl Client v1.2.2550.20 MySQL Client Denial of Service Vulnerability Format-String Vulnerability in Solstice-Pod WEBRTC Server Bluetooth Stack Vulnerability in Audi A7 MMI 2014: Memory Leaks and Service Crashes Oracle Workflow Notification Mailer Unauthenticated Access Vulnerability DedeCMS v.5.8 Search Feature Cross Site Scripting (XSS) Vulnerability Insecure Temporary Pathname Vulnerability in Docker Engine Heap Overflow Vulnerability in Rostelecom CS-C2SHW 5.0.082.1 AgentUpdater Service Java SE, Java SE Embedded Vulnerability: Unauthorized Partial Denial of Service Bash Injection and Signature Bypass Vulnerability in Rostelecom CS-C2SHW 5.0.082.1 Denial of Service Vulnerability in Rostelecom CS-C2SHW 5.0.082.1: AgentGreen Service Buffer Allocation Bug Bash Command Injection Vulnerability in Rostelecom CS-C2SHW 5.0.082.1 Denial-of-Service Vulnerability in restify-paginate Package 0.0.5 for Node.js Remote Code Execution Vulnerability in FoldingAtHome Client Advanced Control GUI Out-of-Bounds Read Vulnerability in libdwarf before 20201017 Java SE, Java SE Embedded Vulnerability: Unauthorized Partial Denial of Service Unauthenticated File Download Vulnerability in BASETech GE-131 BT-1837836 Firmware 20180921 Cleartext Transmission of Sensitive Information in BASETech GE-131 BT-1837836 Firmware 20180921 Default Credentials Vulnerability in BASETech GE-131 BT-1837836 Firmware 20180921 Predictable Device ID Vulnerability in BASETech GE-131 BT-1837836 Firmware 20180921 Unprotected Storage of Credentials in BASETech GE-131 BT-1837836 Firmware 20180921 Undocumented User Vulnerability in BASETech GE-131 BT-1837836 Firmware 20180921 Allows Remote Video Stream Access Java SE and Java SE Embedded Serialization Vulnerability Division by Zero Vulnerability in ImageMagick 7.0.10-34: Denial of Service Risk in OptimizeLayerFrames Insecure File Permissions in Aviatrix Controller 5.3.1516 Arbitrary File Write Vulnerability in Aviatrix VPN Client 2.8.2 and Earlier Java SE and Java SE Embedded Serialization Vulnerability CSRF Vulnerability in Maxum Rumpus 8.2.13 and 8.2.14 Command Injection Vulnerability in Maxum Rumpus 8.2.13 and 8.2.14 Web Administration Stored Cross-Site Scripting Vulnerability in Maxum Rumpus 8.2.13 and 8.2.14 Vulnerability in Oracle VM VirtualBox: Remote Takeover Unauthenticated Remote Code Execution via Deserialization in IBM InfoSphere Information Server 8.5.0.0 Vulnerability: Local Admins Can Modify Sensitive Anti-Virus Settings in Quick Heal Total Security (pre-19.0) via Brute-Attack on Password Clear Text Transmission of Quarantine and Sysinfo Files in Quick Heal Total Security (pre-version 19.0) Vulnerability: Local Admins Can Brute-Force Access Quick Heal Total Security File Vault SSL certificate validation bypass in Synopsys hub-rest-api-python (blackduck on PyPI) versions 0.0.25 - 0.0.52 MySQL Server Replication Vulnerability Vulnerability in Oracle MySQL Server: Unauthorized Data Access and Denial of Service Arbitrary Command Execution in D-Link Router DIR-846 (CVE-2021-xxxx) Unpatched Vulnerability: Incomplete Application of lockSettingsProps.disablePrivateChat in BigBlueButton Separator Injection Vulnerability in BigBlueButton before 2.2.7 Unsafe JODConverter Setting in BigBlueButton Allows Access to External Files Lack of LibreOffice Sandboxing in BigBlueButton before 2.3 Allows Unauthorized Access to API Shared Secret Schwache Sandbox Vulnerability in BigBlueButton 2.2.28 Insecure Session Cookie Handling in BigBlueButton Client-side Mute Button Vulnerability in BigBlueButton Unvalidated Content-Type Header Vulnerability in BigBlueButton Unauthorized Video Recording in BigBlueButton MySQL Server Privilege Escalation Vulnerability Unprotected Network Services in BigBlueButton Installation Unintended Endpoint Exposure in BigBlueButton through 2.2.28 Username Information Leak in Greenlight BigBlueButton Integration ClueCon Password Vulnerability in BigBlueButton Installation Procedure Local Privilege Escalation Vulnerability in AnyDesk for macOS Versions 6.0.2 and Older SQL Injection and XSS Vulnerability in Loginizer Plugin for WordPress Out-of-Bounds Calculation Vulnerability in QEMU 4.2.1 Assertion Failure Triggered by eth_get_gso_type in QEMU 4.2.1 Infinite Loop Denial of Service Vulnerability in glibc's iconv Function Potential Remote Code Execution Vulnerability in Python 3 through 3.9.0 via CJK Codec Tests MySQL Server InnoDB Component Denial of Service Vulnerability Stored XSS Vulnerability in Cosmos Skin for MediaWiki Improper IP Attribution in FileImporter Extension of MediaWiki Information Disclosure Vulnerability in JetBrains IntelliJ IDEA Web Server Potential Information Leak in JetBrains IdeaVim (before version 0.58) SSRF Vulnerability in JetBrains YouTrack before 2020.3.888 Insecure Notifications in JetBrains YouTrack before 2020.3.888 SSRF Vulnerability in JetBrains YouTrack before 2020.3.5333 URL Injection Vulnerability in JetBrains TeamCity Guest User Access to Audit Records in JetBrains TeamCity Unmasked Secure Dependency Parameters in JetBrains TeamCity MySQL Server Replication Vulnerability: Unauthorized Hang or Crash Improper Randomization of TCP ISNs in Silicon Labs uC/TCP-IP 3.6.0 Improper Randomization of TCP ISNs in Oryx CycloneTCP 1.9.6 Predictable and Hijackable TCP Sessions in SIMATIC MV400 Family Versions Prior to v7.0.6 Improper Randomization of TCP Initial Sequence Numbers in FNET 4.6.3 Improper Randomization of TCP ISNs in Contiki 4.5 Improper Randomization of TCP Initial Sequence Numbers in PicoTCP 1.7.0 Improper Randomization of TCP ISNs in Microchip MPLAB Net 3.6.1 Path Traversal Vulnerability in CRAN Package Manager: Risk of Server Compromise Denial of Service Vulnerability in fastd's receive.c Bluetooth Pairing Vulnerability in Mitel MiVoice SIP Phones Java SE Advanced Management Console Unauthenticated Access Vulnerability Improper Pairing Mechanism in Mitel MiVoice 6940 and 6930 MiNet Phones Allows Eavesdropping Cross-Site Scripting (XSS) Vulnerability in BigBlueButton Greenlight 2.7.6 'merge account' Functionality Privilege Escalation via Junction Point Creation in 1E Client Unquoted Path Vulnerability in 1E Client 5.0.0.745 Inventory Module Unquoted Path Vulnerability in 1E Client 5.0.0.745 Inventory Module User Credential Theft in Biscom Secure File Transfer (SFT) Versions 5.1.1082 and below, and 6.x Versions 6.0.1011 and below OpenVPN Client Certificate Spoofing Vulnerability in Synology DiskStation Manager (DSM) OpenVPN Client in Synology Router Manager (SRM) before 1.2.4-8081 Vulnerability: Improper Certificate Validation MySQL Server Denial of Service Vulnerability Insecure Session Cookie Handling in Synology DiskStation Manager (DSM) Insecure Session Cookie Handling in Synology Router Manager (SRM) QuickConnect Algorithm Downgrade Vulnerability in Synology DiskStation Manager (DSM) QuickConnect Algorithm Downgrade Vulnerability in Synology Router Manager (SRM) Arbitrary Command Execution Vulnerability in Synology Router Manager (SRM) Inadequate Access Control Vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 Cleartext Transmission of Sensitive Information Vulnerability in Synology DiskStation Manager (DSM) DDNS Cleartext Transmission of Sensitive Information Vulnerability in Synology Router Manager (SRM) DDNS Missing HTTPOnly Flag in Synology Router Manager (SRM) Session Cookie Cross-Site Scripting (XSS) Vulnerabilities in Synology SafeAccess before 1.2.3-0234 Oracle WebLogic Server Console Unauthenticated Read Access Vulnerability SQL Injection Vulnerability in Synology SafeAccess before 1.2.3-0234 via request.cgi Divide-by-Zero Vulnerability in QEMU's hcd-dwc2 USB Host Controller Emulation Insecure Direct Object Reference (IDOR) Vulnerability in GLPI before 9.5.3 Allows Unauthorized Database Table Access Insecure Direct Object Reference (IDOR) vulnerability in GLPI before 9.5.3 allows unauthorized data access Unwanted /proxy?url= functionality in InputModalStepperProvider in Strapi before 3.2.5 Lack of admin::hasPermissions Restriction in Strapi CTB Routes Stored XSS Vulnerability in Strapi WYSIWYG Editor's Preview Feature Unauthenticated Access Vulnerability in Oracle Java SE (JSSE Component) Xen Vulnerability: AMD IOMMU Page-Table Entry Half-Update Denial of Service and Privilege Escalation Xen Vulnerability: Coalescing of Per-Page IOMMU TLB Flushes Mishandling Race Condition Exploit in Xen Allows for Host OS Denial of Service and Data Corruption Denial of Service Vulnerability in Linux Kernel and Xen (CID-e99502f76271) Xen Privilege Escalation via TLB Invalidation Mishandling Race Condition in Xen Event-Channel Removal Leading to Use-After-Free or NULL Pointer Dereference (CID-073d0552ead5) Buffer Overflow in parse_user_name in illumos, OmniOS, and SmartOS Vulnerability in Oracle MySQL Cluster: Unauthorized Access and Denial of Service Host Header Injection in ThingsBoard Password-Reset Emails Static IV and Key in RVToolsPasswordEncryption.exe Allows for Password Decryption Undocumented Default Admin Credentials in Relish (Verve Connect) VH510 Firmware Vulnerability in Oracle Hyperion Financial Reporting: Unauthorized Data Access via Web Based Report Designer Buffer Overflow Vulnerability in Relish (Verve Connect) VH510 Web Management Portal Cross-Site Scripting (XSS) Vulnerabilities in Relish (Verve Connect) VH510 Firmware Multiple CSRF Vulnerabilities in Relish (Verve Connect) VH510 Device Firmware Outdated Hashing Algorithm Used in Trend Micro IMSVA 9.1 Administrative Password Storage Critical Vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 Trend Micro Security 2020 Installer Package DLL Hijacking Vulnerability Vulnerability in Trend Micro Security 2020 Installer Package Allows Privilege Escalation Symlink Attack Vulnerability in Trend Micro Security 2020 Installer MySQL Server Logging Vulnerability Origin Client Privilege Escalation Vulnerability Vulnerability in Oracle Solaris Whodo Component Allows Unauthorized Read Access Memory Leak and Connection Reset Vulnerability in BIG-IP AFM HTTP Security Profile (Version 13.1.3.4) Protocol Inspection Profile Vulnerability in BIG-IP AFM High CPU Utilization Vulnerability in BIG-IP Management Interface via Crafted TLS Request TMM Response Failure Vulnerability Vulnerability: Denial of Service (DoS) and Core File Generation in BIG-IP DNS Excessive CPU Usage Vulnerability in BIG-IP ASM and Advanced WAF Systems Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility Vulnerability in Oracle Human Resources of Oracle E-Business Suite: Unauthorized Data Manipulation BIG-IP LTM/CGNAT Vulnerability: TMM Restart via NAT66 Traffic with PBA Mode and SP-DAG Vulnerability in BIG-IP DNS / BIG-IP LTM GSLB Deployment: Disruption of DNS Response on Certain Versions Excessive Resource Consumption Vulnerability in BIG-IP APM VDI Plugin BIG-IP APM Virtual Server PingAccess Request Restart Vulnerability Excessive Resource Consumption Vulnerability in BIG-IP APM Memory Leakage Vulnerability in BIG-IP DNS, GTM, and Link Controller Reflected Cross-Site Scripting (XSS) Vulnerability in BIG-IP APM System Unvalidated User Input in iAppsLX REST Installer Allows Filesystem Read Access on BIG-IP Systems Vulnerability: AVRD Core File Generation and Restart on BIG-IP Systems when Processing Requests from Mobile Devices Open Redirect Vulnerability in BIG-IP APM Virtual Server Java SE, Java SE Embedded Vulnerability: Unauthorized Partial Denial of Service NGINX Controller Agent Path Vulnerability Authenticated SQL Injection in Zoho ManageEngine Applications Manager Arbitrary IFRAME Injection in Wing FTP 6.4.4 Help Pages DNS Domain Name Label Parsing Vulnerability in Multiple Siemens Products Vulnerability: DNS Response Parsing Vulnerability in Multiple Siemens Products Vulnerability: DNS Domain Name Record Decompression Pointer Offset Validation Bypass Session Hijacking Vulnerability in Citadel WebCit through 926 MySQL Server Privilege Escalation Vulnerability User Enumeration Vulnerability in Citadel WebCit 926 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Citadel WebCit through 926 Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows unauthorized access to emails Insecure Session ID Generation in libtac Remote Code Execution and Privilege Escalation Vulnerability in Western Digital My Cloud NAS Devices RPC Buffer Overflow in PMIx MPI Plugin in Slurm Race Condition in Slurm's xauth for X11 Magic Cookies Exposes Sensitive Information Vulnerability: Brute Force Attack on PIN Code in Click Studios Passwordstate 8.9 Vulnerability: Unnoticed Attachment Disclosure in xdg-email Stack Buffer Overflow in grub2 Allows for Execution Control and Bypassing Secure Boot Unauthenticated Read Access Vulnerability in Oracle PeopleSoft Enterprise PeopleTools ImageMagick Vulnerability: Undefined Behavior and Division by Zero in colorspace-private.h and quantum.h Unsigned Long Long Overflow and Shift Exponent Vulnerability in ImageMagick Heap Buffer Overflow Vulnerability in ImageMagick (CVE-2020-29599) Memory leaks in MIFF Coder in ImageMagick versions prior to 7.0.9-0 Integer Overflow in IntensityCompare() Function in ImageMagick Memory Leak Vulnerability in SetImageExtent() of ImageMagick Divide-by-Zero Vulnerability in ParseMetaGeometry() of ImageMagick Floating Point Math Calculation Vulnerability in ScaleAnyToQuantum() of /MagickCore/quantum-private.h Unsigned Long Long Overflow Vulnerability in ImageMagick Integer Overflow in IntensityCompare() of ImageMagick Unauthenticated Remote Denial of Service Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Divide-by-Zero Vulnerability in GammaImage() of ImageMagick Vulnerability: Unsigned Integer Overflow in WritePALMImage() ImageMagick HDR.c Vulnerability: Undefined Behavior in Unsigned Char Range ImageMagick Vulnerability: Math Division by Zero in resize.c Potential Out-of-Range Value Vulnerability in ImageMagick ImageMagick Vulnerability: Math Division by Zero in segment.c Unsigned Long Integer Overflow Vulnerability in ImageMagick ImageMagick Vulnerability: Undefined Behavior in MagickCore/quantum.h Unsigned Integer Overflow Vulnerability in ImageMagick Float Overflow Vulnerability in ImageMagick Versions Before 7.0.9-0 High Privilege Vulnerability in Oracle Hyperion Financial Management (Version 11.1.2.4) Integer Overflow in SubstituteString() Function in ImageMagick Unsigned char Overflow in RestoreMSCWarning() of /coders/pdf.c in ImageMagick versions prior to 7.0.9-0 Unsigned Integer Overflow Vulnerability in ImageMagick's BMP Decoder ImageMagick Vulnerability: Undefined Behavior and Application Availability Impact ImageMagick Vulnerability: Undefined Behavior in MagickCore/statistic.c Unsigned Char Overflow Vulnerability in ImageMagick Unsigned Long Overflow Vulnerability in ImageMagick RTAS Memory Access Vulnerability in PowerVM and KVM Hypervisors Denial of Service Vulnerability in Poppler's PDF to HTML Conversion Vulnerability: Insecure Memory Removal in Grub2 Unauthenticated Access Vulnerability in Oracle Java SE (JSSE Component) Vulnerability: Authentication Bypass in Linux-Pam for Empty Passwords Credential Manipulation and Privilege Escalation in OpenStack Manila's Native CephFS Consumers Undertow AJP Connector Denial of Service Vulnerability Python-lxml clean module XSS Vulnerability: Remote Code Execution Use-after-free vulnerability in Linux kernel's printer_ioctl() function Use-after-free vulnerability in Linux kernel's MIDI implementation allows for memory corruption and privilege escalation Segmentation Fault Vulnerability in UPX's invert_pt_dynamic() Function UPX Denial of Service Vulnerability in PackLinuxElf64::canPack() Function MySQL Server Privilege Escalation Vulnerability Floating Point Exception Vulnerability in UPX's PackLinuxElf64::invert_pt_dynamic() Function Heap-Based Buffer Overflow in GhostScript's lp8000_print_page() Function Off-by-one Overflow Vulnerability in radare2's core_java.c Double Free Vulnerability in radare2's cmd_info() Function Segmentation Fault Vulnerability in radare2's adf Command Heap-Based Buffer Over-Read Vulnerability in UPX 4.0.0 via Crafted Mach-O File Invalid Memory Address Reference Vulnerability in UPX 4.0.0 via Crafted Mach-O File Invalid Memory Address Reference Vulnerability in UPX 4.0.0 via Crafted Mach-O File Heap-Based Buffer Over-Read Vulnerability in UPX 4.0.0 via Crafted Mach-O File MySQL Server Denial of Service Vulnerability Heap-Based Buffer Over-Read Vulnerability in UPX 4.0.0 via Crafted Mach-O File Heap-Based Buffer Over-Read Vulnerability in UPX 4.0.0 via Crafted Mach-O File Floating Point Exception in UPX 4.0.0 via Crafted Mach-O File Vulnerability in Oracle Java SE: Unauthorized Partial Denial of Service (DOS) WebSocket Frame Length Integer Overflow Vulnerability Heap-Buffer Overflow in openjpeg2 PNG Handling JFS Filesystem Code Vulnerability: Local Privilege Escalation and System Panic Arbitrary URL Redirection and Console Link Damage in elasticsearch-operator-container Denial of Service Vulnerability in pngcheck-2.4.0 NULL Pointer Dereference Vulnerability in libxls/xls2csv.c:199 Vulnerability in Oracle PeopleSoft: Unauthorized Data Access and Partial Denial of Service Use-After-Free Vulnerability in Linux Kernel's Nouveau Driver Out-of-Bounds Write Vulnerability in QEMU's Memory Management API Memory Leak Vulnerability in Wildfly OpenTracing API Interceptors OpenJPEG Encoder Vulnerability: Exploitable Offset Input Flaw Buffer Overflow Vulnerability in OpenJPEG Encoder Race Condition in Linux Kernel's trace_open and resize of cpu buffer can lead to Denial of Service (DoS) and Kernel Information Leak User Metadata Attribute Manipulation Vulnerability in Keycloak OpenvSwitch LLDP Packet Handling Memory Loss Vulnerability Arbitrary Out-of-Bounds Write Vulnerability in Jasper's JPC Encoder Heap-based Buffer Overflow in coders/tiff.c in ImageMagick Vulnerability in Oracle Outside In Technology Allows Unauthorized Data Manipulation NULL Pointer Dereference Vulnerability in Linux Kernel's spk_ttyio_receive_buf2() Function Unauthorized Email Address Addition Vulnerability in Red Hat Quay Persistent XSS Vulnerability in Red Hat Quay Allows Impersonation and Threatens Confidentiality, Integrity, and System Availability Zip Slip Vulnerability in oc Binary: Arbitrary File Write and Code Execution Use After Free Vulnerability in Linux Kernel Infiniband HFI1 Driver Insecure IP Source Range Filtering in cluster-ingress-operator Race Condition Vulnerability in GDM Allows Bypass of Lock Screen for Autologin Users Unauthenticated Access to Client Secrets in Keycloak Vulnerability: Insecure Storage of JSON Web Token (JWT) in ceph-dashboard Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Samba Vulnerability: Crash Caused by Invalid DN Strings with Spaces Out-of-Bounds Read Vulnerability in openjpeg Encoder (Versions Prior to 2.4.0) Null Pointer Dereference Vulnerability in openjpeg's t2 Encoder OpenJPEG Out-of-Bounds Read Vulnerability Out-of-Bounds Write Vulnerability in openjpeg's t2.c (CVE-2021-21426) Out-of-Bounds Read Vulnerability in openjpeg's Conversion/Encoding Functionality SAML Authentication Bypass Vulnerability in crewjam/saml SAML Signature Validation Bypass Vulnerability in dex Library SQL Injection Vulnerability in dotCMS REST API Endpoint Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Stored XSS Vulnerability in Rocketgenius Gravity Forms Forms Import Feature Stored HTML Injection Vulnerabilities in Rocketgenius Gravity Forms Add-On Stored XSS Vulnerability in Rocketgenius Gravity Forms Survey Feature Format String Vulnerability in Wire AVS and Wire Secure Messenger Applications Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via SR2 File Parsing Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.922 via Malicious CR2 Files Arbitrary Code Execution via NEF File Parsing in Foxit Studio Photo 3.6.6.922 CA Arcserve D2D 16.5 XXE Information Disclosure Vulnerability Unauthenticated Remote Information Disclosure in NEC ESMPRO Manager 6.42 Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service Arbitrary Code Execution via XFA Template Processing in Foxit Reader 10.0.1.35811 Arbitrary Code Execution Vulnerability in NETGEAR Orbi 2.5.1.16 Routers Unauthenticated Remote Code Execution in D-Link DVA-2800 and DSL-2888A Routers Unauthenticated Information Disclosure Vulnerability in D-Link DVA-2800 and DSL-2888A Routers Unauthenticated Remote Code Execution in D-Link DAP-1860 WiFi Extenders (ZDI-CAN-10880) Unauthenticated Remote Code Execution in D-Link DAP-1860 WiFi Extenders Authentication Bypass Vulnerability in NETGEAR Routers (ZDI-CAN-11355) Arbitrary Code Execution Vulnerability in NETGEAR Routers (ZDI-CAN-11653) Unauthenticated Remote Code Execution in Qognify Ocularis 5.9.0.395 Privilege Escalation Vulnerability in SolarWinds Network Performance Monitor 2020 HF1 Vulnerability in Oracle Outside In Technology: Unauthorized Access and Partial Denial of Service SolarWinds Orion Platform 2020.2.1 - Remote Information Disclosure Vulnerability Arbitrary File Creation and Code Execution Vulnerability in SolarWinds Orion Platform 2020.2.1 Authentication Bypass Vulnerability in NETGEAR R7450 1.2.0.62_1.0.1 Routers Unauthenticated Information Disclosure Vulnerability in NETGEAR R7450 1.2.0.62_1.0.1 Routers Arbitrary Code Execution Vulnerability in Tencent WeChat 7.0.18 (ZDI-CAN-11580) Session Hijacking and Password Manipulation through XSS Vulnerability in WSO2 API Manager 3.1.0 SQL Injection Vulnerability in EyesOfNetwork eonweb 5.3-7 through 5.3-8 Arbitrary OS Command Execution in EyesOfNetwork AutoDiscovery Module Unintended Network Access via Cached Credentials on Ubiquiti UniFi Meshing Access Point Oracle iSupport User Interface Unauthenticated Access Vulnerability Zigbee Protocol Vulnerability: Crash and Attribute Value Not Updated in Texas Instruments CC2538 Devices with Z-Stack 3.0.1 Zigbee Protocol Vulnerability: ZCL Read Reporting Configuration Response Message Crash in CC2538 Devices Zigbee Protocol Implementation Vulnerability in Texas Instruments CC2538 Devices Screen Sharing Vulnerability in macOS Big Sur 11.0.1 Metadata Retention Vulnerability in macOS Big Sur 11.0.1 Information Disclosure Vulnerability in iTunes 12.11 for Windows Allows Unauthorized Access to Apple IDs Path Validation Vulnerability in macOS Big Sur 11.0.1 Allows Remote File System Modification Arbitrary Code Execution Vulnerability in macOS Big Sur and Catalina Managed Frame Protection Bypass Vulnerability Fixed in macOS Big Sur 11.0.1 Privilege Escalation via Use After Free Vulnerability Vulnerability in Oracle MySQL Server: Pluggable Auth Component Allows for Unauthorized Server Crash Vulnerability: Unauthorized File Preview in macOS Big Sur 11.0.1 Sandbox Circumvention Vulnerability in macOS iOS and iPadOS 14.2 Patch: Password Access Vulnerability Privilege Escalation Vulnerability in macOS Big Sur 11.0.1 Memory Corruption Vulnerability in macOS Big Sur 11.0.1 Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1 Integer Overflow Vulnerabilities in macOS Big Sur 11.0.1: Remote Application Termination and Heap Corruption Memory Corruption Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Vulnerability: Out-of-Bounds Read in Audio File Processing Improper Input Validation in Audio File Processing Leading to Arbitrary Code Execution Oracle Knowledge Product Vulnerability: Unauthorized Takeover Improper Input Validation in Audio File Processing Leading to Arbitrary Code Execution Integer Overflow Vulnerability in Multiple Apple Operating Systems and Applications Arbitrary Code Execution Vulnerability in Image Processing Memory Corruption Vulnerability in macOS Memory Corruption Vulnerability in macOS Vulnerability: Out-of-Bounds Write in Audio File Processing Use After Free Vulnerability Patched in Multiple Apple Operating Systems Use After Free Vulnerability Patched in Multiple Apple Products Vulnerability: Out-of-Bounds Write in Image Processing Leading to Arbitrary Code Execution Use After Free Vulnerability Patched in macOS and iOS Race Condition Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Arbitrary Code Execution Vulnerability in Font File Processing Vulnerability: Out-of-Bounds Write in Image Processing Leading to Arbitrary Code Execution Vulnerability: Out-of-Bounds Read Leading to Arbitrary Code Execution Simultaneous Call Answering Vulnerability Use After Free Vulnerability Patched in iOS 14.2 and iPadOS 14.2, Allowing Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Font File Processing Unintended Video Transmission in Group FaceTime Calls Oracle Financial Services Analytical Applications Infrastructure Unauthorized Data Access Vulnerability Font Processing Memory Corruption Vulnerability Font File Memory Corruption Vulnerability Type Confusion Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in Image Processing Sandbox Circumvention Vulnerability in Apple Operating Systems Kernel Memory Disclosure Vulnerability Improved State Management Addresses Logic Issue Allowing Unauthorized Access to Private Information Privilege Escalation Vulnerability in macOS Big Sur and Catalina Arbitrary Code Execution Vulnerability in macOS Image Processing Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise File System Access Vulnerability in Apple TV App for Fire OS 6.1.0.6A142:7.1.0 Arbitrary Code Execution Vulnerability in macOS Big Sur and Catalina Arbitrary Code Execution Vulnerability in Font File Processing Font File Memory Corruption Vulnerability Font File Memory Corruption Vulnerability Title: Integer Overflow Vulnerability in macOS Allows Arbitrary Code Execution Font Processing Information Disclosure Vulnerability Memory Corruption Vulnerability in macOS Big Sur 11.1 and Earlier Versions Arbitrary Code Execution Vulnerability in Audio File Processing Memory Corruption Vulnerability in DTrace Tracing on macOS Oracle Knowledge Product Vulnerability: Unauthorized Takeover Memory Initialization Vulnerability in macOS, iOS, watchOS, and iPadOS Authentication Policy Violation Vulnerability Patched in iOS and watchOS Updates Vulnerability: Out-of-Bounds Write in Font File Processing Remote Code Execution in Git LFS 2.12.0 Arbitrary File Upload Vulnerability in SourceCodester Car Rental Management System 1.0 Stored XSS Vulnerability in RandomGameUnit Extension for MediaWiki Remote Code Execution Vulnerability in Job Composer App Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise SOP Bypass and Address Bar Spoofing Vulnerability in Yandex Browser for Android 20.8.4 Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Address Bar Spoofing Vulnerability in Yandex Browser before 20.10.0 XSS Vulnerability in NeoPost Mail Accounting Software Pro 5.0.6 CSRF Vulnerability in osCommerce Phoenix CE before 1.0.5.4 Remote OS Command Injection in osCommerce Phoenix CE before 1.0.5.4 via admin/mail.php Privilege Escalation in CapaSystems CapaInstaller before 6.0.101 Denial of Service Vulnerability in Shibboleth Identify Provider 3.x Oracle WebLogic Server IIOP/T3 Vulnerability Stored XSS Vulnerability in Genexis Platinum-4410 P4410-V2-1.28 WLAN SSID Parameter Cross-Site Scripting (XSS) Vulnerability in IceWarp 11.4.5.0 via Language Parameter Insecure Sudo Configuration in Security Onion v2 prior to 2.3.10 Cleartext Credential Exposure in SonarQube 8.4.2.36762 via api/settings/values URI Cross-Site Scripting (XSS) Vulnerability in Nagios XI Manage Users (Username Field) XSS Vulnerability in Nagios XI Dashboard Tools (Edit Dashboard) Critical Vulnerability in Oracle GraalVM Enterprise Edition: Unauthorized Data Access and Modification Cross-Site Scripting (XSS) Vulnerability in Nagios XI Deployment Tool (Add Agent) XSS Vulnerability in Nagios XI Account Information (Email Field) Privilege Escalation Vulnerability in Dr.Fone 3.0.0 Directory Traversal Vulnerability in Hrsale 2.0.0 Allows Arbitrary File Read Authenticated Directory Traversal Vulnerability in SolarWinds Serv-U SQL Injection in Zoho ManageEngine Applications Manager 14: Command Execution via MyPage.do Template_resid Parameter Missing CustomModelPartAttribute Decoration in SmartStoreNET CSRF Protection Vulnerability in SmartStoreNET FastReport Vulnerability: Lack of ScriptSecurity Feature Allows Mishandling of GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress Vulnerability in Lightweight HTTP Server of Oracle Java SE: Unauthorized Data Access Authenticated Stored XSS Vulnerability in SolarWinds Serv-U before 15.2.2 Authentication Bypass Vulnerability in SonarQube 8.4.2.36762 via SonarScanner Buffer Overflow Vulnerability in TP-Link TL-WPA4220 Devices Privilege Escalation via Exim Symlink Attack Privilege Escalation via Exim 4 Spool Directory Vulnerability Exim 4 Integer Overflow to Buffer Overflow Vulnerability Oracle WebLogic Server Unauthenticated Takeover Vulnerability Exim 4 Out-of-bounds Write Vulnerability Heap-based Buffer Overflow in Exim 4 Allows Privilege Escalation via Sender Options -R and -S Exim 4 before 4.94.2 Vulnerability: Exposure of File Descriptor to Unintended Control Sphere Exim 4 Heap-based Buffer Overflow Vulnerability Exim 4 before 4.94.2 Privilege Escalation Vulnerability Exim 4 before 4.94.2 Vulnerability: Improper Neutralization of Line Delimiters Exim 4 before 4.94.2 Off-by-Two Out-of-Bounds Write Vulnerability Exim 4 Integer Overflow to Buffer Overflow Vulnerability Use After Free Vulnerability in Exim 4 before 4.94.2 Exim 4 before 4.94.2 Vulnerability: Improper Initialization Leading to Stack Consumption Oracle GraalVM Enterprise Edition Multiple Protocol Vulnerability Exim 4 before 4.92 Integer Overflow to Buffer Overflow Vulnerability Exim 4 before 4.94.2 - Remote Code Execution via AUTH= in MAIL FROM Command Exim 4 before 4.94.2 Vulnerability: Improper Restriction of Write Operations within Memory Buffer Exim 4 Out-of-bounds Read Vulnerability Exim 4 Buffer Underwrite Vulnerability Out-of-bounds Read Vulnerability in Exim 4 before 4.94.2 Exim 4 before 4.94.2 Vulnerability: Remote Command Execution via DSN Vulnerability in Oracle Java SE and Java SE Embedded: Unauthenticated Takeover GQUIC Dissector Crash Vulnerability in Wireshark 3.2.0 to 3.2.7 HTTP Host Header Injection Vulnerability in eramba Deserialization Vulnerability in WordPress before 5.5.2 WordPress Multisite Network Vulnerability: Spam Embeds from Disabled Sites Cross-Site Scripting (XSS) Vulnerability in WordPress before 5.5.2 Privilege Escalation via XML-RPC in WordPress before 5.5.2 Privilege Escalation via XML-RPC Commenting in WordPress Improper Determination of WordPress Installation Leading to Remote Code Execution Stored XSS Vulnerability in WordPress Pre-5.5.2 via Post Slugs Arbitrary File Deletion Vulnerability in WordPress before 5.5.2 Vulnerability in Oracle MySQL Server: Memcached Component Allows for Denial of Service Attacks CSRF Vulnerability in WordPress Allows Unauthorized Theme Background Image Modification NAT Slipstreaming: Remote Communication Vulnerability on NETGEAR Nighthawk R7000 Insecure JWT Signature Verification in ServiceStack SSRF Vulnerability in MISP REST Client via use_full_path Parameter Vulnerability: Unauthorized File Manipulation and Access on PAX Point Of Sale Device with ProlinOS Unsigned Library Vulnerability in ProlinOS Privilege Escalation via ip6tables --modprobe Switch Reflected XSS Vulnerability in AudimexEE before 14.1.1 Race condition vulnerability in SDDM allows unauthorized access to X server Vulnerability in Oracle Java SE and Java SE Embedded: Unauthenticated Takeover Authentication Secret Reuse Vulnerability in Zoho ManageEngine Desktop Central Incorrect Password Comparison Vulnerability in Legion of the Bouncy Castle BC Java 1.65 and 1.66 Vulnerability: Unauthorized Access to Connect CA Private Key Configuration in HashiCorp Consul and Consul Enterprise Authorization Bypass in JamoDat TSMManager Collector version up to 6.5.0.21 Local Privilege Escalation Vulnerability in TCL Android Smart TV Series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below MySQL Server Denial of Service Vulnerability Access Control Vulnerability in HisiPHP 2.0.11 Allows Remote Code Execution File Upload Vulnerability in ArticleCMS Allows Remote Code Execution Vulnerability in Oracle Marketing Encyclopedia System of Oracle E-Business Suite: Unauthorized Access and Data Compromise SQL Injection Vulnerability in SourceCodester Alumni Management System 1.0 via 'id' Parameter in view_event.php Stored Cross-Site Scripting (XSS) Vulnerability in SourceCodester Alumni Management System 1.0 Remote Code Execution Vulnerability in DourceCodester Alumni Management System 1.0 SQL Injection Vulnerability in SourceCodester Library Management System 1.0 Allows User Impersonation SQL Injection Vulnerability in SourceCodester Online Health Care System 1.0 Allows Unauthorized Admin Access Vulnerability in Oracle E-Business Intelligence of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability: Password Misuse in pass through 1.7.3 SQL Injection Vulnerability in JEECG-Boot CMS 2.3 Allows Unauthorized Database Access Arbitrary Code Execution via File Upload in jeecg-boot CMS 2.3 Vulnerability in Oracle E-Business Intelligence of Oracle E-Business Suite: Unauthorized Access and Data Compromise SQL Injection Vulnerability in cxuucms v3 via search.php Multiple Reflected XSS Vulnerabilities in PESCMS Team 2.3.2 via id Parameter Critical Password Vulnerability on Tenda AC1200 (Model AC6) 15.03.06.51_multi Devices Default Settings on Tenda AC1200 (Model AC6) 15.03.06.51_multi Devices Expose Users to Malware Downloads Tenda AC1200 (Model AC6) 15.03.06.51_multi Router Crash Vulnerability Vulnerability: Unauthorized Login via Physical UART Access in FOSCAM FHD X1 1.14.2.4 Devices Out-of-Bounds Read Vulnerability in Linux Kernel's vgacon Subsystem (CID-973c096f6a85) Oracle iStore Product Vulnerability: Unauthorized Data Manipulation via Shopping Cart SQL Injection Vulnerability in CSCMS v4.1 via js_del Function SQL Injection Vulnerability in CSCMS v4.1 via page_del Function Vulnerability in Oracle WebLogic Server Console Allows Unauthorized Data Access and Manipulation SQL Injection Vulnerability in AudimexEE 14.1.0 Documents Component Arbitrary Code Execution via Cross-Site Scripting in 53KF < 2.0.0.2 MySQL Server Stored Procedure Denial of Service Vulnerability LavaLite 5.8.0 Address Field Cross Site Scripting (XSS) Vulnerability Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 via 'Package Name' and 'Description' fields in index.php?page=packages Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Arbitrary File Upload Vulnerability in SourceCodester Online Library Management System 1.0 Authentication Bypass Vulnerability in Simple Grocery Store Sales And Inventory System 1.0 Arbitrary File Upload Vulnerability in SourceCodester Tourism Management System 1.0 CSRF Vulnerability in Genexis Platinum 4410 V2-1.28: Router Denial of Service SQL Injection Vulnerability in SourceCodester Online Clothing Store 1.0 via txtUserName Parameter in login.php Cross-Site Scripting (XSS) Vulnerability in SourceCodester Online Clothing Store 1.0 via Offer Detail Field MySQL Server Denial of Service Vulnerability Arbitrary File Upload Vulnerability in SourceCodester Online Clothing Store 1.0 XSS Vulnerability in Online Discussion Forum 1.0 Messaging Subsystem Remote Arbitrary Code Execution Vulnerability in Moxa Inc Products Arbitrary File Deletion Vulnerability in wuzhicms v4.0.1 via coreframe\app\attachment\admin\index.php Eyoucms v1.4.7 XSS Vulnerability via addonfieldext Parameter Cross-Site Scripting (XSS) Vulnerability in myDBR 5.8.3/4262: Remote Code Execution via CSRF Token Injection Vulnerability in Oracle iSupport Allows Unauthorized Access and Data Manipulation Open Redirect Vulnerability in I-Net Software Clear Reports 20.10.136 Vulnerability in Oracle Java SE: Unauthorized Data Manipulation via HTTPS DWARF5 Line-Table Header Invalid FORM Pathname Vulnerability Arbitrary File Upload Vulnerability in EasyCorp ZenTao PMS 12.4.2 Axios NPM Package 0.21.0 SSRF Vulnerability: Proxy Bypass via Redirect Privilege Escalation Vulnerability in td-agent-builder Plugin for Fluentd Vulnerability in Oracle Scripting of Oracle E-Business Suite: Unauthorized Access and Data Compromise SQL Injection Vulnerability in Simple College Website 1.0 Allows Unauthorized Access to Admin Panel Remote Code Execution Vulnerability in Simple College Website 1.0 via Image Upload Functionality Local Privilege Escalation Vulnerability in SpeedFan 4.52 Allows Unauthorized Privilege Elevation Vulnerability in Oracle Universal Work Queue of Oracle E-Business Suite: Unauthorized Access and Data Compromise SQL Injection Vulnerability in SourceCodester Water Billing System 1.0: Exploiting process.php Parameters Arbitrary Web Script Injection Vulnerability in TerraMaster TOS <= 4.2.06 TerraMaster TOS User Enumeration Vulnerability Email Injection Vulnerability in TerraMaster TOS <= 4.2.06 Allows Remote Account Takeover Multiple Directory Traversal Vulnerabilities in TerraMaster TOS <= 4.2.06 TerraMaster TOS <= 4.2.06 Remote Command Execution (RCE) Vulnerability Vulnerability in Oracle Universal Work Queue of Oracle E-Business Suite: Unauthorized Access and Data Compromise Insecure Update Channel Vulnerability in TerraMaster TOS <= 4.2.06 CSRF Vulnerability in Togglz Console (Before 2.9.4) Variable Underflow in accel-ppp radius/packet.c Allows Arbitrary Code Execution Unbounded Recursion Vulnerability in MIT Kerberos 5 Stack Buffer Overflow in IBM Tivoli Storage Manager Version 5 Release 2 (dsmadmc.exe) Interactive Mode Amazon Pay Plugin for Shopware before 9.4.2 Exposes Sensitive Information to Unauthorized Actors Vulnerability in Oracle Common Applications Calendar Allows Unauthorized Access and Data Manipulation Uncontrolled Resource Consumption Vulnerability in Dovecot Sieve Engine Null Pointer Dereference Vulnerability in Foxit Reader and PhantomPDF User Enumeration and Brute-Force Vulnerability in Bitrix24 Bitrix Framework Email Address Enumeration Vulnerability in Rocket.Chat Password Reset Function EcoStruxure Building Operation Enterprise Server and Enterprise Central Unquoted Search Path Vulnerability Oracle Trade Management Product Vulnerability: Unauthorized Access and Data Compromise Cross-site Scripting (XSS) Vulnerability in EcoStruxure Building Operation WebStation V2.0 - V3.1 Bypassing Authentication via Debugger in PLC Simulator on EcoStruxure Control Expert Title: EcoStruxure Control Expert PLC Simulator CWE-307: Excessive Authentication Attempts Vulnerability Allows Unauthorized Command Execution PLC Simulator on EcoStruxureª Control Expert (now Unity Pro): CWE-494 Modbus Command Execution Vulnerability Predictable Salt Vulnerability in Modicon M221 Easergy T300 Firmware 2.7 and Older: Missing Authorization Vulnerability Title: Easergy T300 Firmware 2.7 and Older Vulnerability: Missing Encryption of Sensitive Data in HTTP Traffic Title: Easergy T300 Firmware 2.7 and Older Vulnerability: Missing Encryption of Sensitive Data in HTTP Traffic Easergy T300 Firmware 2.7 and Older: UI Layer or Frame Restriction Bypass Vulnerability EcoStruxure Geo SCADA Expert: Insufficiently Protected Credentials Vulnerability Vulnerability in Oracle Trade Management of Oracle E-Business Suite: Unauthorized Access and Data Compromise Buffer Overflow Vulnerability in Modicon M258 Firmware and SoMachine/SoMachine Motion Software Arbitrary Code Execution Vulnerability in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE Vulnerability in Oracle Common Applications Calendar Allows Unauthorized Access and Data Manipulation Oracle One-to-One Fulfillment Print Server Vulnerability Heap-Based Buffer Over-Read Vulnerability in libmaxminddb Denial of Service Vulnerability in Asterisk Open Source and Certified Asterisk Command Injection Vulnerability in SaltStack Salt's Minion Restartcheck Form.io 2.0.0: Server-Side Template Injection (SSTI) Vulnerability Allows Remote Code Execution Arbitrary Sendmail Option Injection in Lettre Library Integer Overflow and Heap-Based Buffer Overflow in PngImg::InitStorage_() Function of png-img Joplin 1.2.6 for Desktop XSS Vulnerability via LINK Element in Note Oracle One-to-One Fulfillment Print Server Vulnerability Remote Command Execution in Cellinx NVT Web Server 5.0.0.014b.test AirMagnet Enterprise 11.1.4 Build 37257 and Earlier Privilege Escalation Vulnerability Oracle One-to-One Fulfillment Print Server Vulnerability Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'controlled-merge' Versions 1.0.0 - 1.2.0: Denial of Service and Remote Code Execution Critical Prototype Pollution Vulnerability in 'field' Versions 0.0.1 - 1.0.1: Remote Code Execution and Denial of Service Oracle One-to-One Fulfillment Print Server Vulnerability Prototype Pollution Vulnerability in 'object-hierarchy-access' Versions 0.2.0 - 0.32.0: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'deephas' Versions 1.0.0 - 1.0.5: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'keyget' Versions 1.0.0 - 2.2.0: Denial of Service and Remote Code Execution Title: Prototype Pollution Vulnerability in 'set-in' Versions 1.0.0 through 2.0.0: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'deepref' Versions 1.1.1 through 1.2.1: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'deep-set' Versions 1.0.0 through 1.0.1: Denial of Service and Remote Code Execution Title: Denial of Service and Remote Code Execution Vulnerability in 'dset' Versions 1.0.0 through 2.0.1 via Prototype Pollution Title: Prototype Pollution Vulnerability in 'shvl' Versions 1.0.0 through 2.0.1 Allows Remote Code Execution and Denial of Service Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5: Denial of Service and Remote Code Execution Oracle WebLogic Server Vulnerability: Unauthorized Access to Critical Data Prototype Pollution Vulnerability in 'predefine' Versions 0.0.0 - 0.1.2: Denial of Service and Remote Code Execution Prototype Pollution Vulnerability in 'set-object-value' Versions 0.0.0 - 0.0.5: Denial of Service and Remote Code Execution Critical Prototype Pollution Vulnerability in 'getobject' v0.1.0: Remote Code Execution and Denial of Service Prototype Pollution Vulnerability in 'libnested' Versions 0.0.0 through 1.5.0: Denial of Service and Remote Code Execution Oracle WebLogic Server Management Services Unauthorized Access Vulnerability Java SE, Java SE Embedded Vulnerability: Unauthorized Partial Denial of Service Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle One-to-One Fulfillment Print Server Vulnerability Asterisk Open Source SIP Dialog Crash Vulnerability Remote Code Execution via Log File Name Setting in SuiteCRM Hardcoded API Account and Password Vulnerability in Barco wePresent WiPG-1600W Firmware Oracle E-Business Suite Courseware Oracle Quoting Unauthenticated Remote Code Execution Vulnerability Unprotected Transport of Credentials in Barco wePresent WiPG-1600W Devices Improper Access Control in Barco wePresent WiPG-1600W Devices Vulnerability: Lack of Integrity Check in Barco wePresent WiPG-1600W Firmware Updates Authentication Bypass in Barco wePresent WiPG-1600W Devices Hard-coded Root Password Hash in Barco wePresent WiPG-1600W Devices (CVE-2020-28329) Remote Code Execution via Directory Traversal in Microweber Backup Restore Feature Object Injection Vulnerability in usc-e-shop Plugin for WordPress Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Samsung Mobile Devices: Factory Reset Protection Bypass via Secure Folder (SVE-2020-18546) Buffer Overflow Vulnerability in Samsung Mobile Devices with Exynos990 Chipsets Bypassing Authentication in Samsung S Secure Application (SVE-2020-18689) Samsung Mobile Devices Exynos Chipsets NPU Driver Arbitrary Code Execution Vulnerability LG Mobile Devices Android OS 8.0-10.0 Lack of NULL Parameter Check Vulnerability Wi-Fi Subsystem Crash Vulnerability on LG Mobile Devices with Android OS 10 ACRN 2.2 Vulnerability: NULL Pointer Dereference in virtio.c Archer A7 AC1750 Devices Remote Code Execution Vulnerability Subversion of Docker File Sandbox Feature in HashiCorp Nomad and Nomad Enterprise Inaccurate Frame Deduplication Vulnerability in ChirpStack Network Server 3.9.0 Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Cross Site Scripting (XSS) Vulnerability in Sokrates SOWA SowaSQL OPAC Mitel ShoreTel 19.46.1802.0 Devices Reflected XSS Vulnerability in Conferencing Component Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Indeterminate SSRF Vulnerability in private-ip npm Package v1.0.5 and Below Bypass of Header-Removal Protection in Kamailio/SER Leading to Revenue Loss Denial of Service Vulnerability in Go Versions 1.14.12 and 1.15.x Stored Cross-Site Scripting (XSS) Vulnerability in Locust Web UI Stored Cross-Site Scripting (XSS) Vulnerability in Unsupported Sentrifugo 3.2 Arbitrary Code Execution via Code Injection in Go Command with cgo Arbitrary Code Execution via Code Injection in Go Command with cgo Platypus Attack: Side-Channel Vulnerability in Xen Allows Leakage of Sensitive Information Privilege Escalation Vulnerability in BeyondTrust Privilege Management for Windows Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Integer Overflow Bypass Leading to Out-of-Bounds Access in ReadyTalk Avian 1.2.0 Remote Code Execution Vulnerability in NETGEAR Devices via UPnPd Directory Traversal Vulnerability in Linux Kernel's LIO SCSI Target Code Oracle CRM Gateway for Mobile Devices: Unauthenticated Access Vulnerability Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 Out-of-Bounds Write Vulnerability in JT2Go, Solid Edge, and Teamcenter Visualization (ZDI-CAN-11885) Stack-Based Buffer Overflow in Solid Edge SE2020 and SE2021 Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 (ZDI-CAN-12049) Out-of-Bounds Write Vulnerability in Solid Edge SE2020 and SE2021 Arbitrary File Disclosure Vulnerability in Solid Edge SE2020 and SE2021 Predictable Initial Sequence Numbers (ISNs) in Multiple Building Automation Systems Vulnerability in Oracle Service Intelligence of Oracle E-Business Suite: Unauthorized Access and Data Compromise Web Client Session Storage Information Leakage Vulnerability Vulnerability: Hardcoded RSA Key in SCALANCE X-200 Switch Family Improper Permissions in SIMARIS Configuration (All versions < V4.0.1) Could Lead to Privilege Escalation OSPF Denial-of-Service Vulnerability in SCALANCE XM-400 and XR-500 (Versions prior to v6.4) Memory Access Vulnerability in JT2Go and Teamcenter Visualization (ZDI-CAN-12283) Vulnerability: Insecure Private Key Generation in SCALANCE X-200RNA and X-300 Switches Insecure Ciphers Usage Vulnerability in SICAM A8000 CP-8000 and CP-8021/8022 (All versions < V16) Vulnerability: Unauthorized Access to PLC Program Variables Vulnerability in Oracle E-Business Intelligence of Oracle E-Business Suite: Unauthorized Access and Data Compromise Denial-of-Service Vulnerability in Affected Devices via DCP Reset Packet Flood Improper Authorization Vulnerability in Star Practice Management Web Version 2019.2.0.6 Allows Unauthorized Access to WIP Details Improper Authorization Vulnerability in Star Practice Management Web Version 2019.2.0.6 Allows Unauthorized Access to Launcher Configuration Panel CSRF Vulnerability in Star Practice Management Web Version 2019.2.0.6 Allows Privilege Escalation and Account Takeover Improper Authorization Vulnerability in Star Practice Management Web Version 2019.2.0.6 Allows Unauthorized Access to Billing Page Improper Authorization Vulnerability in Star Practice Management Web Version 2019.2.0.6 Improper Authorization Vulnerability in Star Practice Management Web Version 2019.2.0.6 Symlink Attack Vulnerability in swtpm Cross-Site Scripting (XSS) Vulnerability in Dundas BI Dashboard Creation and Editing Cross-Site Scripting (XSS) Vulnerability in Dundas BI Server Vulnerability in Oracle Knowledge Management of Oracle E-Business Suite: Unauthorized Access and Data Compromise SQL Injection Vulnerability in MantisBT 2.24.3 via API SOAP Parameter access Reflected Cross-Site Scripting (XSS) Vulnerability in TranzWare Payment Gateway 3.1.12.3.2 Reflected Cross-Site Scripting (XSS) Vulnerability in TranzWare Payment Gateway 3.1.12.3.2 HP PageWide and OfficeJet Printer Software Vulnerability: Unauthorized Local Code Execution via I.R.I.S. OCR Software Arbitrary Code Execution Vulnerability during Installation Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Privilege Escalation Vulnerability in CA Unified Infrastructure Management 20.1 and Earlier Command Injection Vulnerability in git-archive's exports Function Critical Vulnerability Found in All Versions of Monorepo-Build Package Critical Vulnerability Found in s3-kilatstorage Package: All Versions Affected CurlJS Package Vulnerability Command Injection Vulnerability in kill-process-on-port Package Command Injection Vulnerability in geojson2kml Package Vulnerability in Oracle iSupport Allows Unauthorized Access and Data Manipulation Critical Vulnerability in node-latex-pdf Package Critical Code Injection Vulnerability in gitblame Package (All Versions) Critical Code Injection Vulnerability in ffmpeg-sdk (All Versions) Critical Vulnerability Found in google-cloudstorage-commands Package Critical Remote Code Injection Vulnerability in heroku-env Package Critical Injection Vulnerability in deferred-exec Package (All Versions) Remote Code Injection Vulnerability in corenlp-js-prefab Package Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Command Injection Vulnerability in corenlp-js-interface Prototype Pollution Vulnerability in conf-cfg-ini before 1.2.2 Prototype Pollution in js-data's deepFillIn function Critical Injection Vulnerability in sonar-wrapper Package Code Injection Vulnerability in npm-help Package Command Injection Vulnerability in ntesseract Package (Versions before 0.2.9) via lib/tesseract.js Critical Code Injection Vulnerability in xopen Package (All Versions) Prototype Pollution in multi-ini Package (before 2.1.1) Critical Vulnerability in decal Package's set Function Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Critical Vulnerability in decal Package's extend Function Critical Security Vulnerability in image-tiler (before 2.0.2) CSRF Protection Bypass in com.softwaremill.akka-http-session:core Critical Code Injection Vulnerability in npos-tesseract Package (All Versions) Unescaped Title and Header Content Vulnerability in markdown-it-toc Package Cross-site Scripting (XSS) Vulnerability in s-cart/core Admin Panel XSS Vulnerability in s-cart/core Admin Dashboard Search Functionality Prototype Pollution vulnerability in datatables.net Cross-Site Scripting (XSS) Vulnerability in markdown-it-decorate Package Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Prototype Pollution Vulnerability in multi-ini Package (CVE-2020-28448 Bypass) Prototype Pollution in js-ini before 1.3.0 Prototype Pollution Vulnerability in ion-parser Server-side Request Forgery (SSRF) vulnerability in reportlab package via img tags Arbitrary Code Execution Vulnerability in djv Package (CVE-XXXX-XXXX) Untrusted Account Denial-of-Service Vulnerability in NATS Server Server-Side Template Injection (SSTI) in pwntools before 4.3.1 allows Remote Code Execution Path Separator Enclosure Regex Vulnerability Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Serialization Vulnerability in @scullyio/scully Package (Versions before 1.0.9) Critical Security Vulnerability in properties-reader Package (<=2.2.0) Prototype Pollution in @aws-sdk/shared-ini-file-loader and aws-sdk Web Cache Poisoning Vulnerability in bottle 0.12.19 and earlier versions Critical Vulnerability in All Versions of Immer Package Critical Security Vulnerability in gsap < 3.6.0 Denial of Service (DoS) Vulnerability in jointjs Package's unsetByPath Function Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Prototype Pollution in jointjs before 3.3.0 via util.setByPath Insecure Defaults: CORS Misconfiguration in socket.io Insecure Defaults and CSRF Token Exposure in fastify-csrf before 3.0.0 IP Spoofing Vulnerability in github.com/gin-gonic/gin Code Injection Vulnerability in vis-timeline Package Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Command Injection Vulnerability in async-git Package Unchecked Allocation of Byte Buffer Vulnerability in com.fasterxml.jackson.dataformat:jackson-dataformat-cbor ReDoS Vulnerability in Jinja2 Package Arbitrary Command Execution in total.js before 3.4.7 Prototype Pollution Vulnerability in total.js before 3.4.7 RGB Color Denial of Service Vulnerability Cryptographic Vulnerability in elliptic Package's secp256k1 Implementation Prototype Pollution vulnerability in package merge via _recursiveMerge Vulnerability in Oracle Depot Repair: Unauthorized Access and Data Compromise Lodash ReDoS Vulnerability in toNumber, trim, and trimEnd Functions Unbounded User Agent String Length Regex Vulnerability Arbitrary Code Injection Vulnerability in xmlhttprequest Package Prototype Pollution Vulnerability in copy-props Package (Versions before 2.0.5) Oracle Solaris Common Desktop Environment Privilege Escalation Vulnerability Vulnerability in Oracle Advanced Outbound Telephony of Oracle E-Business Suite: Unauthorized Access and Data Compromise MySQL Server Privilege Escalation Vulnerability Oracle Advanced Outbound Telephony User Interface Unauthenticated Remote Code Execution Vulnerability Oracle iSupport Unauthenticated Remote Code Execution Vulnerability Oracle Advanced Outbound Telephony User Interface Unauthenticated Remote Code Execution Vulnerability Oracle Advanced Outbound Telephony User Interface Unauthenticated Remote Code Execution Vulnerability Privilege Escalation Vulnerability in Trend Micro Apex One Installer Improper Access Control Information Disclosure Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Unauthenticated Path Traversal Arbitrary Remote File Deletion Vulnerability in Trend Micro Worry-Free Business Security 10 SP1 Heap-based Buffer Overflow Privilege Escalation Vulnerability in Trend Micro ServerProtect for Linux 3.0 Improper Access Control Information Disclosure Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Improper Access Control Information Disclosure Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Remote Code Execution Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Remote Code Execution Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Command Injection Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Command Injection Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Improper Access Control Information Disclosure in Trend Micro Apex One and OfficeScan XG SP1 Improper Access Control Information Disclosure Vulnerability in Trend Micro Apex One and OfficeScan XG SP1 Heap-based Buffer Overflow in SoftMaker Office PlanMaker 2021 (Revision 1014) Kernel Memory Leak via /proc/pid/syscall Information Disclosure Vulnerability Improper Array Index Validation Vulnerability in tinyobjloader v2.0-rc1 and development commit 79d4421 Denial of Service Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Obj File TriangleMesh::TriangleMesh() Out-of-Bounds Read Vulnerability AMFParserContext::endElement() Out-of-Bounds Read Vulnerability Heap-based Buffer Overflow Vulnerability in Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0 Configuration Server Unauthenticated Backdoor Vulnerability in Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0 Use-After-Free Vulnerability in PrusaSlicer 2.2.0 and Master PrusaSlicer 2.2.0 and Master (commit 4b040b856) Out-of-Bounds Write Vulnerability Stack-based Buffer Overflow in PrusaSlicer Objparser::objparse() Functionality Predictable Seed Vulnerability in Epignosis EfrontPro 5.2.21 Password Reset Functionality Admesh STL_fix_normal_directions() Out-of-Bounds Write Vulnerability in PrusaSlicer 2.2.0 and Master Stack-based Buffer Overflow in Openscad's import_stl() Functionality Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Out-of-Bounds Write Vulnerability in Openscad openscad-2020.12-RC2's import_stl() Functionality Out-of-Bounds Read Vulnerability in CGAL libcgal CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Vulnerability in Oracle Marketing of Oracle E-Business Suite: Unauthorized Access and Data Compromise Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Vulnerability in Oracle One-to-One Fulfillment Print Server Component Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Vulnerability in Oracle Advanced Outbound Telephony Allows Unauthorized Access and Data Manipulation Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Multiple Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Out-of-Bounds Read Vulnerability in CGAL libcgal CGAL-5.1.1 Nef Polygon Parsing Vulnerability: Encryption Key Leakage in Tomb 2.0 through 2.7 Oracle iSupplier Portal Unauthorized Read Access Vulnerability Arbitrary File Deletion Vulnerability in Malwarebytes Free 4.1.0.56 Weak Password-Reset Code Vulnerability in InfiniteWP Admin Panel Improper CSRF Token Check in ownCloud/core < 10.6 User Deletion Vulnerability in ownCloud/core Versions < 10.6 DLL Injection Vulnerability in ownCloud Desktop Client Stored Cross-Site Scripting (XSS) Vulnerability in MOVEit Transfer before 2020.1 Remote Code Execution in Nagios XI Auto-Discovery Component CSRF Vulnerability in orbisius-child-theme-creator Plugin for WordPress Oracle Configurator Unauthenticated Read Access Vulnerability XSS Vulnerability in WPBakery Plugin for WordPress Remote Code Execution Vulnerability in Zoho ManageEngine OpManager Stable Build Arbitrary Code Execution Vulnerability in Volkswagen Polo 2019 Discover Media Infotainment System Unauthenticated SQL Injection Vulnerability in bPanel 2.0 Oracle E-Business Suite Vulnerability: Unauthorized Data Manipulation via Attachments/File Upload Oracle WebLogic Server Unauthenticated Remote Code Execution Vulnerability Remote Arbitrary Code Execution in MonoCMS Blog 1.0 via Incorrect Access Control SQL Injection Vulnerability in Zoho ManageEngine Applications Manager Vulnerability in Oracle PeopleSoft Enterprise PeopleTools: Unauthorized Data Access and Manipulation Arbitrary File Upload Vulnerability in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 Arbitrary File Upload Vulnerability in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 Oracle WebLogic Server Console Unauthenticated Access Vulnerability Arbitrary PHP File Execution via .htaccess Abuse in Gila CMS 1.16.0 Unrestricted File Upload Vulnerability in HorizontCMS 1.0.0-beta Critical Remote Code Execution and Admin Credential Retrieval Vulnerability in Askey Fiber Router RTF3505VW-N1 Vulnerability in Oracle One-to-One Fulfillment Print Server: Unauthorized Access and Data Compromise SQL Injection Vulnerability in PybbsCMS v5.2.1's TopicMapper.xml Allows Unauthorized Database Access CSRF Vulnerability in FUEL CMS 1.4.13 Allows Unauthorized Page Deletion Cross Site Scripting (XSS) vulnerability in Stockdio Historical Chart plugin for WordPress Vulnerability in Oracle Advanced Outbound Telephony Allows Unauthorized Access and Data Manipulation Insecure Access Control in Night Owl Smart Doorbell Push Notification Service Remote Code Execution and Privilege Escalation Vulnerability in LeEco LeTV X43 (V2401RCN02C080080B04121S) Arbitrary Code Execution via Cross Site Scripting (XSS) in kindsoft kindeditor 4.1.12 Vulnerability in Oracle iSupport Allows Unauthorized Access and Data Manipulation Cross-Site Scripting (XSS) Vulnerability in Deskpro Cloud Platform and On-Premise 2020.2.3.48207: Account Takeover via Custom Email Templates Memory Leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1 Double Slash Open Redirect Vulnerability in Werkzeug Open Redirect Vulnerability in SeedDMS 6.0.13 via dropfolderfileform1 parameter in out/out.AddDocument.php Cross-Site Scripting (XSS) Vulnerability in SeedDMS 6.0.13 via folderid Parameter Vulnerability in Oracle Customer Interaction History Allows Unauthorized Access and Data Manipulation XXE Vulnerability in Plone 5.2.3 Manager Role Feature SSRF Vulnerability in Plone Tracebacks Feature Unapplied Permission XXE Vulnerability in Plone Vulnerability in Oracle Email Center of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle MySQL Connectors: Unauthorized Data Access and Manipulation Buffer Overflow Vulnerability in OAID Tengine lite-v1.0's Serializer Module Oracle Marketing Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Oracle Partner Management of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle iSupport Mail Component: Unauthorized Access and Data Compromise Vulnerability in Oracle Scripting product of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle Learning Management of Oracle E-Business Suite: Unauthorized Access and Data Compromise Vulnerability in Oracle CRM Technical Foundation of Oracle E-Business Suite: Unauthorized Access and Data Compromise Oracle Human Resources Hierarchy Diagrammers Vulnerability Oracle WebLogic Server Unauthenticated Takeover Vulnerability CSRF Vulnerability in OpenCart CMS 3.0.3.6 CART Option Oracle WebLogic Server Unauthenticated Takeover Vulnerability Buffer Overflow Vulnerability in jhead version 3.04 Allows Arbitrary Code Execution and DoS Denial of Service Vulnerability in DriverGenius 9.61.3708.3054 CSV Injection Vulnerability in Netskope Admin Portal CSRF Vulnerability in SeaCMS 10.7 Allows Unauthorized Admin Account Addition XSS Vulnerability in xCss Valine v1.4.14 via the nick Parameter CSV Injection Vulnerability in ChurchCRM 4.2.0: Remote Code Execution via Crafted CSV File ChurchCRM Version 4.2.1 - Cross Site Scripting (XSS) Vulnerability in View All Deposit Module Vulnerability in Oracle Document Management and Collaboration: Unauthorized Access and Data Compromise Index Out of Range Panic in x/text/language.ParseAcceptLanguage in Go 1.15.4 Out-of-Range Slice Bounds Panic in x/text Go Library's Language Parsing IP Spoofing Vulnerability in OpenAsset Digital Asset Management (DAM) 12.0.19 Stored Cross-Site Scripting Vulnerability in OpenAsset Digital Asset Management (DAM) Cross-Site Request Forgery (CSRF) Vulnerability in OpenAsset Digital Asset Management (DAM) through 12.0.19 Reflected Cross-Site Scripting Vulnerability in OpenAsset Digital Asset Management (DAM) Oracle CRM Technical Foundation Preferences Unauthenticated Remote Code Execution Vulnerability Authenticated Blind SQL Injection in OpenAsset Digital Asset Management (DAM) through 12.0.19 Unauthenticated Access to Sensitive Project Information in OpenAsset Digital Asset Management (DAM) Buffer Overflow Vulnerability in WinSCP 5.17.8: Denial of Service via Long File Name Arbitrary User Password Change Vulnerability in PowerJob Oracle Customer Interaction History Unauthorized Data Manipulation Vulnerability Arbitrary Code Execution Vulnerability in InoERP 0.7.2 Arbitrary Code Execution via Insecure File Upload in Monitorr v1.7.6m Authorization Bypass Vulnerability in Monitorr v1.7.6m Allows Unauthorized Creation of Valid Credentials Denial of Service (DoS) Vulnerability in Fluxbb 1.5.11 via Long Passwords Insecure Password Reset Logic in reset-password.php in ProjectSend Buffer Overflow Vulnerability in TP-Link WR and WDR Series Routers Oracle Marketing Unauthenticated Read Access Vulnerability OS Command Injection in Liferay Portal Server: Administrator Privilege Abuse OS Command Injection in Liferay Portal Server Oracle CRM Technical Foundation Preferences Unauthenticated Read Access Vulnerability Memory Corruption Vulnerability in Wind River VxWorks Memory Allocator Unencrypted Connection Exposure Vulnerability in Mutt and NeoMutt Insufficient Input Validation in QED ResourceXpress through 4.9k Allows Server Error in Script Execution Unauthenticated Remote Access Vulnerability in ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 Devices Oracle Applications Framework Vulnerability: Unauthorized Access and Data Compromise Untrusted Update Package Vulnerability in Nagios Fusion and Nagios XI Privilege Escalation and Code Execution Vulnerability in Nagios Fusion 4.1.8 and Earlier Privilege Escalation via Command Injection in Nagios Fusion 4.1.8 and Earlier Cross-Site Scripting (XSS) Vulnerability in Nagios Fusion 4.1.8 and Earlier Privilege Escalation Vulnerability in Nagios Fusion 4.1.8 and Earlier Remote Code Execution Vulnerability in Nagios Fusion 4.1.8 and Earlier via Table Pagination Privilege Escalation to Root via Incorrect File Permissions in Nagios XI and Nagios Fusion Insecure SSL Certificate Validation in Nagios Fusion 4.1.8 and Earlier: Privilege Escalation and Code Execution Privilege Escalation via Command Injection in Nagios Fusion 4.1.8 and earlier Privilege Escalation via Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier Vulnerability in Oracle Financial Services Liquidity Risk Management: Unauthorized Data Access and Modification Privilege Escalation via Insecure Permissions in Nagios XI 5.7.5 and earlier Insecure Access Control in Nagios Fusion 4.1.8 and earlier allows unauthorized password extraction via test_server command Man-in-the-Middle Vulnerability in MariaDB on Windows Improper File Permissions Vulnerability in Kata Containers Prior to 1.11.5 Buffer Over-read Vulnerability in Linux Kernel's fbcon Code (CVE-2020-12345) Infinite Loop Vulnerability in QEMU 5.0.0 via RX Descriptor with NULL Buffer Address Sensitive Data Exposure in TYPO3 View Statistics Extension Username Enumeration Vulnerability in DualShield 5.9.8.0821 Login Form Stored Cross Site Scripting (XSS) Vulnerability in Checkmk 1.6.0x: Arbitrary JavaScript Injection via View Title MySQL Server Denial of Service Vulnerability Arbitrary Ring-0 Code Execution and Privilege Escalation via PCADRVX64.SYS IOCTL Vulnerability Arbitrary Ring-0 Code Execution and Privilege Escalation in Devid Espenschied PC Analyser Data Amplification Vulnerability in Play Framework 2.8.0 through 2.8.4 Weak Password Generation Vulnerability in Rclone Unrestricted Filter Options in Bolt CMS Twig Context Vulnerability Buffer Overflow Vulnerability in ReadyMedia (aka MiniDLNA) Allows Remote Code Execution Stored XSS Vulnerability in Magicpin v2.1 User Registration Section Buffer Overflow Vulnerability in musl libc's wcsnrtombs Function Unauthenticated Remote Retrieval of Administrative Hashed Credentials in EPSON EPS TSE Server 8 (21.0.11) Title: High-Privilege Network Access Vulnerability in Oracle MySQL Server (InnoDB Component) Cross-Site Scripting (XSS) Vulnerability in EPSON EPS TSE Server 8 (21.0.11) User Management Page CSRF Vulnerability in EPSON EPS TSE Server 8 (21.0.11) Allows Unauthenticated Attackers to Execute Unauthorized POST Requests Local Symlink Attack Vulnerability in NLnet Labs Unbound and NSD OpenClinic Version 0.8.2 Missing Authentication Vulnerability: Unauthorized Access to Patient Medical Test Results Stored XSS and User Impersonation Vulnerability in OpenClinic version 0.8.2 OpenClinic version 0.8.2 - Medical/Test_new.php Insecure File Upload Vulnerability Vulnerability in Oracle VM VirtualBox: Remote Takeover Authentication Bypass Vulnerability in Western Digital My Cloud OS 5 Devices Invalid Free Vulnerability in Linux Kernel's Speakup Driver Vulnerability: Bypassing CA Restriction in PrimeKey EJBCA EST Enrollment Server-Side Request Forgery (SSRF) Vulnerability in OX App Suite 7.10.4 and Earlier Denial of Service Vulnerability in OX Guard 2.10.4 and Earlier Undocumented XSS Vulnerability in OX App Suite 7.10.4 and Earlier Improper Webserver Configuration on Plum IK-401 Devices Allows Unauthorized Access to Hashed Credential Data XSS Vulnerability in MISP 2.4.134 Template Element Index View Unserialization Attack Vulnerability in Archive_Tar through 1.4.10 Insufficient Sanitization of Stream-Wrapper Attacks in Archive_Tar through 1.4.10 MySQL Server InnoDB Component Denial of Service Vulnerability Kaspersky Anti-Ransomware Tool (KART) Installer DLL Hijacking Vulnerability Use After Free Vulnerability in libuci Allows Remote Code Execution Static and Insecure ZigBee Network Key Used in Athom Homey and Homey Pro Devices Multiple Voting Vulnerability in BigBlueButton Unsanitized User Input in ApiController.groovy in BigBlueButton Cross-Site Scripting (XSS) Vulnerability in SugarCRM v6.5.18 Create Employee Module Cross-Site Scripting (XSS) Vulnerabilities in SugarCRM v6.5.18 Sales Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in Foxlor v0.10.16 Customer Add Module MySQL Server Information Schema Denial of Service Vulnerability Multiple SQL Injection Vulnerabilities in Chichen Tech CMS v1.0's product_list.php File Stored XSS Vulnerability in Perfex CRM v2.4.4 via Company Name Parameter Buffer Overflow Vulnerability in Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 Stack Buffer Overflow in Internet Download Manager 6.37.11.1 Search Function Buffer Overflow Vulnerability in FlashGet v1.9.6 Allows Privilege Escalation via Current Path Directory Function Stored Cross-Site Scripting (XSS) Vulnerability in Draytek VigorAP 1000C RADIUS Server Configuration Module Buffer Overflow Vulnerability in Aplioxio PDF ShapingUp 5.0.0.139 MySQL Server Denial of Service Vulnerability Authentication Bypass Vulnerability in Western Digital My Cloud OS 5 Devices Western Digital My Cloud OS 5 Devices Authentication Bypass Vulnerability Unauthenticated SSL/TLS Certificate Validation in SaltStack Salt before 3002.5 Authentication Bypass Vulnerability in ABUS Secvest Wireless Alarm System Slab-out-of-bounds Read Vulnerability in fbcon Denial of Service Vulnerability in Libsvm's svm_predict_values Function Blind SSRF Vulnerability in Canto Plugin 1.3.0 for WordPress Blind SSRF Vulnerability in Canto Plugin 1.3.0 for WordPress Blind SSRF Vulnerability in Canto Plugin 1.3.0 for WordPress MySQL Server 8.0.19 Denial of Service Vulnerability Improper Validation of Parameters in SPIP before 3.2.8 Vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing (9.2) Allows Unauthorized Data Access and Manipulation Remote Code Execution in Gitea via Git Protocol Path with Newlines Directory Traversal Vulnerability in ATX miniCMTS200a and Pico CMTS 2.0: Unauthorized Retrieval of Administrator Credentials Critical SQL Injection Vulnerability in Karenderia Multiple Restaurant System 5.4.2 and Below Critical Telnet Service Vulnerability on Geeni GNC-CW013 Doorbell 1.8.1 Devices Static Credentials in Apexis Streaming Video Web Application on Geeni GNC-CW013 Doorbell 1.8.1 Devices Vulnerability in Oracle GraalVM Enterprise Edition: Unauthorized Data Access and Manipulation Remote Code Execution Vulnerability in Geeni GNC-CW013 Doorbell 1.8.1 Devices Static Username and Password Vulnerability in Geeni and Merkury Devices Cross-Site Scripting (XSS) Vulnerability in CologneBlueTemplate.php in MediaWiki through 1.35 Cross-Site Scripting (XSS) Vulnerability in PollNY Extension for MediaWiki CSRF Vulnerability in MediaWiki Push Extension API Cleartext Credential Vulnerability in MediaWiki Push Extension API Unauthenticated Access Control Vulnerability in MISP before 2.4.135 Remote Code Execution Vulnerability in Score Extension for MediaWiki MySQL Server Denial of Service Vulnerability SQL Injection Vulnerabilities in FortiSandbox Modules Insufficient Session Expiration Vulnerability in FortiSandbox Versions 3.2.1 and Below Improper Input Validation Vulnerability in FortiSandbox Sniffer Interface Race Condition Vulnerability in FortiSandbox Command Shell Blind SQL Injection Vulnerability in FortiWeb User Interface Stack-based Buffer Overflow Vulnerability in FortiWeb Versions 6.3.0 - 6.3.5 and Versions Before 6.2.4 FortiDeceptor 3.1.0, 3.0.1, 3.0.0 Customization Page Command Injection Vulnerability FortiWeb 6.3.0-6.3.5 Format String Vulnerability Stack-Based Buffer Overflow Vulnerability in FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 Vulnerability in Oracle VM VirtualBox Allows Takeover Improper Access Control vulnerability in Secomea SiteManager allows remote unauthorized access Cross-Site Scripting (XSS) Vulnerability in GateManager Web UI Input Field Web Cache Poisoning Vulnerability in Secomea GateManager Web Server Arbitrary Command Execution via CSV Report Generator in Secomea GateManager Insecure Cookie Handling in Secomea GateManager Prior to 9.3 Cross-Site Scripting (XSS) Vulnerability in SiteManager-Embedded (SM-E) Web Server Directory Traversal Vulnerability in GateManager File Upload Function Secomea SiteManager GUI XSS Vulnerability Arbitrary JavaScript Injection Vulnerability in Secomea GateManager Web GUI Cross-site Scripting (XSS) Vulnerability in Secomea GateManager Web GUI MySQL Server Denial of Service Vulnerability CSRF Vulnerability in Secomea GateManager Web GUI Allows Remote Code Execution Insecure Direct Object Reference Vulnerability in GateManager Allows Password Reset Escalation Code Execution Vulnerability in Secomea GateManager Firmware Archive MySQL Server Denial of Service Vulnerability Xen x86 HVM Guest OS Denial of Service and Privilege Escalation Vulnerability Unauthenticated Source Code Disclosure in Web-Sesame 2020.1.1.3375 Unlimited Code Entry Vulnerability in BigBlueButton Arbitrary Domain Name Account Creation Vulnerability in BigBlueButton Arbitrary Code Execution Vulnerability in Food-and-Drink-Menu Plugin for WordPress Arbitrary Code Execution Vulnerability in wp-hotel-booking Plugin Vulnerability in Oracle VM VirtualBox: Remote Takeover Directory Traversal Vulnerability in SphinxSearch Cross-Site Scripting (XSS) Vulnerability in HRSALE 2.0.0 via admin/project/projects_calendar set_date Parameter Cleartext TELNET Credentials Disclosure Vulnerability Vulnerability: Cleartext Passwords and Man-in-the-Middle Attacks in CDATA Devices TFTP Download Configuration Vulnerability Denial of Service Vulnerability in CDATA and FD Series Devices via Telnet Server (Shawarma Attack) Cleartext Web-Server Credential Disclosure Vulnerability Default panger123 Password Vulnerability Critical Vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing (Supplier Change Component) Default debug124 password vulnerability on CDATA devices Default root126 password vulnerability on CDATA devices Default Blank Password for Guest Account Vulnerability Vulnerability: Weak Custom Encryption Algorithm for Password Storage Denial-of-Service Vulnerability in Modern Honey Network (MHN) through 2020-11-23 Vulnerability in Oracle VM VirtualBox Allows Takeover XSS Vulnerability in osCommerce 2.3.4.1: Authenticated User XSS via Newsletter Title Insecure HTML Rendering in LiquidFiles Shares Feature Cross-Site Script Inclusion Vulnerability in LiquidFiles before 3.3.19 Insecure Permissions in x11vnc 0.9.16's scan.c Information Exposure Vulnerability in Acrobat Reader DC Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle VM VirtualBox: Unauthorized Partial Denial of Service Vulnerability in Oracle VM VirtualBox: Unauthorized Data Access and Modification Vulnerability in Oracle VM VirtualBox Allows Takeover Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community Allows Unauthorized Data Access Root Privilege Escalation Vulnerability in Fujitsu Eternus Storage DX200 S4 Devices XML Entity Resolution Vulnerability in Petl (Versions Before 1.68) Buffer Over-read Vulnerability in libslirp through 4.3.1 Vulnerability in Oracle VM VirtualBox allows for takeover Buffer Over-read Vulnerability in libslirp through 4.3.1 XSS Vulnerability in Coremail XT 5.0 via Uploaded Personal Signature Path Traversal Vulnerability in TOTVS Fluig Platform Multiple instances of URL parameter injection in cPanel before 90.0.17 (SEC-567) CPanel Brute-Force Bypass Vulnerability in 2FA (SEC-575) Self-XSS vulnerability in cPanel's WHM Transfer Tool interface (SEC-577) Improper Access Control Allows Unauthorized Download of Router Configuration File Arbitrary SQL Command Execution in OpenEMR Patient Select Interface Vulnerability in Oracle VM VirtualBox allows for takeover Arbitrary SQL Command Execution in OpenEMR Immunization Report Interface SQL Injection Vulnerability in OpenEMR Interface Arbitrary SQL Command Execution in OpenEMR Interface/Reports/Non_Reported.php Stored XSS Vulnerability in Ericsson BSCS iX R18 Billing & Rating iX R18: Account Takeover and Session Hijacking Stored XSS Vulnerability in Ericsson BSCS iX R18 Billing & Rating iX R18 via ADMX Module Cross-Site Scripting (XSS) Vulnerability in Wayang-CMS v1.0 index.php SQL Injection Vulnerability in Wayang-CMS v1.0 Allows Unauthorized Database Access Oracle Coherence Remote Code Execution Vulnerability Arbitrary Order Status Disclosure in WooCommerce Plugin for WordPress DLL Hijacking Vulnerability in RAONWIZ K Editor v2018.0.0.10 Bypassing Access Control on Internal Articles in Zammad Privileged Role Misconfiguration in Zammad Vulnerability: Audit Bypass via Ticket Article Manipulation in Zammad SQL Injection Vulnerability in PacsOne Server (PACS Server In One Box) Versions Below 7.1.1 Cross-Site Scripting (XSS) Vulnerability in PacsOne Server (PACS Server In One Box) below 7.1.1 Remote Privilege Escalation in PacsOne Server (PACS Server In One Box) below 7.1.1 Remote Information Disclosure Vulnerability in PacsOne Server (PACS Server In One Box) Versions Below 7.1.1 SQL Injection Vulnerability in Projectworlds Online Doctor Appointment Booking System XSS Vulnerability in All In One WP Security & Firewall Plugin Cross-Site Scripting (XSS) Vulnerability in LiteSpeed Cache Plugin for WordPress via Server IP Setting Arbitrary Code Execution via Crafted JPG File Upload in Z-BlogPHP v1.6.1.2100 Arbitrary File Deletion Vulnerability in Z-BlogPHP v1.6.1.2100 via \app_del.php TerraMaster TOS <= 4.2.06 Incorrect Access Control Vulnerability Insecure Hard-Coded Password Vulnerability in Panasonic Security System WV-S2231L 4.25 Denial of Service Vulnerability in Panasonic Security System WV-S2231L 4.25 Oracle Agile PLM Unauthenticated Remote Code Execution Vulnerability Buffer Overflow Vulnerability in struct2json: strcpy used in S2J_STRUCT_GET_string_ELEMENT Stored XSS Bypass in XXL-JOB 2.2.0 via UserController.java Arbitrary Code Injection Vulnerability in Project Worlds Online Examination System 1.0 Signup Form Vulnerability in Oracle MySQL Server: Group Replication Plugin allows for Denial of Service (DoS) Attacks SQL Injection Vulnerability in SourceCodester Alumni Management System 1.0: Bypassing Authentication via admin/login.php Cross Site Scripting Vulnerability in SourceCodester Employee Management System 1.0 Unauthenticated Unauthorized Read Access Vulnerability in Oracle MySQL Client File Inclusion Vulnerability in Car Rental Management System 1.0 SQL Injection Vulnerability in EGavilanMedia User Registration and Login System With Admin Panel 1.0 MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in EGavilanMedia User Registration and Login System With Admin Panel 1.0 - Admin Panel - Manage User Tab Cross-Site Scripting (XSS) Vulnerability in EGavilanMedia User Registration and Login System With Admin Panel 1.0 Cross-Site Scripting (XSS) Vulnerability in WonderCMS 3.1.3 Page Description Component Remote Code Execution Vulnerability in ExpressVPN Router Version 1 Cross-Site Scripting (XSS) Vulnerability in Online Birth Certificate System Project V 1.0 MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Lepton-CMS 4.7.0 Cross-Site Scripting (XSS) Vulnerability in Online News Portal using PHP/MySQLi 1.0 Critical Vulnerability in Dhowden Tag Prior to 2020-11-19: Exploitable 'Index Out of Range' Error in readPICFrame Critical Vulnerability in Dhowden Tag Prior to 2020-11-19: Index Out of Range Error in readAPICFrame Dhowden Tag Vulnerability: Panic Error via readTextWithDescrFrame Dhowden Tag Prior to 2020-11-19: Critical Vulnerability Exploiting 'panic: runtime error: slice bounds out of range' in readAtomData Cross-Site Scripting (XSS) Vulnerability in WonderCMS 3.1.3 Admin Panel Lack of Input Validation in CXUUCMS V3 Allows Cross-Site Scripting (XSS) via class=layui-input MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in CXUUCMS V3 via /public/admin.php Input Fields Unprotected Template Editing Vulnerability in TikiWiki 21.2 Online Examination System 1.0: Cross-Site Scripting (XSS) Vulnerability in feedback.php Online Examination System 1.0 XSS Vulnerability via 'w' Parameter in index.php Online Examination System 1.0 XSS Vulnerability in feedback.php Vulnerability in Oracle MySQL Server: Group Replication GCS Component (CVE-2020-2813) Memory Leak Vulnerability in libvncclient v0.9.13 via rfbClientCleanup() Oracle Solaris Common Desktop Environment Privilege Escalation Vulnerability Remote Code Execution via PHP Remote File Inclusion in 74CMS before 6.0.48 MySQL Server Denial of Service Vulnerability SQL Injection Vulnerability in Victor CMS v1.0 via 'search' Parameter Authentication Bypass via SQL Injection in BloodX 1.0 SQL Injection Vulnerability in Online Doctor Appointment Booking System PHP and MySQL Unauthenticated SQL Injection in Multi Restaurant Table Reservation System 1.0 SQL Injection Vulnerability in Point of Sales PHP/PDO 1.0 via id Parameter in edit_category.php SQL Injection Vulnerability in Car Rental Management System v1.0 SQL Injection Vulnerability in Gym Management System's manage_user.php File Vulnerability in Oracle VM VirtualBox: Takeover Exploit iBall WRD12EN 1.0.0 Devices Vulnerable to Cross-Site Request Forgery (CSRF) Attacks Critical SQL Injection Vulnerabilities Found in tourist5 Online-food-ordering-system 1.0 Command Injection Vulnerability in Zyxel Products MySQL Server Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in SabaiApp Directories Pro Plugin 1.3.45 for WordPress Cross-Site Scripting (XSS) Vulnerability in SabaiApps WordPress Directories Pro Plugin Oracle Knowledge Product Vulnerability: Unauthorized Takeover of Oracle Knowledge Remote Command Execution Vulnerability in Ubilling v1.0.9 Arbitrary Code Execution Vulnerability in Zend Framework v.3.1.3 and Earlier Stored XSS Vulnerability in ThinkAdmin v1-v6: Remote Code Injection Oracle Knowledge Unauthenticated Remote Denial of Service Vulnerability Vulnerability: Credentials Disclosure in D-Link Router DIR-868L 3.01 Firmware Vulnerability: Credentials Disclosure in D-Link Router DIR-880L 1.07 Firmware D-link Router DIR-885L-MFC 1.15b02, v1.21b05 Firmware Decompilation Vulnerability DLink Router DIR-895L MFC v1.21b05 Telnet Service Credentials Disclosure Vulnerability Vulnerability in MySQL Connectors: Unauthorized Partial Denial of Service Vulnerability in Oracle MySQL Connectors: Unauthorized Data Access and Partial Denial of Service Vulnerability in Oracle Financial Services Hedge Management and IFRS Valuations: Unauthorized Data Access and Modification Vulnerability in Oracle Financial Services Balance Sheet Planning Allows Unauthorized Data Manipulation Integer Overflow in p11-kit Array Allocations Heap-based Buffer Over-read in p11-kit RPC Protocol Heap-based Buffer Overflow in p11-kit RPC Protocol Stored XSS Vulnerability in NetArt News Lister 1.0.0 Allows Code Injection via News Headlines Heap-Based Buffer Overflow in Blosc C-Blosc2 through 2.0.0.beta.5 Race Condition in Copy-on-Write Implementation Grants Unintended Write Access in Linux Kernel (CVE-2020-10757) Race Condition in Linux Kernel's mm/mmap.c Vulnerability in Oracle Insurance Accounting Analyzer: Unauthorized Data Access and Modification Missing TID Increment in kmem_cache_alloc_bulk in Linux Kernel (CVE-2020-12653) Uninitialized Memory Leak in romfs_dev_read in Linux Kernel (CID-bcf85fcedfdd) Race Condition in Linux Kernel's do_madvise Function Unintended Filesystem Escape Vulnerability in Linux Kernel (CID-ff002b30181d) Unintended Write Access Vulnerability in Linux Kernel's get_user_pages Implementation (CID-17839856fd58) Hardcoded Password Vulnerability Allows Creation of Admin User on V-SOL OLT Devices Authentication Bypass Vulnerability in V-SOL OLT Devices Authentication Bypass Vulnerability on V-SOL V1600D V2.03.69 OLT Devices Privilege Escalation Vulnerability in V-SOL OLT Devices Unauthenticated Telnet Access Vulnerability in V-SOL OLT Devices Vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning: Unauthorized Data Access and Modification Cleartext Password Interception and Man-in-the-Middle Attack Vulnerability on V-SOL OLT Devices Command Injection Vulnerability in V-SOL OLT Devices Hardcoded RSA Private Key Vulnerability in V-SOL OLT Devices Hardcoded RSA Private Key Vulnerability in V-SOL OLT Devices Integer Overflow Vulnerability in PNGOUT 2020-01-15 Denial of Service Vulnerability in GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 Blank Root Password Vulnerability in Crux Linux Docker Images Vulnerability in Oracle Financial Services Asset Liability Management: Unauthorized Data Access and Modification Command Injection Vulnerability in Zeroshell 3.9.3's StartSessionSubmit Parameter Backdoor Vulnerability in Estil Hill Lock Password Manager Safe App 2.3 for iOS Arbitrary Code Execution Vulnerability in dlt-daemon through 2.18.5 Cross-Site Scripting (XSS) Vulnerability in EventON WordPress Plugin Sandboxing Issue in Odoo Community and Enterprise: Remote Code Execution and Privilege Escalation Vulnerability in Oracle Financial Services Profitability Management: Unauthorized Data Access and Modification Vulnerability in Oracle Financial Services Funds Transfer Pricing: Unauthorized Data Access and Modification Vulnerability in Oracle Financial Services Price Creation and Discovery: Unauthorized Data Access and Modification Vulnerability in Oracle Financial Services Liquidity Risk Measurement and Management User Interface XXE vulnerability in Sonatype Nexus Repository Manager 3.x before 3.29.0 allows unauthorized access to external content SQL Injection in Buzz Module of OrangeHRM through 4.6 Vulnerability: Key Fob Firmware Update Without Signature Verification in Tesla Model X Vehicles Vulnerability: Key Fob Authentication Vulnerability in Pre-2020 Tesla Model X Vehicles Oracle Solaris Common Desktop Environment Vulnerability Insecure Key Fob Pairing Vulnerability in Pre-2020 Tesla Model X Vehicles Arbitrary File Upload Vulnerability in OutSystems Platform 10 Out-of-Bounds Read Vulnerability in QEMU 5.1.0's ide_atapi_cmd_reply_end Function Cross-Site Scripting (XSS) Vulnerability in Team Calendar Plugin for Confluence Server Blind Server-Side Request Forgery Vulnerability in Confluence Server's Team Calendars Parameters Insecure Direct Object References (IDOR) Vulnerability in Atlassian Fisheye & Crucible Atlassian Crucible File Upload Request Denial of Service (DoS) Vulnerability Arbitrary File Read Vulnerability in Confluence Server and Data Center Vulnerability in Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management: Unauthorized Data Access and Modification Denial of Service (DoS) Vulnerability in Atlassian Confluence Server and Data Center's Avatar Upload Feature Jira Server and Data Center Information Disclosure Vulnerability in Project Enumeration Arbitrary File Read Vulnerability in Jira Server and Jira Data Center Unrestricted LogViewer Endpoint Access in Umbraco Cross-Site Scripting (XSS) Vulnerability in SmartyStreets liveAddressPlugin.js 3.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Papermerge before 1.5.2 Privilege Elevation Vulnerability in OPC UA .NET Standard Stack 1.4.363.107 CSRF Vulnerability in Textpattern CMS 4.6.2 via Prefs Subsystem Vulnerability in Oracle Enterprise Manager's Application Performance Management: Unauthorized Access and Data Compromise Cross-Site Scripting (XSS) Vulnerability in WonderCMS 3.1.3 Menu Component Vulnerability in Oracle PeopleSoft Enterprise HCM Absence Management 9.2 Allows Unauthorized Data Manipulation Cross-Site Scripting (XSS) Vulnerability in OpenCart 3.0.3.6 Mail Subject Field Cross-Site Scripting (XSS) Vulnerability in OpenCart 3.0.3.6 Profile Image Upload SQL Injection Vulnerability in EGavilan Media Under Construction Page with cPanel 1.0 SQL Injection Vulnerability in EGM Address Book 1.0 Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in nopCommerce Store 4.30's Schedule Tasks Name Field Cross-Site Scripting (XSS) Vulnerability in Invision Community 4.5.4 Field Name Field Default Configuration Denial of Service Vulnerability in CA Service Catalog 17.2 and 17.3 Setup Utility Unprivileged Guests Can Gain Unauthorized Access to Xenstore Root Node Xenstore Watch Event Disclosure Vulnerability Xenstore Access Rights Inheritance Vulnerability Vulnerability: Pathname Limit Bypass in Xen's oxenstored Xen Vulnerability: Denial of Service and Zombie Domain via Xenstore Protocol Violation Denial of Service Vulnerability in Xenstore Watch Registration Unbounded Memory Usage and DoS Vulnerability in Xen's Ocaml Xenstored Implementation Denial of Service Vulnerability in Xen's oxenstored Denial of Service Vulnerability in Xen XAPI Plain-text Password Storage Vulnerability in Dell EMC Unity, Unity XT, and UnityVSA Versions Prior to 5.0.4.0.5.012 Oracle Coherence Unauthenticated Read Access Vulnerability Denial of Service Vulnerability in Dell EMC Unity NAS Servers with NFS Exports Insecure Default Configuration Vulnerability in Dell Wyse ThinOS: Potential Compromise of Thin Clients Insecure Default Configuration Vulnerability in Dell Wyse ThinOS 8.6 and Prior Versions Critical SQL Injection Vulnerability in DELL EMC Avamar Server Fitness Analyzer Dell EMC Avamar Server Path Traversal Vulnerability Critical OS Command Injection Vulnerability in DELL EMC Avamar Server Fitness Analyzer Stored Cross-Site Scripting Vulnerability in Dell Wyse Management Suite Stored Cross-Site Scripting Vulnerability in Dell Wyse Management Suite Open Redirect Vulnerability in Dell Wyse Management Suite OS Command Injection Vulnerability in Dell EMC PowerStore X Environment Oracle Business Intelligence Enterprise Edition Remote Code Execution Vulnerability Dell EMC PowerStore Plain-Text Password Storage Vulnerability Dell EMC PowerStore Plain-Text Password Storage Vulnerability Dell EMC PowerStore Plain-Text Password Storage Vulnerability Dell EMC PowerStore Local File Permission Vulnerability Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Missing Required Cryptographic Step Vulnerability Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Key Management Error Vulnerability Observable Timing Discrepancy Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Improper Input Validation Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Improper Input Validation Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Inconsistent Attribute Namespace Prefix Handling in Go's encoding/xml Package Vulnerability in Oracle VM VirtualBox Allows Unauthorized Denial of Service Attacks Inconsistent Directive Handling in Go's encoding/xml Package Inconsistent Namespace Handling in Go's encoding/xml Package Oracle HTTP Server Unauthenticated Access Vulnerability Directory Traversal Vulnerability in HashiCorp go-slug up to 0.4.3 Oracle Retail Customer Management and Segmentation Foundation Takeover Vulnerability Unshare_fd() Optimization Vulnerability in Linux Kernel Stored XSS Vulnerability in Archer before 6.8 P4 (6.8.0.4) Path Exposure Vulnerability in Archer before 6.8 P2 (6.8.0.2) Open Redirect Vulnerability in Archer before 6.8 P2 (6.8.0.2) Allows for Phishing Attacks and Credential Theft Improper Access Control Vulnerability in Archer API Cross-Site Scripting (XSS) Vulnerability in Systran Pure Neural Server before 9.7.0 Vulnerability in Oracle PeopleSoft Enterprise HRMS: Unauthorized Data Access and Manipulation Denial-of-Service Proxy Vulnerability in Systran Pure Neural Server API Vulnerability: Cleartext Command Injection in Encrypted User Sessions Vulnerability: Command Injection via POP3 STLS Vulnerability in Oracle FLEXCUBE Core Banking: Unauthorized Data Access and Partial Denial of Service Cleartext Storage of Integration User Account Password in URVE Build 24.03.2020 Remote System Shutdown Vulnerability in URVE Build 24.03.2020 Remote Code Execution via Powershell Command Injection in URVE Build 24.03.2020 CSRF Vulnerability in Grav CMS Scheduler Allows Remote Command Execution Arbitrary File Deletion Vulnerability in Grav CMS BackupDelete Functionality Arbitrary File Read Vulnerability in Grav CMS Backup Functionality Pre-Authentication Remote Code Execution via Buffer Overflow in D-Link DIR-825 R1 Devices Oracle Human Resources Product Hierarchy Diagrammers Vulnerability Unintended Reservation Acquisition in SonicBOOM riscv-boom 3.0.0 Denial of Service Vulnerability in glibc's iconv Function Western Digital My Cloud OS 5 Unauthenticated Access Vulnerability Blank Password Vulnerability in Consul Docker Images OpenStack Horizon Open Redirect Vulnerability Xen x86 HVM Guest DoS Vulnerability Denial of Service (DoS) Vulnerability Caused by Self-Interrupts in Xen 4.14.x Vulnerability: Denial of Service (DoS) via Watch Event Queue Overflow Kernel Pointer Reuse Vulnerability in Linux blkback Xen Vulnerability: Reversed Control Block Mapping Leading to DoS Attack NULL pointer dereference vulnerability in Xen FIFO event channels on Arm systems XSS Vulnerability in MISP 2.4.135 via authkey Comment Field Stack-based Buffer Overflow in printf Family Functions in glibc SQL Injection Vulnerability in Cyberoam OS WebAdmin Blank Password Vulnerability in Official Elixir Docker Images Blank Password Vulnerability in Official Eggdrop Docker Images Root Access Vulnerability in Official ZNC Docker Images Root Access Vulnerability in Piwik Docker Images Blank Password Vulnerability in Express Gateway Docker Images Vulnerability in Oracle VM VirtualBox Allows Takeover Root Access Vulnerability in Official Storm Docker Images Blank Password Vulnerability in Official Spiped Docker Images Insecure Permissions in JetBrains Kotlin API for Temporary File and Folder Creation Undocumented Account with Unchangeable Password in Zyxel USG Firmware v4.60 DOM XSS vulnerability in SimplCommerce 1.0.0-rc due to unsanitized user input in Bootbox.js library Vulnerability in Oracle VM VirtualBox Allows Unauthorized Denial of Service Attacks Blank Password Vulnerability in Official Docker Registry Images Broken Access Control in Orchard's TinyMCE HTML Editor File Upload Cross-Site Scripting (XSS) Vulnerability in Orchard's Media Settings Allowed File Types Field SAML Login Mishandling in Rocket.Chat User Mode Write AV Vulnerability in ACDSee Photo Studio Professional 2021 Denial of Service Vulnerability in MiniWeb HTTP Server 0.8.19 Insecure File Upload Vulnerability in IncomCMS 2.0 Command Injection Vulnerability in ImageMagick's PDF Authentication Improper Input Validation in AWStats through 7.7 Allows Absolute Path Traversal Root Access Vulnerability in Official Notary Docker Images Root Access Vulnerability in Official irssi Docker Images Information Disclosure Vulnerability in MantisBT's manage_proj_edit_page.php Unauthenticated User Can Clone Private Issues in MantisBT Insufficient Access-Level Checks Allow Unauthorized Access to Private Issue Summaries in MantisBT File Upload Restriction Bypass Vulnerability in Pluck CMS Allows Remote Code Execution Memory Leak Vulnerability Patched in Multiple Apple Operating Systems Critical Vulnerability in Oracle Enterprise Manager Base Platform: Remote Takeover Exploit Vulnerability: Out-of-bounds read in audio file processing leading to memory disclosure Arbitrary Code Execution via Maliciously Crafted Image Vulnerability: Out-of-Bounds Write Exploit Allows Arbitrary Code Execution Improper Domain Display in Enterprise Application Installation Prompt Heap Corruption Vulnerability Fixed in macOS Big Sur 11.2 and Other Updates Vulnerability: Out-of-Bounds Read in Image Processing Leading to Denial of Service Memory Corruption Vulnerability in Image Processing Heap Corruption Vulnerability Fixed in Multiple Apple Operating Systems Vulnerability: Out-of-bounds read leading to arbitrary code execution in multiple Apple platforms Heap Corruption Vulnerability Fixed in Multiple Apple Operating Systems Privilege Escalation Vulnerability in macOS Vulnerability: Privacy Preferences Bypass in macOS Race Condition Vulnerability in NFS Network Share Mounting Incomplete Data Deletion: History Not Cleared Despite 'Clear History and Website Data' Function Font File Memory Corruption Vulnerability Arbitrary Code Execution Vulnerability in macOS Image Processing Improper Input Validation Leads to Out-of-Bounds Read Vulnerability in macOS Big Sur 11.0.1 Oracle WebLogic Server Remote Code Execution Vulnerability Authentication Bypass Vulnerability in macOS Font Processing Vulnerability in iOS 14.0 and iPadOS 14.0 Allows Memory Disclosure Oracle Financial Services Data Foundation User Interface Unauthorized Data Access Vulnerability Denial of Service Vulnerability in py.path.svnwc Component Denial of Service Vulnerability in golang.org/x/crypto/ssh Component Arbitrary HTML Injection in Froxlor through 0.10.22 DLL Hijacking Vulnerability in Western Digital Dashboard before 3.2.2.9 Allows Compromise of SYSTEM Account Text Injection Vulnerability in RT-AC88U Download Master before 3.1.0.108 Information Disclosure Vulnerability in RT-AC88U Download Master Out-of-Bounds Read Vulnerability in JerryScript 2.3.0's main-utils.c Insecure SSL Configuration in Zoho ManageEngine Application Control Plus: A Gateway to Privilege Escalation Buffer Overflow Vulnerability in Flexense DupScout Enterprise 10.0.18 Web Server Oracle WebLogic Server Console Unauthenticated Remote Code Execution Vulnerability Locking Inconsistency Vulnerability in Linux Kernel's TTY Subsystem Allows Read-After-Free Attack (CID-c8bcd9c5be24) Use-After-Free Vulnerability in Linux Kernel's TTY Subsystem (CID-54ffccbf053b) Unauthenticated Exposure of Catalog's Registry API in Harbor 2.0.x and 2.1.x Automatic Renewal of Revoked Certificates in Icinga 2 Command Injection Vulnerability in DJI Mavic 2 Remote Controller Firmware Upgrade Directory-Listing Vulnerability in Lan ATMService M3 ATM Monitoring System 6.1.0 Allows Remote Access to Log Files Containing Sensitive Cookie Values Insufficient Session Expiration in Lan ATMService M3 ATM Monitoring System 6.1.0 Arbitrary String Cookie Value Vulnerability in Sympa before 6.2.59b.2 Vulnerability: Guest User Password Reset Exploit Leading to Administrator Account Takeover and System Compromise Oracle WebLogic Server Unauthenticated Network Access Vulnerability Vulnerability in Java VM component of Oracle Database Server: Privilege Escalation and Takeover Data Pump Component Vulnerability in Oracle Database Server Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Vulnerability in Oracle Application Express component of Oracle Database Server (CVE-2020-2950) Oracle Database - Enterprise Edition Privilege Escalation Vulnerability Oracle Berkeley DB Data Store Vulnerability Vulnerability in Oracle Enterprise Manager Base Platform: Unauthorized Access and Data Compromise Oracle Data Masking and Subsetting Product Vulnerability: Unauthorized Access and Data Compromise Oracle Configuration Manager Product Vulnerability: Unauthorized Access and Data Compromise Vulnerability in Cisco Video Surveillance 8000 Series IP Cameras Allows Remote Code Execution or Denial of Service Cisco IP Phone Remote Code Execution Vulnerability Privilege Escalation Vulnerability in Cisco Data Center Network Manager (DCNM) REST API Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager (DCNM) Web Interface Cross-Site Request Forgery Vulnerability in Cisco Data Center Network Manager Privilege Escalation Vulnerability in Cisco SD-WAN Solution vManage Software Cisco Webex Vulnerability: Denial of Service (DoS) via Malicious UCF Files HTTP Header Injection Vulnerability in Cisco AsyncOS for Cisco Web Security Appliance and Content Security Management Appliance Cisco Discovery Protocol Remote Code Execution Vulnerability Title: Cisco NX-OS Software Vulnerability: Remote Code Execution via Cisco Discovery Protocol Denial of Service Vulnerability in Cisco Discovery Protocol Implementation Cross-Site Scripting (XSS) Vulnerability in Cisco Small Business Smart and Managed Switches Web Interface Out-of-Bounds Read Vulnerability in ClamAV DLP Module Cross-Site Request Forgery Vulnerability in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Kerberos Authentication Bypass Vulnerability in Cisco ASA Software Security Bypass Vulnerability in Cisco Webex Meetings Multimedia Viewer Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Stored Cross-Site Scripting (XSS) Vulnerability in Cisco Unity Connection Software Cisco Unity Connection Web Management Interface File Overwrite Vulnerability Denial of Service Vulnerability in Cisco Webex Teams Client for Windows Denial of Service Vulnerability in Cisco Email Security Appliance Bypassing Content Filters in Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance Cisco Unified Communications Manager (UCM) Web Management Interface Cross-Site Request Forgery (CSRF) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Jabber Guest Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Email Security Appliance (ESA) Web Interface Insufficient Signature Validation in Cisco Enterprise NFV Infrastructure Software (NFVIS) Upgrade Component Vulnerability: Bypass of IP Table Rules in Cisco APIC OOB Management Interface Cisco Prime License Manager (PLM) Software Web Management Interface Unauthorized Access Vulnerability Privilege Escalation Vulnerabilities in Cisco IOS XE Software Unauthenticated Remote Attendee Join Vulnerability in Cisco Webex Meetings Suite and Cisco Webex Meetings Online Directory Traversal Vulnerability in Cisco TelePresence Collaboration Endpoint Software Authentication Bypass Vulnerability in Cisco RV Series Routers Arbitrary Code Execution Vulnerabilities in Cisco RV Series Routers Arbitrary Code Execution Vulnerabilities in Cisco RV Series Routers Cisco Small Business Switches Web UI Denial of Service Vulnerability Cross-Site Request Forgery Vulnerability in Cisco Prime Network Registrar Stored XSS Vulnerability in Cisco Identity Services Engine (ISE) Software Unauthorized Access to Sensitive Information in Cisco Small Business RV110W and RV215W Series Routers Vulnerability: Bypassing CLI Restrictions in Cisco CMX Privilege Escalation Vulnerability in Cisco Connected Mobile Experiences (CMX) Privilege Escalation via File Copy Vulnerability in Cisco AnyConnect Secure Mobility Client Installer SQL Injection Vulnerability in Cisco Cloud Web Security (CWS) Web UI Vulnerability: SSL Implementation Flaw in Cisco Intelligent Proximity Solution Cross-Site Scripting Vulnerability in Cisco Identity Services Engine Logging Component Cisco Identity Services Engine (ISE) Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability Unauthenticated Remote Access Vulnerability in Cisco Smart Software Manager On-Prem HA Service Cross-Site Scripting (XSS) Vulnerability in Cisco Finesse Web-Based Management Interface Cisco Meeting Server Software XMPP Denial of Service Vulnerability Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability Denial of Service Vulnerability in Cisco IoT Field Network Director's CoAP Implementation Cisco Unified Contact Center Enterprise Live Data Server Denial of Service Vulnerability High CPU Usage Denial of Service Vulnerability in Cisco AsyncOS for Email Security, Web Security, and Content Security Management Appliances BGP MD5 Authentication Bypass Vulnerability in Cisco NX-OS Software Arbitrary File Read/Write Vulnerability in Cisco FXOS Software CLI Arbitrary Command Execution Vulnerability in Cisco FXOS and UCS Manager Software Denial of Service Vulnerability in Cisco Nexus 1000V Switch for VMware vSphere Privilege Escalation Vulnerability in Cisco FXOS Software Cisco NX-OS Software NX-API Denial of Service Vulnerability Arbitrary Command Execution Vulnerability in Cisco FXOS and UCS Manager Software Cisco Discovery Protocol Remote Code Execution and DoS Vulnerability Arbitrary Command Execution Vulnerability in Cisco UCS Manager Software Cisco NX-OS Software Anycast Gateway Vulnerability Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches Resource Handling DoS Vulnerability Vulnerability: Remote Command Execution in Cisco Remote PHY Device Software Directory Traversal Vulnerability in Cisco Unified Communications Manager TAPS Interface Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) Web-Based GUI Open Redirect Vulnerability Cisco Firepower Threat Defense (FTD) Software GRE Tunnel Decapsulation DoS Vulnerability Default, Static Root Password Vulnerability in Cisco SD-WAN Solution Software Resource Exhaustion Vulnerability in Cisco Advanced Malware Protection (AMP) for Cisco Email Security Appliances Information Disclosure Vulnerability in Cisco Webex Meetings Client for MacOS SQL Injection Vulnerability in Cisco Prime Collaboration Provisioning Software Cross-Site Scripting (XSS) Vulnerability in Cisco TelePresence Management Suite (TMS) Web Interface Bypassing Management Access List Configuration Vulnerability in Cisco Firepower Threat Defense (FTD) Software Cisco ASA and FTD Web Services Directory Traversal Vulnerability Cisco Firepower Threat Defense (FTD) Software Remote Management Denial of Service Vulnerability Cisco Firepower Threat Defense (FTD) Software VPN System Logging Memory Leak Vulnerability Cisco IOS XR Software IPsec Packet Processor Denial of Service Vulnerability Denial of Service (DoS) Vulnerability in Cisco ASA and FTD Software for DNS over IPv6 Traffic Cross-Site Scripting (XSS) Vulnerability in Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability in Cisco Prime Collaboration Provisioning Arbitrary Code Execution Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Memory Leak Vulnerability in Cisco ASA and FTD Software via OSPF Packets Memory Exhaustion DoS Vulnerability in Cisco ASA and FTD Software Cisco Meetings App API Subsystem Vulnerability: Unauthorized Retention and Reuse of TURN Server Credentials Arbitrary Code Execution and System Crash Vulnerabilities in Cisco IOS Software for Industrial ISRs and CGR1000 Routers Cisco IOx Application Environment Multiple Vulnerabilities SSH Server Code Vulnerability in Cisco IOS and IOS XE Software: Remote Device Reload Exploit Tcl Interpreter Denial of Service Vulnerability in Cisco IOS Software and Cisco IOS XE Software Memory Leak DoS Vulnerability in Cisco Catalyst 9800 Series Wireless Controllers Arbitrary Code Execution Vulnerability in Cisco IOS Tcl Interpreter Vulnerability in Cisco IOS Software for Industrial ISRs and CGR1000: Arbitrary Command Execution IEEE 802.11w PMF Handling Vulnerability in Cisco Catalyst 9800 Series Wireless Controllers Command Injection Vulnerability in Cisco IOS XE Software Switches Vulnerability: Unauthorized Booting of Malicious Software on Cisco Industrial ISRs Unauthenticated Physical Attackers Can Install Malicious Software on Cisco IOS XE Devices Vulnerability: Arbitrary Command Execution in Cisco Industrial ISRs and CGR1000 Routers Arbitrary Command Execution Vulnerability in Cisco IOS XE Software Arbitrary Command Execution Vulnerability in Cisco IOS XE Software Privilege Escalation Vulnerability in Cisco IOS XE Software's ROMMON Privilege Escalation Vulnerability in Cisco IOS XE Software Root-level Privilege Escalation Vulnerability in Cisco IOS XE Software Unauthenticated Physical Attackers Can Bypass Authentication in Cisco IOS XE SD-WAN Software Cisco One Platform Kit (onePK) Topology Discovery Service Stack Overflow Vulnerability Arbitrary Code Execution with Root Privileges in Cisco IOS XE Software Arbitrary Command Execution Vulnerability in Cisco IOS XE Software Web UI Title: Unauthenticated Remote Attackers Can Disconnect IPsec VPN Sessions in Cisco IOS XE Software and Catalyst 9800-L Wireless Controllers Denial of Service Vulnerability in Cisco Catalyst 9800 Series Wireless Controllers Web UI Access Control Bypass Vulnerability in Cisco IOS XE Software Arbitrary File Read Vulnerability in Cisco IOS XE Software Web UI Command Injection Vulnerability in Cisco IOS XE Software Web UI Denial of Service (DoS) Vulnerabilities in Cisco IOS and IOS XE Software via Common Industrial Protocol (CIP) Traffic Processing Cisco IOS Software and Cisco IOS XE Software SIP Library Denial of Service Vulnerability Authorization Bypass Vulnerability in Cisco IOx Application Hosting Infrastructure Cisco SXP Protocol Denial of Service Vulnerability Vulnerability: Privilege Escalation in Cisco IOS XE Web Management Software IKEv2 SA-Init Packet Handling Vulnerability Unauthenticated Adjacent Attackers Can Forward Broadcast Traffic in Cisco Catalyst Switches Cisco ASR 920 Series Aggregation Services Router SNMP Reload Vulnerability Stored XSS Vulnerability in Cisco IOx Application Framework's Local Manager Interface Vulnerability in Virtual Console Authentication of Cisco IOS Software for Industrial ISRs and CGR1000 Routers Denial of Service Vulnerability in Cisco Catalyst 4500 Series Switches SNMP Subsystem Root Shell Access Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Arbitrary File Overwrite Vulnerability in Cisco Application Framework Arbitrary File Modification Vulnerability in Cisco IOx Application Framework Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Path Traversal Vulnerability in Cisco UCS Director Orchestration Tasks Confidential Information Disclosure Vulnerability in Cisco UCS Director REST API Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Bypassing Traffic Classification Rules in Cisco ASR 5000 Series Aggregation Services Routers Arbitrary User Account Creation Vulnerability in Cisco Smart Software Manager On-Prem CRLF Injection Vulnerability in Cisco Umbrella Web Server Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Authentication Bypass and Directory Traversal Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data Root Access Exploit in Cisco Firepower Threat Defense (FTD) Software Support Tunnel Feature Multiple Denial of Service (DoS) Vulnerabilities in Cisco ASA and FTD Software via MGCP Inspection Denial of Service Vulnerability in Cisco Firepower Threat Defense (FTD) Software Cisco HCM-F Software: XML External Entity (XXE) Vulnerability Allows Unauthorized Information Disclosure Cisco IOx Application Environment Multiple Vulnerabilities Arbitrary Code Execution and System Crash Vulnerabilities in Cisco IOS Software for Industrial ISRs and CGR1000 Routers Cisco ASA and FTD Software Web Services Interface Memory Disclosure Vulnerability Cisco Aironet Series Access Points Software Denial of Service Vulnerability Cisco Mobility Express Software: Cross-Site Request Forgery Vulnerability Cisco Wireless LAN Controller (WLC) Software CAPWAP Protocol Handler Denial of Service Vulnerability Remote Code Execution Vulnerability in Cisco Webex Meetings Desktop App Buffer Overflow Vulnerability in Cisco SD-WAN Solution Software Privilege Escalation Vulnerability in Cisco SD-WAN Solution Software Arbitrary Command Injection Vulnerability in Cisco SD-WAN Solution CLI Insufficient Authorization Enforcement in Cisco Unified CCX API Subsystem Allows Unauthorized Agent State Manipulation Arbitrary Command Execution Vulnerabilities in Cisco RV Series Routers Arbitrary Command Execution Vulnerabilities in Cisco RV Series Routers Cisco Prime Network Registrar DHCP Server Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Wireless LAN Controller Software Arbitrary Command Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Command Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Command Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Command Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Command Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Command Execution Vulnerabilities in Cisco Small Business Routers Insecure Deserialization Vulnerability in Cisco Unified Contact Center Express Cisco DNA Center Audit Logging Vulnerability: Unauthorized Access to Sensitive Information Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager and Unity Connection Cisco Firepower Threat Defense (FTD) Software Denial of Service Vulnerability Vulnerability in Cisco IOS XR PXE Boot Loader Allows Execution of Unsigned Code Bypassing TLS 1.3 Policy in Cisco Firepower Threat Defense Software Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Arbitrary Code Execution Vulnerabilities in Cisco Small Business Routers Weak Entropy Generation in Cisco Small Business Smart and Managed Switches Allows Unauthorized Access OSPF Implementation Denial of Service Vulnerability in Cisco ASA and FTD Software Vulnerability: Bypassing File Policy for HTTP in Cisco Products High-privileged Account Access Vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software File System Overwrite Vulnerability in Cisco Firepower Management Center (FMC) Software IKEv1 Denial of Service Vulnerability in Cisco ASA and FTD Software Denial of Service Vulnerability in Cisco ASA and FTD Software Web Interface BGP Module Denial of Service Vulnerability in Cisco ASA and FTD Software Denial of Service Vulnerability in Cisco ASA and FTD Software's DHCP Module Arbitrary Log File Entry Write Vulnerability in Cisco Firepower Management Center (FMC) Software Vulnerability: Image Signature Verification Bypass in Cisco Firepower Threat Defense (FTD) Software Arbitrary File Overwrite Vulnerability in Cisco Firepower Device Manager (FDM) On-Box Software XML Parser Code Vulnerability in Cisco Firepower Device Manager On-Box Software Cisco Firepower Management Center (FMC) Software: Unauthenticated Remote Redirect Vulnerability Unauthorized Read Access Vulnerability in Cisco Firepower Threat Defense (FTD) Software Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability in Cisco AMP for Endpoints Mac Connector Software Vulnerability: Bypassing File Policies in Cisco Products via Snort Detection Engine Cisco Firepower Threat Defense (FTD) Software SSL Inspection Component Denial of Service Vulnerability High-privileged Account Access Vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software Denial of Service Vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows Cross-Site Scripting (XSS) Vulnerability in Cisco Firepower Management Center Web Interface Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows Denial of Service Vulnerability Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in Cisco Small Business RV Series Routers Heap Buffer Overflow in ClamAV ARJ Archive Parsing Module Role-Based Access Control Vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, UCS Director, and UCS Director Express for Big Data Allows Remote User Account Disabling Default and Static Password Vulnerability in Cisco Small Business RV110W Wireless-N VPN Firewall Routers Arbitrary Code Execution Vulnerability in Cisco RV110W and RV215W Routers Arbitrary Command Injection Vulnerability in Cisco Small Business RV Series Routers Insufficient Authentication in Cisco Application Services Engine Software Allows Unauthorized Policy Updates ARP Packet Processing Vulnerability in Cisco ASA and FTD Software for Firepower 2100 Series Appliances Local Authentication Bypass Vulnerability in Cisco Application Services Engine Software Vulnerability in Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software Allows Unauthorized Filesystem Modification and Privileged Access Cisco Umbrella Web Server Redirect Vulnerability Cisco NX-OS Software PIM6 Memory Leak Denial of Service Vulnerability SQL Injection Vulnerability in Cisco Prime Infrastructure Web Interface Cross-Site Scripting (XSS) Vulnerabilities in Cisco Identity Services Engine (ISE) Web Interface Stack Buffer Overflow in ClamAV PDF Archive Parsing Module Cisco Webex Meetings Desktop App for Mac Software Update Remote Code Execution Vulnerability Buffer Overflow Vulnerability in Cisco AMP for Endpoints Linux and Mac Connector Software Buffer Overflow Vulnerability in Cisco AMP for Endpoints Linux and Mac Connector Software Web Page Modification Vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server Cross-Site Scripting (XSS) Vulnerability in Cisco Unified Communications Manager Web UI Information Disclosure Vulnerability in Cisco Webex Meetings Desktop App for Windows Cross-Site Scripting (XSS) Vulnerabilities in Cisco Data Center Network Manager (DCNM) Web Interface Cross-Site Scripting (XSS) Vulnerabilities in Cisco Data Center Network Manager (DCNM) Web Interface Race Condition Vulnerability in Cisco AMP for Endpoints and Clam AntiVirus Allows Arbitrary File Deletion Cisco SD-WAN Solution Software Denial of Service Vulnerability Undocumented Configuration Commands Vulnerability in Cisco Firepower Threat Defense (FTD) Software Cisco Identity Services Engine (ISE) Syslog Processing Engine Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager (DCNM) Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager (DCNM) Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager (DCNM) Web Interface Arbitrary Code Execution and Denial of Service Vulnerability in Cisco Small Business RV Series Routers SSL VPN Vulnerability in Cisco Small Business RV VPN Routers Allows Remote DoS Attack Cisco Catalyst 9800 Series Wireless Controllers: mDNS Denial of Service Vulnerability Unauthenticated Remote Access Vulnerability in Cisco IP Phones Series 7800 and Series 8800 Authentication Token Handling Vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server Timing Issue in Cisco NSO CLI Allows Unauthorized Access to Configuration Information IPv6 Packet Processing Engine Denial of Service Vulnerability ACL Bypass Vulnerability in Cisco IOS XR Software Standby Route Processor Management Interface Directory Traversal Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Command Injection and Privilege Escalation in Cisco Secure Web Appliance Bypassing URL Reputation Filters in Cisco Email Security Appliance Cisco SD-WAN vEdge Routers: Denial of Service Vulnerability through Improper FTP Traffic Processing Cisco Content Security Management Appliance (SMA) URL Filtering Bypass Vulnerability Arbitrary Code Execution Vulnerability in Cisco Integrated Management Controller (IMC) Web UI Cisco SD-WAN vManage Software: Memory Exhaustion DoS Vulnerability Cisco ASA and FTD Software Memory Leak DoS Vulnerability Vulnerability in Cisco SD-WAN vManage Software Allows Unauthorized Access and System Manipulation Buffer Overflow Vulnerability in Cisco SD-WAN Solution Software Authentication Bypass Vulnerability in Cisco DCNM Device Manager Arbitrary Command Injection Vulnerability in Cisco Data Center Network Manager (DCNM) Device Manager Application SQL Injection Vulnerability in Cisco SD-WAN vManage Software Privilege Escalation Vulnerability in Cisco SD-WAN Solution Software Privilege Escalation Vulnerability in Cisco Data Center Network Manager (DCNM) CLI Directory Traversal Vulnerability in Cisco SD-WAN vManage Software Allows Unauthorized File Access and Modification Authentication Bypass Vulnerability in Cisco Data Center Network Manager (DCNM) Directory Traversal Vulnerability in Cisco DCNM Archive Utility Arbitrary Command Injection Vulnerability in Cisco Data Center Network Manager (DCNM) REST API Cisco SD-WAN vEdge Routers: Denial of Service Vulnerability in DPI Engine Authorization Bypass Vulnerability in Cisco Data Center Network Manager (DCNM) REST API Root Privilege Code Execution Vulnerability in Cisco SD-WAN vManage Software Arbitrary Command Injection Vulnerability in Cisco SD-WAN vManage Software Clear Text Password Retrieval Vulnerability in Cisco Hyperflex HX-Series Software Cisco Catalyst 9000 Family Wireless Controller Software SNMP Trap Generation DoS Vulnerability Insecure Storage of Credentials in Cisco DNA Center: A Clear Text Information Disclosure Vulnerability Unauthenticated Remote Information Disclosure Vulnerability in Cisco IoT Field Network Director (FND) API Privilege Escalation Vulnerability in Cisco IOS XE Software Privilege Escalation Vulnerability in Cisco Nexus Switches Vulnerability: Unauthorized File System Modification on Cisco IOS XE Software with Pluggable USB 3.0 SSD Cisco NX-OS Software BGP MVPN Update Message Denial of Service Vulnerability Cisco NX-OS Software BGP MVPN Update Message Parsing Vulnerability CAPWAP Protocol Processing Denial of Service Vulnerability Insufficient Authorization in Cisco IOS XE Software Web UI Path Traversal Vulnerability in Cisco SD-WAN vManage Software Allows Unauthorized File Access Unauthenticated Remote Access to Sensitive Information in Cisco Unified Customer Voice Portal (CVP) Command Injection Vulnerability in Cisco IOS XE Software Title: Cisco IOS XE Software Vulnerability: Unauthorized Shell Access with Root Privileges XML External Entity (XXE) Vulnerability in Cisco SD-WAN vManage Software Allows Unauthorized Access and Manipulation of System Data Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software Cisco IOS XE Software ACL Processing Vulnerability Denial of Service Vulnerability in Cisco IOS and IOS XE Split DNS Feature PROFINET Denial of Service Vulnerability Vulnerability: CAC Authentication Bypass in Cisco Firepower Management Center Software Cisco DNA Center Software Vulnerability: Unauthorized Access to Sensitive Information Unauthorized Creation of Scheduled Meeting Templates in Cisco Webex Meetings Insufficient Authorization Enforcement in Cisco Webex Meetings Allows Unauthorized Deletion of Scheduled Meeting Templates Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability Vulnerability in Cisco NX-OS Software Allows Arbitrary Code Execution and DoS Vulnerability in Initialization Routines of Cisco ASR 900 Series Routers with RSP3 Persistent Code Execution Vulnerability in Cisco IOS XE Software Incomplete Access Control List (ACL) in Cisco Catalyst 9800 Series Routers Allows Pre-RUN State ICMPv6 Traffic Unauthenticated Remote Attackers Can Secretly Join Webex Meetings Without Detection Zone-Based Firewall Denial of Service Vulnerabilities Cisco IOS XE Software IP SLA Responder Denial of Service Vulnerability Buffer Overflow Vulnerability in Cisco IOS XE Software's Integrated Lua Interpreter Privilege Escalation Vulnerabilities in Cisco IOS XE Software Vulnerability in LPWA Subsystem of Cisco IOS Software for Industrial ISRs and CGR1000 Routers Arbitrary File Write Vulnerability in Windows Logon Installer Denial of Service Vulnerability in Cisco Catalyst 9000 WLAN Local Profiling Feature Denial of Service Vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Arbitrary Command Execution Vulnerability in Cisco Jabber for Windows DLL Hijacking Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Local Privilege Escalation Vulnerability in Cisco AnyConnect Secure Mobility Client for Windows Arbitrary File Upload Vulnerability in Cisco ASA and FTD Software Arbitrary File Read Vulnerability in Cisco SD-WAN vManage Software Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager (DCNM) Software Arbitrary File Overwrite Vulnerability in Cisco Webex Meetings Desktop App for Windows Unauthenticated Remote Attackers Can Access Sensitive Participant Information in Cisco Webex Meetings Insecure Transmission of DNG Authentication Tokens during SSH Relay Privilege Escalation Vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) Packet Filtering Bypass Vulnerability in Cisco SD-WAN Software Default, Static Password Vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS) Excessive Verbosity Vulnerability in Cisco AsyncOS for Email and Content Security Appliances Unauthenticated Remote Access Vulnerability in Cisco Cyber Vision Center Software Cisco IOS XR Software BGP Additional Paths Denial of Service Vulnerability SQL Injection Vulnerability in Cisco Vision Dynamic Signage Director Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV340 Series Routers Directory Traversal Vulnerability in Cisco ASA and FTD Software Arbitrary Command Execution Vulnerabilities in Cisco Small Business RV340 Series Routers Arbitrary Command Execution Vulnerability in Cisco NX-OS Software's Call Home Feature Secure Boot Bypass Vulnerability in Cisco FXOS Software Cisco Firepower Chassis Manager (FCM) Cross-Site Request Forgery (CSRF) Vulnerability Arbitrary Command Injection Vulnerability in Cisco FXOS Software Vulnerability: Bypassing Secure Boot Mechanism in Cisco ASA and FTD Software Arbitrary Command Injection Vulnerability in Cisco FXOS Software Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager (DCNM) Web Interface Unauthenticated Remote Information Disclosure Vulnerability in Cisco Data Center Network Manager SQL Injection Vulnerability in Cisco Data Center Network Manager (DCNM) Web Interface Cross-Site Scripting (XSS) Vulnerability in Cisco Webex Meetings Web-Based Management Interface Cross-Site Scripting (XSS) Vulnerability in Cisco UCS Director Web-Based Management Interface Cisco IOS XE Software Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Cisco DNA Center Software Cisco Identity Services Engine (ISE) Web Management Interface Configuration Modification Vulnerability SQL Injection Vulnerability in Cisco SD-WAN vManage Software Arbitrary Code Execution with Root Privileges in Cisco IMC API Subsystem Audio Persistence Vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server Improper Access Restrictions in Cisco Webex Meetings Contacts Feature Privilege Escalation Vulnerability in Cisco IOS XR Software Cisco IOS XE Software Web Management Framework Vulnerabilities Cisco IOS XE Software Web Management Framework Vulnerabilities Arbitrary File Overwrite Vulnerability in Cisco IOS XE Software CLI Implementation Vulnerability: Unauthorized File Access in Cisco IOS and IOS XE CLI Parser File Overwrite Vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) Denial of Service (DoS) Vulnerability in Cisco IOS and IOS XE Software for MP-BGP EVPN Zone-Based Firewall Denial of Service Vulnerabilities Null Pointer Dereference Vulnerability in ClamAV EGG Archive Parsing Module Traversal Using Relays around NAT (TURN) Server Bypass Vulnerability Duo Network Gateway (DNG) SSL Certificate and Private Key Logging Vulnerability Information Disclosure Vulnerability in Cisco Vision Dynamic Signage Director RBAC Bypass Vulnerability in Cisco Vision Dynamic Signage Director Denial of Service (DoS) Vulnerabilities in Cisco Catalyst 9800 Series Wireless Controllers Denial of Service (DoS) Vulnerabilities in Cisco Catalyst 9800 Series Wireless Controllers Denial of Service (DoS) Vulnerabilities in Cisco Catalyst 9800 Series Wireless Controllers Denial of Service (DoS) Vulnerabilities in Cisco Catalyst 9800 Series Wireless Controllers Directory Traversal Vulnerability in Cisco Vision Dynamic Signage Director Cross-Site Scripting (XSS) Vulnerability in Cisco Vision Dynamic Signage Director Web Interface Denial of Service Vulnerability in Cisco Catalyst 9800 Series Wireless Controllers and Cisco Wireless LAN Controllers Denial of Service (DoS) Vulnerabilities in Cisco Catalyst 9800 Series Wireless Controllers Denial of Service (DoS) Vulnerabilities in Cisco Catalyst 9800 Series Wireless Controllers Arbitrary Code Execution Vulnerability in Cisco Jabber for Windows IPv6 Packet Processing Engine Denial of Service Vulnerability Denial of Service (DoS) Vulnerabilities in Cisco Catalyst 9800 Series Wireless Controllers Title: Cisco Jabber Software Vulnerability Enables Unauthorized Access to Sensitive Information Cisco Firepower Management Center (FMC) Software Denial of Service Vulnerability IPv6 Implementation Denial of Service Vulnerability in Cisco StarOS Information Disclosure Vulnerabilities in Cisco Webex Meetings Desktop App SQL Injection Vulnerability in Events Manager WordPress Plugin Information Disclosure Vulnerabilities in Cisco Webex Meetings Desktop App Insufficient File System Permissions in Cisco IOS XE Software: Unauthorized Access to Critical Configuration and System Files Cross-Site Scripting Vulnerability in Events Manager WordPress Plugin Local Management CLI Denial of Service Vulnerability in Cisco UCS Manager Software Cisco Video Surveillance 8000 Series IP Cameras Memory Leak DoS Vulnerability Vulnerabilities in Cisco Video Surveillance 8000 Series IP Cameras: Remote Code Execution and Denial of Service Cisco Video Surveillance 8000 Series IP Cameras Remote Code Execution and Denial of Service Vulnerabilities Denial of Service Vulnerability in Cisco ASR 1000 Series Routers Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Message Handler Denial of Service Vulnerability Denial of Service Vulnerability in Cisco Catalyst 9200 Series Switches ISDN Subsystem Denial of Service Vulnerability Proxy Bypass Vulnerability in Firefox, Thunderbird, and Firefox ESR File Extension Spoofing Vulnerability in Firefox and Thunderbird Memory Corruption Vulnerabilities in Firefox 83 and Firefox ESR 78.5 Memory Corruption Vulnerabilities in Firefox 83: Potential Arbitrary Code Execution PROFINET LLDP Message Handler Denial of Service Vulnerability Arbitrary JavaScript Execution in Keysight Database Connector Plugin for Confluence Access Control Bypass in Keysight Database Connector Plugin for Confluence XXE Vulnerability in Zimbra Collaboration Suite Network Edition Cross-Site Scripting (XSS) Vulnerability in Mautic Assets Component Cross-Site Scripting (XSS) Vulnerability in Mautic Forms Component (CVE-2020-35124) Persistent XSS Vulnerability in Typesetter CMS 5.x through 5.1 via Admin/Configuration URI Stored XSS Vulnerability in Ignite Realtime Openfire 4.6.0's create-bookmark.jsp Plugin Stored XSS vulnerability in Mautic before 3.2.4 allows privilege escalation and user manipulation Stored XSS Vulnerability in Mautic before 3.2.4 Allows Attackers to Gain Administrative Privileges Vulnerability in Initialization Routines of Cisco ASR 900 Series Routers with RSP3 Remote Command Execution Vulnerability in Cockpit before 0.6.1 via registerCriteriaFunction in lib/MongoLite/Database.php Stored Cross-Site Scripting (XSS) Vulnerability in phpLDAPadmin before 1.2.6.2 Out-of-Bounds Writing Vulnerability in IrfanView 4.56 Ultimate Category Excluder Plugin CSRF Vulnerability Authenticated Remote Code Execution in Dolibarr 12.0.3 via Manipulated Backup Filename Hardcoded API Key Vulnerability in MobileIron Agents Hardcoded Encryption Key Vulnerability in MobileIron Agents Faucet SDN Ryu 4.34 Denial of Service Vulnerability Root Privilege Escalation Vulnerability in Cisco Firepower Threat Defense (FTD) Software Denial of Service Vulnerability in Faucet SDN Ryu 4.34 DLL Hijacking Vulnerability in Acronis True Image for Windows: Untrusted Search Path Issue Prototype Pollution Vulnerability in mquery before 3.2.3 Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Time-Based SQL Injection Vulnerability in Online Marriage Registration System 1.0 Privilege Escalation in Cloudflare WARP for Windows: Unquoted Service Path Vulnerability Cisco IOS XE Software Web Server Authentication Crash Vulnerability Insufficient Random Values Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Observable Timing Discrepancy Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Observable Timing Discrepancy Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Observable Timing Discrepancy Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Observable Timing Discrepancy Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Improper Input Validation Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Cisco Fabric Services Component Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Dell EMC Unisphere for PowerMax and PowerMax OS Unrestricted Intent Control in Amaze File Manager Android App Improper HTTP Method Validation in Frappe Framework 12 and 13 Improper Input Validation in AWStats through 7.8 Allows Path Traversal LDAP User Enumeration Vulnerability in HashiCorp Vault Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager (DCNM) Software Vulnerability: Root Access with Blank Password in Official Composer Docker Images Blank Password Vulnerability in Official Ghost Docker Images Blank Password Vulnerability in Official Adminer Docker Images Blank Password Vulnerability in Official Telegraf Docker Images Root Access Vulnerability in Official Kong Docker Images Path Traversal Vulnerability in Cisco DCNM Software API Root Access Vulnerability in Official Plone Docker Images Vulnerability: Blank Password for Root User in Drupal Docker Images Vulnerability: Root Access via Blank Password in Official Vault Docker Images Blank Password Vulnerability in Official SonarQube Docker Images Blank Password Vulnerability in Official HAProxy Docker Images Blank Password Vulnerability in RabbitMQ Docker Images Root Access Vulnerability in Official Memcached Docker Images Integer Overflow in Memory Allocator Leads to Memory Corruption in Wind River VxWorks 7 Stored XSS Vulnerability in Ignite Realtime Openfire 4.6.0 create-bookmark.jsp Confidential Information Disclosure Vulnerability in Cisco Data Center Network Manager (DCNM) Software Reflective XSS Vulnerability in Ignite Realtime Openfire 4.6.0's spark-form.jsp Stored XSS Vulnerability in Ignite Realtime Openfire 4.6.0 create-bookmark.jsp Stored XSS Vulnerability in Ignite Realtime Openfire 4.6.0's db-access.jsp Plugin Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200: Injection via initFile.jsp Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Outdated Quest Policy Authority: Server Side Request Forgery (SSRF) Vulnerability Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Bypassing PIN Authentication in LogMein LastPass Password Manager for iOS Bypassing Password Authentication in LogMein LastPass Password Manager for iOS Unauthorized Node Joining Vulnerability in Atomix v3.1.5 Directory Traversal Vulnerability in Cisco DCNM Software API Atomix v3.1.5 Vulnerability: Denial of Service (DoS) via Raft Session Flooding Attack Unauthorized Node Takeover Vulnerability in Atomix v3.1.5 Denial of Service (DoS) Vulnerability in Atomix v3.1.5 via False Link Event Messages Vulnerability: Malicious Atomix Node Can Remove ONOS Storage States Sensitive Information Disclosure in Atomix v3.1.5 via Malicious Atomix Node Queries Atomix v3.1.5 Denial of Service (DoS) Vulnerability via False Member Down Event Messages CSRF Vulnerability in Vert.x-Web Framework v4.0 Milestone 1-4 Unauthenticated Access to Admin Interface in ASUS DSL-N17U Modem Firmware 1.1.0.2 Authorization Bypass Vulnerability in Cisco Data Center Network Manager Software Insecure Hashing Algorithm in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Devices Allows Password Inference and Collisions CSRF Protection Bypass in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Web Administration Panel Buffer Overflow Vulnerability in NSDP Protocol Authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Devices Allows Remote Reboot Denial of Service Vulnerability in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Devices Unauthenticated Modification of Switch DHCP Configuration in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Devices Buffer Overflow Vulnerability in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43: Injection of IP Addresses via Whitelist Arbitrary Web Script Injection Vulnerability in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Administration Web Panel Authentication Token Reuse Vulnerability in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Devices Cross-Site Scripting (XSS) Vulnerability in Cisco Data Center Network Manager (DCNM) Software Integer Overflow Vulnerabilities in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Web Administration Panel Authentication Bypass Vulnerability in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 Devices Denial of Service Vulnerability in NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 TFTP Server Easy WP SMTP Plugin Account Takeover Vulnerability Remote Code Execution in elFinder Plugin for Unsupported WordPress Versions Incorrect Access Control in GitLab Webhook Handler Allows Unauthorized Project Deletion CSRF Bypass Vulnerability in CakePHP CsrfProtectionMiddleware Chain of Trust Break Vulnerability in Cisco IOS XE ROM Monitor Software Cross-Site Scripting (XSS) Vulnerability in FluxBB 1.5.11 Blog Content Component Cross-Site Scripting (XSS) Vulnerability in FlatPress 1.0.3 Blog Content Component SQL Injection Vulnerability in FlamingoIM's UserManager::updateUserTeamInfoInDbAndMemory SQL Injection Vulnerability in FlamingoIM's UserManager::updateUserInfoInDb SQL Injection Vulnerability in FlamingoIM's UserManager::addGroup SQL Injection Vulnerability in FlamingoIM's UserManager::addUser Arbitrary Code Execution via XSS Vulnerability in ElkarBackup 1.3.3 XSS Vulnerability in User Registration & Login System with Admin Panel 1.0 via 'Full Name' Parameter Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers: COPS Engine Remote Crash Vulnerability XSS Vulnerability in Multi Restaurant Table Reservation System 1.0 via Restaurant Name Field Cross Site Scripting (XSS) Vulnerability in Digisol DG-HR3400 via NTP Server Name and URL Filter Keyword SQL Injection Vulnerability in EgavilanMedia User Registration & Login System 1.0 Nagios Core 4.2.4 Vulnerability: Site-Wide Cross-Site Request Forgery (CSRF) in Host and Server Functions Critical Vulnerability in Cisco Catalyst 9200 Series Switches: Device Crash via Insufficient Packet Size Validation SQL Injection Vulnerability in Student Result Management System Cross-Site Scripting (XSS) Vulnerability in Employee Performance Evaluation System Cross-Site Scripting (XSS) Vulnerability in Employee Performance Evaluation System CSRF Vulnerability in EgavilanMedia User Registration & Login System with Admin Panel 1.0 Stored XSS Vulnerability in DotCMS Add Template with Admin Panel 20.11 Cross-Site Scripting (XSS) Vulnerability in CoasterCMS v5.8.18 Allows Cookie Theft and Malicious Redirection SQL Injection Vulnerability in EgavilanMedia ECM Address Book 1.0 OSPFv2 Implementation Denial of Service Vulnerability Directory Traversal Vulnerability in FlamingoIM SSL VPN Negotiation DoS Vulnerability in Cisco ASA and FTD Software Default Administrator Credentials in ThinkAdmin v6 Unauthorized Execution of CLI Command in Cisco IOS XR Software Cross-Site Scripting (XSS) Vulnerability in Gollum 5.0 to 5.1.2 via 'New Page' Filename Parameter Code Execution Vulnerability in CONQUEST DICOM Server (before 1.5.0) Cross-Site Scripting (XSS) Vulnerability in Bakeshop Online Ordering System - Admin Dashboard Categories Unauthenticated Remote Access to Cisco IoT Field Network Director (FND) Database Arbitrary Code Execution Vulnerability in WonderCMS 3.1.3 Arbitrary Code Execution via Theme/Plugin Installer in WonderCMS 3.1.3 SQL Injection vulnerability in WebsiteImagesMapper.xml in inxedu 2.0.6 via the id parameter. SQL Injection Vulnerability in Courier Management System 1.0 via ref_no Parameter 'First Name' Stored XSS Vulnerability in Courier Management System 1.0 SQL Injection Vulnerability in Courier Management System 1.0 1.0 via 'MULTIPART street' Denial of Service Vulnerability in Cisco Firepower Threat Defense Software SQL Injection Vulnerability in ThinkSAAS before 3.38 via title parameter in app/topic/action/admin/topic.php Default Account with Weak Password in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server Remote Code Execution Vulnerability in 74cms Version 5.0.1 Local File Inclusion Vulnerability in ExpertPDF 9.5.0 through 14.1.0: Unauthorized File Content Access Uninitialized-Heap Vulnerability in GNU Binutils 2.34: Information Leak in tic4x_print_cond Reflected XSS Vulnerability in CXUUCMS V3 3.1 via imgurl Parameter in admin.php?c=content&a=add CSRF Vulnerability in CXUUCMS V3 3.1 Allows Unauthorized Administrator Account Addition Cross Site Scripting (XSS) Vulnerability in Savsoft Quiz 5 via field_title DLL Loading Vulnerability in Cisco Webex Teams Client for Windows Buffer Overflow Vulnerability in GSL Statistics Library Insufficient Session Expiration Vulnerability in DomainMOD v4.15.0 Denial of Service Vulnerability in Pure-FTPd 1.0.48 Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software Directory Traversal Vulnerability in DEXT5Upload 2.7.1262310 and Earlier Privilege Escalation Vulnerability in Beijing Huorong Internet Security 5.0.55.2 Cisco Jabber for Windows: Remote Access and Information Disclosure Vulnerability Raysync Remote Code Execution (RCE) Vulnerability Unauthenticated XSS Vulnerability in Fiyo CMS 2.0.6.1 via 'tag' Parameter Stack Consumption Vulnerability in Xpdf 4.02 due to Incorrect Subroutine Reference in Type 1C Font Charstring SQL Injection Vulnerability in Online Bus Ticket Reservation 1.0 Login Page Denial of Service Vulnerability in GJSON before 1.6.4 Denial of Service Vulnerability in jsonparser 1.0.0 via GET Call SQL Injection in Classbooking: Exploiting the Username Field in CSV File for User Addition (Version 2.4.1 and below) Sensitive Information Disclosure in rainrocka xinhu 2.1.9 via Manipulated ajaxbool Value Tenda N300 F3 12.01.01.48 Remote Information Disclosure Vulnerability Persistent XSS Vulnerability in EGavilan Media Expense Management System 1.0's Add Expense Component Cross Site Scripting (XSS) Vulnerability in EGavilan Barcodes Generator 1.0 Username Enumeration Vulnerability in UTI Mutual Fund Android Application Unsafe Logging of Authentication Requests in Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows PHPJabbers Appointment Scheduler 2.3 - Multiple Cross-Site Scripting (XSS) Vulnerabilities in Admin Login Page SVG File Upload Cross Site Scripting (XSS) Vulnerability in Group Office CRM 6.4.196 XSS Vulnerability in Group Office CRM 6.4.196 via SET_LANGUAGE Parameter Cisco Webex Training: Unauthorized Access to Password-Protected Meetings SQL Injection Vulnerability in PHPGurukul Employee Record Management System 1.1: Remote Code Execution and Authentication Bypass Cisco Video Surveillance 8000 Series IP Cameras Memory Leak DoS Vulnerability SQL Injection Vulnerability in Inxedu v2.0.6 via ids parameter in AdminMsgSystemController Cross Site Scripting (XSS) Vulnerability in Subrion CMS 4.2.1 via avatar[path] Parameter kk Star Ratings Plugin XSS Vulnerability Cisco Video Surveillance 8000 Series IP Cameras: Arbitrary Code Execution and Device Reload Vulnerability Front-End SQL Injection Vulnerability in FDCMS 4.0 Remote Code Execution in FDCMS 4.0 via FindexAction.class.php Heap-based Buffer Over-read in GNU Binutils 2.35.1 Buffer Overflow Vulnerability in Cisco FXOS Software NULL Pointer Dereference in Gobby 0.4.11 D-Bus Handler for set_language Calls Race Condition Vulnerability in OozieSharelibCLI Allows File Replacement during Creation Stack Overflow Vulnerability in mod_auth_digest of Apache HTTP Server 2.4.0 to 2.4.46 Improper Namespace Access Control in HashiCorp Vault Enterprise's Sentinel EGP Policy Feature Insecure Application Configuration in Taidii Diibear Android App 2.4.0 and Derivatives Allows Credential Theft from Android Backup Insecure Data Storage in Taidii Diibear Android Application 2.4.0 and Derivatives: User Credential Vulnerability Excessive Logging in Taidii Diibear Android App 2.4.0 and Derivatives Enables Unauthorized Access to Private Chat Messages and Media Files Integer Overflow Vulnerability in g_option_group_add_entries() Ruby Shell Code Injection in ClusterLabs Hawk 2.x through 2.3.0-x Shell Code Injection Vulnerability in ClusterLabs crmsh Cisco Email Security Appliance Web Interface Information Disclosure Vulnerability Arbitrary File Write Vulnerability in Packwood MPXJ before 8.3.5 Blank Password Vulnerability in CoScale Agent Docker Image Blank Password Vulnerability in Instana Dynamic APM Docker Image Blank Password Vulnerability in Weave Cloud Agent Docker Image Blank Password Vulnerability in FullArmor HAPI File Share Mount Docker Image Blank Password Vulnerability in Blackfire Docker Image Blank Password Vulnerability in Docker Docs Docker Image Blank Password Vulnerability in Appbase Streams Docker Image 2.1.2 Blank Password Vulnerability in Software AG Terracotta Server OSS Docker Image 5.4.1 Insecure Password Masking Vulnerability in Cisco Web-Based Management Interface Incorrect Downstream Address Logging Vulnerability in Envoy Segmentation Fault Vulnerability in Envoy before 1.16.1 for Large UDP Packets Bluetooth Low Energy Advertisement Scan Response Information Leakage Vulnerability XSS Vulnerability in MediaWiki before 1.35.1 via Html::rawElement and Message::text Cross-Site Scripting (XSS) Vulnerability in MediaWiki UserRights OpenTSDB Remote Code Execution via Command Injection in yrange Parameter Vulnerability: Log Entry Visibility Issue in MediaWiki XSS Vulnerability in MediaWiki's BlockLogFormatter.php Cross-Site Scripting (XSS) Vulnerability in MediaWiki BlockLogFormatter.php Sensitive Information Exposure in MediaWiki: Handling of Missing and Hidden User Accounts Unauthenticated Macro Injection in SolarWinds Serv-U before 15.2.2 Authenticated Reflected XSS Vulnerability in SolarWinds Serv-U (before 15.2.2) Vulnerability: Local User Account Compromise via Trojan Horse gcapi.dll in AnyDesk Remote Denial of Service Vulnerability in NXLog Community Edition 2.10.2150 Unrestricted File Upload and Remote Code Execution in Contact Form 7 Plugin for WordPress Unauthenticated Remote Attackers Can Obtain Device Registration Hash in Cisco Firepower Management Center (FMC) and Firepower Threat Defense (FTD) Software Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Stack Buffer Overflow Vulnerability in cairo's image-compositor.c Heap Buffer Overflow Vulnerability in binutils' bfd/pef.c Uninitialized Memory Usage Vulnerability in binutils /opcodes/tic4x-dis.c Null Pointer Dereference Vulnerability in binutils /bfd/pef.c NULL Pointer Dereference Vulnerability in bfd_pef_scan_start_address() of binutils User Information Disclosure Vulnerability in oVirt-Engine Openvswitch Userspace Packet Parsing Denial of Service Vulnerability NULL Pointer Dereference Vulnerability in Linux Kernel Versions Prior to 5.11 Directory Traversal Vulnerability in Cisco Firepower Management Center and Firepower Threat Defense Software Linux Kernel Audit Rule Bypass Vulnerability Memory Leak Vulnerability in Privoxy Versions Before 3.0.29 QEMU NULL Pointer Dereference Vulnerability in megasas-gen2 SCSI Host Bus Adapter Emulation QEMU SCSI Emulation NULL Pointer Dereference Denial of Service Vulnerability NULL Pointer Dereference Vulnerability in QEMU SCSI Host Bus Adapter Emulation Use-After-Free Vulnerability in QEMU SCSI Host Bus Adapter Emulation NULL Pointer Dereference Vulnerability in bfd_pef_parse_function_stubs of binutils Vulnerability: Race Condition and Incorrect Initialization in Linux Kernel Process Identification Handling Expired Certificate Acceptance Vulnerability in Keycloak Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Web Interface Denial of Service Vulnerability in jboss-remoting Critical Buffer Overflow Vulnerability in pngcheck-2.4.0: Exploiting Crafted PNG Files Use-After-Free Vulnerability in D-Bus with Multiple Usernames Sharing UID NFSv4.2 Resource Starvation Vulnerability Insecure Modification Flaw in OpenShift's kubeconfig File Allows Unauthorized Node Addition QEMU Virtio-fs Privilege Escalation Vulnerability LDAP Authentication Response Enumeration Vulnerability Linux Kernel v5.12-rc5 x25_bind Out-of-Bounds Memory Access Vulnerability Cisco Aironet Access Points (APs) Software Denial of Service Vulnerability Memory Allocation Failure in libtiff's tif_read.c Leads to Denial of Service Vulnerability Memory Malloc Failure in LibTIFF's tif_pixarlog.c: Remote Denial of Service Vulnerability Integer Overflow Vulnerability in libtiff's tif_getimage.c Allows Arbitrary Code Execution Heap-based Buffer Overflow in libtiff's TIFF2PDF Tool Allows Arbitrary Code Execution Null Pointer Dereference Vulnerability in SQLite 3.31.1 INTERSEC Query Processing Out of Bounds Access Vulnerability in SQLite 3.31.1 ALTER TABLE for Views with Nested FROM Clause Cross-Site Scripting (XSS) Vulnerabilities in Cisco Firepower Management Center (FMC) Software Out-of-bounds Write Vulnerability in LibRaw's new_node() Function Out-of-Bounds Read Vulnerability in LibRaw's get_huffman_diff() Function Out-of-Bounds Read Vulnerability in LibRaw's simple_decode_row() Function Out-of-Bounds Read Vulnerability in LibRaw's LibRaw::adobe_copy_pixel() Function Memory Corruption Vulnerability in crxFreeSubbandData() Function in LibRaw Out-of-Bounds Read Vulnerability in LibRaw's parseSonySRF() Function Null Pointer Dereference Vulnerability in libjpeg-turbo's jcopy_sample_rows() Cisco ASA and FTD Software Denial of Service Vulnerability Unisys Data Exchange Management Studio XSS Vulnerability Time-Based SQL Injection in Spotweb 1.4.9 via Query String Unauthenticated Access Vulnerability in NuPoint Messenger Library Index Page Denial of Service Vulnerability in Finder on Samsung Mobile Devices (SVE-2020-18629) Default Dialer Hijacking Vulnerability on Samsung Mobile Devices Denial of Service Vulnerability in Cisco ASA and FTD Software's SIP Inspection Process Samsung Mobile Devices Vulnerable to Factory Reset Protection Bypass via StatusBar (SVE-2020-17888) RPMB State-Change Vulnerability on Samsung Mobile Devices (SVE-2020-18100) Improper Configuration in Samsung GPS Daemon Allows Location Information Leakage (SVE-2020-18678) Denial of Service Vulnerability in Samsung Mobile Devices with Qualcomm SM8250 Chipsets (SVE-2020-19678) LG Mobile Devices WebView SSL Error-Handler Vulnerability Unlocked Device Vulnerability on LG Mobile Devices with Android OS 10 CORS Misconfiguration in Acronis Cyber Protect Allows Information Disclosure Improper Access Validation in MB connect line mymbCONNECT24, mbCONNECT24, and Helmholz myREX24 and myREX24.virtual (Versions through v2.11.2) SSRF Vulnerability in MB connect line mymbCONNECT24, mbCONNECT24, and Helmholz myREX24 and myREX24.virtual Unused Function Allows Authenticated Attacker to Exhaust IPs and Prevent Account Activity Title: Cisco AnyConnect IPC Channel Vulnerability Allows Local Attackers to Execute Malicious Scripts Unauthenticated Open Redirect Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 SSRF Vulnerability in MB connect line mymbCONNECT24, mbCONNECT24, and Helmholz myREX24 and myREX24.virtual Incomplete XSS Filter in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (Versions up to 2.6.2) Allows Code Injection Outdated and Unused Component Allows for Injection of Malicious Code in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Disabled Bruteforce Detection in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Local File Inclusion Vulnerability in MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual Shared Password Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Incomplete Filter in MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual Allows Information Disclosure Self XSS Vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Improper Certificate Validation Vulnerability in Cisco Firepower Management Center (FMC) Software Allows Remote DoS File Access Vulnerability in MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual (CVE-2021-XXXX) Unsanitized Custom Field Name in MantisBT Manage Custom Field Update Cross-Site Scripting (XSS) Vulnerability in Adminer 4.7.8 via History Parameter Denial of Service (CPU Consumption) Vulnerability in PostSRSd Critical Password-Disclosure Vulnerability in TP-Link Web Interface Command Injection Vulnerability in TP-Link TL-WR841N V13 (JP) Traceroute Feature Insecure Direct Object Reference (IDOR) vulnerability allows unauthorized file downloads in Endalia Selection Portal Arbitrary Command Execution in Nagios XI Manage Plugins Page Denial of Service Vulnerability in tindy2013 subconverter 0.6.4 Cisco Firepower Management Center (FMC) Software Open Redirect Vulnerability Local File Inclusion Vulnerability in SearchBlox FileServlet Allows Unauthorized File Access Stored Cross-Site Scripting (XSS) Vulnerability in Envira Gallery Lite before 1.8.3.3 Stored Cross-Site Scripting (XSS) Vulnerability in Envira Gallery Lite before 1.8.3.3 Unencrypted Channel Vulnerability in Solstice Pod Web Services Brute-Force Enumeration of Screen Key in Solstice Pod before 3.3.0 (or Open4.3) Weak Password Enumeration Vulnerability in Solstice Pod Vulnerability: Lack of Obfuscation in Solstice Pod Firmware Cross-Site Scripting (XSS) Vulnerability in limit-login-attempts-reloaded Plugin for WordPress Cisco Aironet Access Point Software Reload Vulnerability Bypassing Rate Limits in Limit Login Attempts Reloaded Plugin for WordPress Session Fixation Vulnerability in Pi-hole 5.0, 5.1, and 5.1.1 Reflected Cross-Site Scripting (XSS) Vulnerability in Pi-hole 5.0, 5.1, and 5.1.1 Local Privilege Escalation in BMC PATROL Agent through 20.08.00 via pconfig +RESTART -host Vectors Cross-Site Scripting (XSS) Vulnerability in Zoho ManageEngine ADManager Plus before 7066 SQL Injection Vulnerabilities in Victor CMS 1.0 Directory Traversal Vulnerability in ACS Advanced Comment System 1.0 Cisco Aironet Access Points (APs) Denial of Service Vulnerability XXE Vulnerability in Kronos WebTA 5.0.4 with SAML Integration Arbitrary Code Execution via Special Characters in Error Message in Kitty Graphics Protocol Arbitrary Command Execution Vulnerability in Webmin 1.962 Code Execution Vulnerability in Microsoft Azure Sphere 20.07 via Specially Crafted AF_PACKET Socket Denial-of-Service Vulnerability in Microsoft Azure Sphere 20.05's Asynchronous ioctl Functionality CRLF Injection Vulnerability in Cisco Clientless SSL VPN Access Level Bypass in Joomla! com_finder Autosuggestion Feature Information Disclosure Vulnerability in Joomla! Global Configuration Page Path Traversal Vulnerability in Joomla! mod_random_image SQL Injection Vulnerability in Joomla! Backend User List User Enumeration Vulnerability in Joomla! Backend Login Page CSRF Vulnerability in Joomla! com_privacy Emailexport Feature ACL Ruleset Write Vulnerability Denial of Service Vulnerability in Cisco Firepower Threat Defense Software for Firepower 2100 Series Firewalls XSS Vulnerability in GlobalUsage Extension for MediaWiki User Impersonation Vulnerability in CasAuth Extension for MediaWiki Insecure Timestamp Exposure in SecurePoll Extension Arbitrary Code Execution Vulnerability in MediaWiki Widgets Extension CSRF Vulnerability in PushToWatch Extension for MediaWiki Arbitrary Code Execution via File Upload in Ultimate WooCommerce Gift Cards 3.0.2 Code Execution Vulnerability in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Cisco Firepower Threat Defense (FTD) Software Denial of Service Vulnerability Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Code Execution Vulnerabilities in CGAL LibCGAL CGAL-5.1.1 Nef Polygon Parsing Functionality Out-of-Bounds Read and Code Execution Vulnerability in CGAL libcgal CGAL-5.1.1 Out-of-Bounds Read and Code Execution Vulnerability in CGAL libcgal CGAL-5.1.1 Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB Read Code Execution Vulnerability Nef polygon-parsing code execution vulnerability in CGAL libcgal CGAL-5.1.1 Bypassing FTP Inspection Vulnerability in Cisco ASA and FTD Software TCP Intercept Bypass Vulnerability in Cisco Firepower Threat Defense (FTD) Software Multiple Cross-Site Scripting (XSS) Vulnerabilities in Uncanny Groups for LearnDash SIP Message Crash Vulnerability in Sangoma Asterisk Buffer Over-read Vulnerability in Pillow's PcxDecode Function Heap-Based Buffer Overflow in Pillow's TiffDecode for Crafted YCbCr Files Buffer Over-read Vulnerability in Pillow's SGIRleDecode Function Arbitrary Code Execution via File Upload in Jaws 1.8.0 Arbitrary Code Execution via Crafted Theme Upload in Jaws 1.8.0 Unencrypted Backups Vulnerability in SpamTitan before 7.09 Stored XSS Vulnerability in Pi-hole DNS Query Log Memory Exhaustion Vulnerability in Cisco IOS XR Software's Distance Vector Multicast Routing Protocol (DVMRP) Feature XSS Vulnerability in Monica 2.19.1 via Journal Page SSL Certificate Validation Vulnerability in SaltStack Salt Cross-Site Scripting (XSS) Vulnerability in Acronis Cyber Protect Console TerraMaster TOS Unauthenticated Command-Execution Vulnerability NoSQL Injection Vulnerability in Steedos Platform (CVE-2021-XXXX) JetBrains TeamCity Plugin SSRF Vulnerability: Exposing User Credentials NULL Pointer Dereference in RedisGraph 2.x through 2.2.11 due to Mishandling of Unquoted Strings CRLF Injection Vulnerability in Dart HTTP Package Cisco Industrial Network Director (IND) Management REST API Denial of Service Vulnerability Unauthenticated SQL Injection in BigProf Online Invoicing System 2.9 CSRF Vulnerability in BigProf Online Invoicing System Allows Privilege Escalation Cross-Site Scripting (XSS) Vulnerability in BigProf Online Invoicing System before 3.1 Stored XSS vulnerability in BigProf Online Invoicing System before 4.0 with CSRF Bypass Autobahn|Python before 20.12.3 Vulnerability: Redirect Header Injection Memory Leak Vulnerability in OpenSMTPD Bypassing URL Reputation Filters in Cisco Email Security Appliance OpenSMTPD Denial of Service Vulnerability Improper Separation of Request Scopes in Django Channels 3.x before 3.0.3 Authentication Bypass Vulnerability in Zoho ManageEngine ServiceDesk Plus (SAML Login) ICMP Checksum Calculation Vulnerability in HCC Nichestack 3.0 TCP Checksum Computation Vulnerability in HCC Nichestack 3.0 Insufficiently Random Initial Sequence Number Generation in HCC Nichestack 3.0 Escalation of Privilege Vulnerability in SECOMN Service of Sound Research DCHU Model Software Component Modules CSRF Vulnerability in PHPFusion v9.03.90 Allows Deletion of Shoutbox Messages DVMRP IGMP Packet Handling Vulnerabilities Silent Bluetooth Low Energy (BLE) Pairing Vulnerability on Samsung Devices Thinkific Online Course Creation Platform 1.0 XSS Vulnerability Second-Order SQL Injection in LibreNMS Widgets/TopDevicesController.php SQL Injection Vulnerability in Cacti 1.2.x through 1.2.16 Allows Remote Code Execution Heap-based Buffer Overflow in DCTStream::getChars in Poppler 20.12.1 Stored XSS Vulnerability in Daybyday 2.1.0 via Title Parameter in New Lead Screen Stored XSS Vulnerability in Daybyday 2.1.0 via Name Parameter in New User Screen Stored XSS Vulnerability in Daybyday 2.1.0 via Title Parameter in New Project Screen Stored XSS Vulnerability in Daybyday 2.1.0 via Company Name Parameter SQL Injection Vulnerability in phpList 3.5.9 via Config - Import Administrators Page Directory Traversal Vulnerability in bloofoxCMS 0.5.2.1 Allows Arbitrary PHP File Upload Cisco Firepower Threat Defense (FTD) Software ICMP Ingress Packet Processing Denial of Service Vulnerability Intranet IP Address Disclosure in Parallels Remote Application Server (RAS) 18 Dangling References Vulnerability in arc-swap Crate SSRF Vulnerability in Esri ArcGIS Server (pre-10.8) Arbitrary Command Execution and Password Reset Vulnerability in Belkin LINKSYS RE6500 Devices Arbitrary Command Execution in Belkin LINKSYS RE6500 Devices Arbitrary Command Execution in Belkin LINKSYS RE6500 Devices Denial of Service Vulnerability in Belkin LINKSYS RE6500 Devices Remote Code Execution via Cross-Site Scripting (XSS) in Zonote 0.4.0 Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Memory Leak DoS Vulnerability in Cisco ASA and FTD Software Stored XSS in Quest Policy Authority 8.1.2.200 via submitUser.jsp (Unsupported Version) Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Allows Remote Code Injection via BrowseAssets.do Title Parameter CSRF Vulnerability in Quest Policy Authority 8.1.2.200: Remote User Modification/Creation via submitUser.jsp Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Reflected XSS Vulnerability in Unsupported Quest Policy Authority 8.1.2.200 Deserialization Vulnerability in FasterXML Jackson-databind 2.x OS Command Injection in KLog Server 2.4.1 via actions/authenticate.php User Parameter Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows XSS Vulnerability in Roundcube Webmail SSL Application in Erlang/OTP 10.2 Accepts Invalid X.509 Certificate Chain Vulnerability Code Injection and Remote Code Execution in Batflat 1.3.6 via Users Tab Vulnerability: Clickjacking via Vidyo 02-09-/D Portal URI Arbitrary File Download Vulnerability in GateOne 1.1 via Directory Traversal Insecure Direct Object Reference in Newgen eGov 12.0's Correspondence Management System (CORMS) Allows Unauthorized Profile Modification Out-of-Bounds Write Vulnerability in WavPack 5.3.0 and Later Versions Cisco IP Phones TCP Packet Processing Denial of Service Vulnerability URL Parameter Validation Vulnerability in HGiga MailSherlock Multiple Login Pages in HGiga MailSherlock Lack User Parameter Validation, Allowing for XSS Attacks SQL Injection Vulnerability in HGiga MailSherlock SQL Injection Vulnerability in HGiga MailSherlock Unrestricted Access to Admin Dashboard in PHPGURUKUL Hospital Management System V 4.0 Arbitrary Script Injection in FV Flowplayer Video Player Plugin for WordPress Arbitrary File Read Vulnerability in Simple Job Board Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in Baby Care System 1.0 Edit Page Tab XSS Vulnerability in Persis Human Resource Management Portal's Job Posting Recommendation Form Authenticated Code Injection and Remote Code Execution in OpenSolution Quick.CMS and Quick.Cart Luci_service NVRAM Information Leak Vulnerability Luci_service GETPASS Configuration Password Information Leak Unauthenticated Root ADB Access Over TCP on Libre Wireless LS9 LS1.5/p7040 Devices Authentication Bypass in Libre Wireless LS9 LS1.5/p7040 Web Interface CSRF Attack in bloofoxCMS 0.5.2.1 allows unauthorized file content editing. Unrestricted File Upload Vulnerability in bloofoxCMS 0.5.2.1 XSS Vulnerability in bloofoxCMS 0.5.2.1 Allows Remote Code Execution Path Traversal Vulnerability in bloofoxCMS 0.5.2.1 Allows Unauthorized File Access Authenticated SQL Injection in Zoho ManageEngine Applications Manager through 14930 via resourceid parameter in showresource.do Privilege Escalation via Symlink Attack in OpenDKIM Test Suite Webmin 1.962 on Windows CGI Program Query Argument Handling Vulnerability Cisco Firepower Threat Defense (FTD) Software Ingress Packet Processing Denial of Service Vulnerability CSRF Vulnerability in Site-Offline Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in TwitterServer's HistogramQueryHandler LDAP Injection Vulnerability in CITSmart before 9.1.2.23 Buffer Overflow Vulnerability in Sangoma Asterisk Versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 via Misuse of SIP 181 Responses Command Injection Vulnerability in NETGEAR DGN2200v1 Devices CSRF Vulnerability in NETGEAR GS716Tv3 and GS724Tv4 Devices Denial of Service Vulnerability in NETGEAR NMS300 Devices Bypassing Access Rules in Cisco ASA and FTD Software WebVPN Portal Denial of Service Vulnerability in NETGEAR NMS300 Devices Denial of Service Vulnerability in NETGEAR NMS300 Devices Vulnerability: Lack of Access Control in NETGEAR Devices' TFTP Firmware Update Mechanism Unauthenticated Remote Access Control Vulnerability in NETGEAR Devices Vulnerability: Lack of Access Control at Function Level in NETGEAR Devices NETGEAR DGN2200v1 Authentication Mishandling Vulnerabilities Buffer Overflow Vulnerability in NETGEAR R7800 Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in NETGEAR WAC104 Devices (CVE-2021-XXXX) Command Injection Vulnerability in NETGEAR NMS300 Devices Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR R7800, R8900, and R9000 Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Command Injection Vulnerability in NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Buffer Overflow Vulnerability in Multiple NETGEAR Devices Command Injection Vulnerability in NETGEAR NMS300 Devices Command Injection Vulnerability in Multiple NETGEAR Devices Stack-based Buffer Overflow Vulnerability in Multiple NETGEAR Devices Cross-Site Scripting (XSS) Vulnerabilities in Cisco ASA and FTD Web Services Interface Incorrect Configuration of Security Settings in Multiple NETGEAR Devices Default TFTP Server Allows Unauthorized Firmware Updates in NETGEAR Devices Sensitive Information Disclosure in Certain NETGEAR Devices Sensitive Information Disclosure Vulnerability in Certain NETGEAR Devices Vulnerability: Sensitive Information Disclosure in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Cross-Site Scripting (XSS) Vulnerabilities in Cisco ASA and FTD Web Services Interface Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Cross-Site Scripting (XSS) Vulnerabilities in Cisco ASA and FTD Web Services Interface Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Cross-Site Scripting (XSS) Vulnerabilities in Cisco ASA and FTD Web Services Interface Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in Certain NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Stored XSS Vulnerability in Multiple NETGEAR Devices Out-of-Bounds Write Vulnerability in FastStone Image Viewer 7.5 Out-of-Bounds Write Vulnerability in FastStone Image Viewer 7.5 Out-of-Bounds Write Vulnerability in FastStone Image Viewer 7.5 NoSQL Injection in Agentejo Cockpit before 0.11.2 via Controller/Auth.php check function NoSQL Injection in Agentejo Cockpit before 0.11.2 via Controller/Auth.php resetpassword function NoSQL Injection in Agentejo Cockpit before 0.11.2 via Controller/Auth.php newpassword function Unprivileged Access to Private Issue Summary and Bugnote Revisions in MantisBT Title: Bleichenbacher Attack Vulnerability in Cisco ASA and FTD Software Allows Unauthorized Access to Sensitive Information SSRF Vulnerability in Cockpit 234 Remote Command Injection Vulnerability in HGiga MailSherlock Stored XSS vulnerability in Chatbox allows attackers to upload malicious SVG and XML files Cross-Site Scripting (XSS) in 4images Image Gallery Management System 1.7.11 via Image URL Cross-Site Scripting (XSS) Vulnerability in Textpattern 4.8.4 Body Parameter Stored XSS Vulnerability in SolarWinds Orion Platform Allows Administrator-Level Attacks on Customize View Page Stack Consumption Vulnerability in trust-dns-server Crate Stack Consumption Vulnerability in Prost Crate Lucet-runtime-internals Crate Sigstack Allocation Vulnerability Cisco DNA Spaces Connector Web-Based Management Interface Command Execution Vulnerability Unsafe Dereferencing in cbox Crate Memory Reading Vulnerability in bumpalo Crate Allows Unauthorized Access to Cryptographic Keys Use-after-free or Double Free Vulnerability in bitvec Crate HTTP Request Smuggling Vulnerability in hyper crate Unsafe Transmutation in flatbuffers Crate for Rust False Expectations in os_str_bytes Crate: A Vulnerability in Rust Memory Safety Violation in rusqlite Crate: VTab / VTabCursor Vulnerability Memory Safety Violation in rusqlite crate's create_module Memory Safety Violation via UnlockNotification in rusqlite crate Memory Safety Violation in rusqlite::trace::log due to Mishandling of Format Strings Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software Use-after-free vulnerability in rusqlite crate before 0.23.0 Memory Safety Violation via Auxdata API Data Race Memory Safety Violation via repr(Rust) Type in rusqlite Crate Use-after-free vulnerability in rusqlite crate before 0.23.0 Race Condition and Use-After-Free Vulnerability in internment crate Excessive Memory Usage Vulnerability in tokio-rustls Crate Struct Leaking Vulnerability in Rust's rio Crate Out-of-Bounds Access Vulnerability in Ozone Crate Memory Safety Violation: Uninitialized Memory Dropping in Ozone Crate Incorrect Lifetime-Boundary Definitions in rulinalg Crate for Rust Arbitrary Code Execution Vulnerability in Cisco Webex Meetings Desktop App for Windows Soundness Violation in bigint Crate: A Critical Vulnerability Discovered Traitobject Crate Memory Corruption Vulnerability Data Race Vulnerability in Rocket Crate (Versions prior to 0.4.5) Directory Traversal Vulnerability in mozwire Crate Allows File Overwrite HTTP Request Smuggling Vulnerability in tiny_http Crate Improper Memory Deallocation in alpm-rs crate Thread Boundary Data Race Vulnerability in arr Crate Buffer Overflow Vulnerability in arr Crate Uninitialized Memory Drop Vulnerability in arr crate TOCTOU Issue in Crayon Crate: Memory Safety Violation via HandleLike Cross-Site Scripting (XSS) Vulnerability in Cisco Identity Services Engine (ISE) Software Memory Safety Violation in ordnung crate: Out-of-Bounds Access in compact::Vec for Large Capacity Double Free Vulnerability in ordnung crate's compact::Vec Out-of-Bounds Read Vulnerability in simple-slab Crate Off-by-one Error in simple-slab Crate Leads to Memory Leakage and Uninitialized Memory Drop Unaligned References Vulnerability in obstack crate Out-of-Bounds Write Vulnerability in Stack Crate Remote Memory-Consumption Attack in Rust's ws Crate Unsafe Send Implementation in atom Crate Allows Cross-Thread Data Race Multiple Mutable References Vulnerability in actix-utils Crate Multiple Mutable References Vulnerability in actix-service Crate Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software Use-after-free vulnerability in array-queue crate's pop_back() function Use-after-free vulnerability in actix-http crate Use-after-free vulnerability in actix-codec crate Misaligned Element Access Vulnerability in dync Crate Memory Allocation Expectation Vulnerability Data race vulnerability in MutexGuard::map in futures-util crate before 0.3.7 Use-after-free vulnerability in futures-task crate before 0.3.6 NULL Pointer Dereference in futures-task::noop_waker_ref Data Corruption Vulnerability in futures-util Crate Panic Vulnerability in multihash Crate Parsing Code Cross-Site Scripting (XSS) Vulnerability in Cisco SD-WAN vManage Software Data Race Vulnerability in lock_api Crate Data Race Vulnerability in lock_api Crate Data Race Vulnerability in lock_api Crate Data Race Vulnerability in lock_api Crate Data Race Vulnerability in lock_api Crate Cross-Thread Data Race Vulnerability in futures-intrusive Crate Mutable Reference with Immutable Provenance Vulnerability Reference-Counting Error and Use-After-Free Vulnerability in pyo3 Crate Panic Vulnerability in Branca Crate for Rust Misrepresentation of std::net::SocketAddr Memory Representation Vulnerability Authorization Bypass Vulnerability in Cisco SD-WAN vManage Software Misrepresentation of std::net::SocketAddr Memory Representation in socket2 Crate False Expectations in miow Crate Regarding std::net::SocketAddr Memory Representation Misinterpretation of std::net::SocketAddr Memory Representation in mio Crate Vulnerability: NotNan Value Containing NaN in ordered-float Crate Cross-Thread Sending Vulnerability in try-mutex Crate Cross-Thread Sending Vulnerability in Magnetic Crate Integer Truncation Vulnerability in nanorand Crate Thex<T> Allows Cross-Thread Data Races of Non-Send Types Data Race Vulnerability in concread Crate Hard-coded Credentials in TinyCheck Installation Script Privilege Escalation Vulnerability in Cisco SD-WAN Software Stored XSS Vulnerability in Seo Panel 4.8.0 via url Parameter Evil Annotation Attack: Spoofing Certified PDF Documents in Foxit Reader and PhantomPDF Arbitrary PHP Object Injection in Newsletter Plugin for WordPress Reflected Authenticated Cross-Site Scripting (XSS) Vulnerability in Newsletter Plugin for WordPress Unfiltered User Object Disclosure in Advanced Access Manager Plugin for WordPress Privilege Escalation via AAM User Roles in Advanced Access Manager Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Post Grid Plugin for WordPress Stored Cross-Site Scripting (XSS) Vulnerability in Team Showcase Plugin for WordPress PHP Object Injection Vulnerability in Post Grid Plugin for WordPress PHP Object Injection Vulnerability in Team Showcase Plugin for WordPress Privilege Escalation Vulnerability in Cisco SD-WAN Software NextGEN Gallery Plugin CSRF Vulnerability Allows Remote Code Execution and XSS CSRF Vulnerability in NextGEN Gallery Plugin Allows File Upload CSRF Vulnerability Leading to XSS in PageLayer Plugin for WordPress Arbitrary File Upload Vulnerability in Divi Builder Plugin and Themes Stored XSS Vulnerability in All in One SEO Pack Plugin for WordPress Unauthenticated Access and Cross-Site Scripting (XSS) Vulnerability in PageLayer Plugin for WordPress Arbitrary File Modification and Remote Code Execution in XCloner Backup and Restore Plugin Arbitrary File Upload and Remote Code Execution Vulnerability in Quiz and Survey Master Plugin Privilege Escalation Vulnerability in Cisco SD-WAN Software CSRF Vulnerability in XCloner Backup and Restore Plugin for WordPress Arbitrary File Deletion Vulnerability in Quiz and Survey Master Plugin Error-based User Enumeration in PHPFusion Andromeda 9.x Login SIP Traffic Handling Vulnerability in Cisco Expressway Series and Cisco TelePresence VCS Access Control Vulnerability in Loopring (LRC) Smart Contract Allows Price Manipulation Out-of-Bounds Write Vulnerability in flb_gzip_compress in Fluent Bit Out-of-Bounds Write Vulnerability in FFmpeg 4.3.1's vividas.c Out-of-Bounds Write Vulnerability in FFmpeg's exr.c Directory Traversal Vulnerability in Cisco Nexus Data Broker Software SSRF Vulnerability in YzmCMS 5.8 Allows Arbitrary File Read YzmCMS v5.8 Storage XSS Vulnerability in /admin/system_manage/user_config_edit.html CSRF Vulnerability in YzmCMS V5.8 Allows Unauthorized Addition of Member User Accounts XSS Vulnerability in zzcms2020: Arbitrary JS Code Execution via /user/manage.php Heap-based Buffer Overflow in gp_rtp_builder_do_avc() function Unauthenticated Access and Configuration Changes Vulnerability in Cisco Vision Dynamic Signage Director Use-after-free vulnerability in GPAC version 0.8.0 and 1.0.1 Invalid Pointer Dereference in GPAC's SetupWriters() Function Invalid Pointer Dereference in gf_hinter_track_finalize() Function Stored XSS Vulnerability in Rukovoditel 2.7.2 'Users Alerts' Title Parameter Stored Cross Site Scripting (XSS) Vulnerability in Rukovoditel 2.7.2 Global Lists Feature Stored XSS Vulnerability in Rukovoditel 2.7.2 'Users Access Groups' Feature Stored Cross Site Scripting (XSS) Vulnerability in Rukovoditel 2.7.2 'Entities List' Feature Cisco ASA Software Web-Based Management Interface XSS Vulnerability Buffer Overflow Vulnerability in Foxit PDF Reader 10.1.0.37527: DoS via crafted .pdf file Insecure Database Password Storage in Fiserv Prologue through 2020-12-16 Privilege Escalation Vulnerability in Cisco SD-WAN Software SQL Injection Vulnerability in Seat-Reservation-System 1.0: Exploiting the id Parameter in index.php Union-Based Blind SQL Injection in Online Book Store v1.0 Allows Retrieval of All Databases SQL Injection Vulnerability in AppCMS 2.0.101's /admin/download_frame.php Arbitrary File Deletion Vulnerability in AppCMS 2.0.101 Arbitrary File Deletion Vulnerability in AppCMS 2.0.101 Cross-Site Scripting (XSS) Vulnerability in AppCMS 2.0.101 Arbitrary File Write Vulnerability in OBottle 2.0 Arbitrary File Download Vulnerability in OBottle 2.0 Privilege Escalation Vulnerability in Cisco StarOS CLI for ASR 5000 Series Routers Cross-Site Scripting (XSS) Vulnerability in QDOCS Smart Hospital Management System 3.1's Add Patient Form Stored XSS Vulnerability in BDTASK Multi-Store Inventory Management System 1.0 via Customer Name Field Privilege Escalation Vulnerability in Cisco StarOS CLI Denial of Service Vulnerability in freedesktop poppler 20.12.1 Denial of Service Vulnerability in freedesktop poppler 20.12.1 Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows SQL Injection Vulnerability in SourceCodester Water Billing System 1.0: Exploiting the id Parameter in edituser.php SQL Injection Vulnerability in oretnom23 School Faculty Scheduling System v1.0: Remote Code Execution, Privilege Escalation, and Information Disclosure Arbitrary Code Execution Vulnerability in wuzhicms 4.1.0 Arbitrary Code Execution Vulnerabilities in Cisco Webex Network Recording Player and Cisco Webex Player for Windows Denial of Service Vulnerability in Engine.IO Long Polling Transport Denial of Service (Memory Consumption) Vulnerability in socket.io-parser before 3.4.1 Arbitrary File Read Vulnerability in MiniCMS V1.10 Arbitrary File Inclusion Vulnerability in MiniCMS V1.10 post-edit.php Cross-Site Scripting (XSS) Vulnerability in Beetel 777VR1-DI Firmware Version V01.00.09_55 Hardcoded Credentials Vulnerability in Dairy Farm Shop Management System v1.0 Hardcoded Credentials Vulnerability in Online Course Registration v1.0 Arbitrary Administrator Account Addition via CSRF in FlyCms 1.0 Denial of Service Vulnerability in GJSON <1.6.5 via Crafted JSON Denial of Service Vulnerability in GJSON <=v1.6.5 via Crafted GET Call Arbitrary Code Execution Vulnerability in Yoyager v.1.4 and Earlier SQL Injection Vulnerability in Tailor Management System v.1: Remote Code Execution via email.php Remote Code Execution Vulnerability in Tailor Management System v.1 via id Parameter Remote Code Execution Vulnerability in Tailor Management System v.1 via document.php's detail Parameter Arbitrary Code Execution via Title Parameter in Tailor Management System v.1 Remote Code Execution Vulnerability in Tailor Management System v.1 via customer parameter in orderadd.php Authenticated Arbitrary File Upload Vulnerability in Zenphoto through 1.5.7 Arbitrary Code Execution and Privilege Escalation via File Upload in bloofoxCMS 0.5.2.1 Double Free Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Buffer Overflow Vulnerability in ASUS RT-AX86U Router Firmware (Version < 9.0.0.4_386) Allows Remote Code Execution Improper Access Issue in Qualcomm-signed Segments Loading Vulnerability SQL Injection Vulnerabilities in CSE Bookstore Version 1.0 Stored XSS Vulnerability in EGavilan Media CRUD Operation Buffer Overflow in Libsixel v1.8.6's sixel_encoder_encode_bytes Function: DoS Vulnerability Double Free Vulnerability in Saitoha Libsixel v1.8.6 XML External Entity (XXE) Injection in Pax Technology PAXSTORE v7.0.8_20200511171508 and lower PAXSTORE v7.0.8_20200511171508 and lower: Remote Bypass of Password Revalidation in Sensitive Operations Remote Privilege Escalation in PAXSTORE v7.0.8_20200511171508 and lower Information Disclosure Vulnerability in Pax Technology PAXSTORE v7.0.8_20200511171508 and Lower Token Spoofing Vulnerability in Pax Technology PAXSTORE v7.0.8_20200511171508 and Lower Stack Buffer Overflow in AOM v2.0.1 via src/aom_image.c Double Free Vulnerability in Snapdragon SM8150 Chipsets NULL Pointer Dereference Vulnerability in AOM v2.0.1 via av1_dx_iface.c Stack Buffer Overflow in AOM v2.0.1 via stats/rate_hist.c Global Buffer Overflow Vulnerability in AOM v2.0.1 via av1/encoder/partition_search.h Segmentation Violation Vulnerability in AOM v2.0.1 via aom_dsp/x86/obmc_sad_avx2.c NULL Pointer Dereference Vulnerability in AOM v2.0.1 via rate_hist.c CSKAZA CSZCMS v1.2.9 SQL Injection Vulnerability in pm_sendmail Parameter FFmpeg 4.3 TIFF Decoder Denial of Service Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in BloofoxCMS 0.5.2.1 via 'fileurl' Parameter Possible Buffer Overflow Vulnerability in Multiple Snapdragon Platforms Cross-Site Request Forgery (CSRF) vulnerability in BloofoxCMS 0.5.2.1 Unrestricted File Upload Vulnerability in BloofoxCMS 0.5.2.1 Directory Traversal Vulnerability in BloofoxCMS 0.5.2.1 via 'fileurl' Parameter LDAP Injection Vulnerability in Redash 8.0.0: Information Leakage through Crafted Queries NULL Pointer Dereference and Segmentation Fault in verifyAttribute function of libmysofa library 0.5 - 1.1 NULL Pointer Dereference and Segmentation Fault in libmysofa Library's changeAttribute Function Improper Handling of Deauth/Disassoc Frames in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, and other Qualcomm Products Heap Buffer Overflow and Unallocated Memory Access in libmysofa Library's Loudness Function Heap Buffer Overflow in mysofa_resampler_reset_mem function in libmysofa library 0.5 - 1.1 Arbitrary Code Execution Vulnerability in Symonics libmysofa 0.5 - 1.1 Privilege Escalation Vulnerability in Pearson VUE VTS Installer 2.3.1911 Unauthenticated Privilege Escalation via User Meta in Ultimate Member Plugin Authenticated Privilege Escalation via Profile Update in Ultimate Member Plugin Unauthenticated Privilege Escalation via User Roles in Ultimate Member Plugin Remote Code Execution via Long SSID in Linux Kernel (CVE-2020-36158) Unauthenticated URL Disclosure in Veritas Desktop and Laptop Option (DLO) before 9.5 Buffer Overflow Vulnerability in Display Function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Privilege Escalation via OpenSSL Library Loading in Veritas System Recovery Arbitrary Code Execution Vulnerability in Veritas APTARE 10.4 and 10.5 Arbitrary Code Execution via OpenSSL Configuration File Loading in Veritas CloudPoint Arbitrary Code Execution Vulnerability in Veritas NetBackup and OpsCenter Arbitrary Code Execution Vulnerability in Veritas Enterprise Vault Arbitrary Code Execution Vulnerability in Veritas Desktop and Laptop Option (DLO) Arbitrary Code Execution Vulnerability in Veritas InfoScale Arbitrary Code Execution Vulnerability in Veritas Backup Exec Arbitrary Code Execution Vulnerability in Veritas Resiliency Platform Arbitrary Code Execution Vulnerability in Veritas NetBackup and OpsCenter Buffer Over-read Vulnerability in Q6 Testbus Framework Hidden Timestamp Field Vulnerability in Ultimate Member Plugin for WordPress Unrestricted SVG Upload Vulnerability in Elementor Website Builder Plugin for WordPress XSS Vulnerability in Advanced Custom Fields Plugin for WordPress Unescaped Fields Vulnerability in Ninja Forms Plugin for WordPress CSRF Vulnerability in Ninja Forms WordPress Plugin Bypassing Validation in Ninja Forms Plugin for WordPress Delayed New-Password Requirement Vulnerability in iThemes Security Plugin for WordPress Out-of-Bounds Write Vulnerability in RSA Padding (RsaPad_PSS) in wolfSSL OS Command Injection in oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 Devices Deserialization Vulnerability in FasterXML Jackson-databind 2.x Critical Vulnerability: NULL Exception in Snapdragon Compute, Mobile, Wired Infrastructure, and Networking Devices Vulnerability: FasterXML jackson-databind 2.x before 2.9.10.8 Serialization Gadget Mishandling Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x FasterXML jackson-databind 2.x before 2.9.10.8 Serialization Gadget Vulnerability Multiple Memory Touch Vulnerability in Snapdragon Processors XSS Vulnerability in RailsAdmin via Nested Forms CSRF Vulnerability in JupyterHub 1.1.0 Admin Panel Vulnerability: Unauthorized Access to Private Issue Summary in Source Integration Plugin for MantisBT Directory Traversal Vulnerability in Archive_Tar through 1.4.11 Allows Write Operations XSS Vulnerability in QNAP NAS: Injection of Malicious Code in QTS and QuTS hero SQL Injection Vulnerability in QNAP NAS Multimedia Console and Media Streaming Add-on Stored XSS Vulnerability in QNAP QuLog Center Versions Prior to 1.2.0 Improper Access Control Vulnerability in Music Station Title: Remote Command Execution Vulnerability in QNAP Malware Remover Command Injection Vulnerability in TinyCheck Integer Overflow Vulnerability in G-link SMEM Transport Can Lead to Corruption and Information Leak Authenticated HTTP GET Request Vulnerability Insecure Password Encryption in Xerox WorkCentre Devices Request Smuggling Vulnerability in async-h1 Crate Data Race and Memory Corruption Vulnerability in reffers Crate Data race vulnerability in im crate for Rust Use-after-free or Double-free Vulnerability in xcb Crate Data Race and Memory Corruption Vulnerability in rusb Crate Data Race and Memory Corruption Vulnerability in Aovec Crate Thread Crossing Vulnerability in conquer-once Crate Data Race Vulnerability in Late-Static Crate Memory Corruption and Information Leakage Vulnerability in Snapdragon Platforms Memory Corruption Vulnerability in autorand Crate Data Race and Memory Corruption Vulnerability in gfwx Crate Double Drop Vulnerability in abi_stable Crate Invalid UTF-8 String Creation Vulnerability in abi_stable Crate Data Race Vulnerability in multiqueue2 Crate Memory Corruption Vulnerability in hashconsing Crate Data Race and Memory Corruption Vulnerability in Input<R> in eventio crate Memory Corruption Vulnerability in may_queue Crate Data Race Vulnerability in Buttplug Crate Data Race Vulnerability in Atomic-Option Crate Potential Memory Corruption Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Multiple Chipsets Data Race and Memory Corruption Vulnerability in va-ts Crate OpenLDAP Integer Underflow Vulnerability in Certificate Exact Assertion Processing OpenLDAP Assertion Failure in saslAuthzTo Validation: Denial of Service Vulnerability OpenLDAP 2.4.57 Denial of Service Vulnerability in Values Return Filter Control Handling OpenLDAP Denial of Service Vulnerability in saslAuthzTo Processing Double Free Vulnerability in OpenLDAP 2.4.57: Denial of Service through saslAuthzTo Processing OpenLDAP Denial of Service Vulnerability in saslAuthzTo Processing Denial of Service Vulnerability in OpenLDAP before 2.4.57 OpenLDAP Integer Underflow Vulnerability in Certificate List Exact Assertion Processing Denial of Service Vulnerability in OpenLDAP's ldap_X509dn2bv Function Critical Vulnerability: Kernel Failure in Snapdragon Mobile (SM8250, SXR2130) when Running v1 Path Directly via Kernel OpenLDAP Denial of Service Vulnerability in X.509 DN Parsing Insecure Direct Object References (IDOR) Vulnerability in Atlassian Jira Server and Data Center Arbitrary DNS Lookup and Service Request Vulnerability in Atlassian Gadgets Privilege Escalation Vulnerability in Atlassian Bitbucket Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Screens Modal View Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Allows Unauthenticated Remote Attackers to View Custom Field and Custom SLA Names via Mobile Site View Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Information Disclosure Vulnerability in Atlassian Jira Server and Data Center (CVE-2021-26084) Username Validation Vulnerability in Jira Server and Data Center Ehcache RMI Network Service Missing Authentication Vulnerability Integer Overflow Vulnerability in Snapdragon Platforms Arbitrary File Read Vulnerability in Crowd ResourceDownloadRewriteRule Directory Traversal Vulnerability in GNOME gnome-autoar through 0.2.4 Integer Overflow and Buffer Overflow Vulnerability in Python Cryptography Package Command Injection Vulnerability in OpenEMR 5.0.2.1 Patient Portal Heap-based Buffer Overflow Vulnerability in GENIVI Diagnostic Log and Trace (DLT) Daemon Remote Code Execution in GramAddict through 1.2.3 via UIAutomator2 and ATX-Agent Root Privilege Escalation via Shell Metacharacters in Symbolic Links in Amaze File Manager CSRF Vulnerability in Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 Vulnerability: PIN Bypass in ownCloud Android Application File Firewall Bypass Vulnerability in ownCloud Server 2.8.0 Stack Out of Bounds Vulnerability in Snapdragon Auto, Consumer IoT, and Mobile Platforms Bypassing Lock Protection Mechanism in ownCloud Android App Privilege Escalation: Unauthorized Removal of Group Share Access in ownCloud Server Arbitrary File Access Vulnerability in ownCloud Server 10.x before 10.3.1 Dropbear SCP Filename Mishandling Vulnerability Branca Implementation Vulnerability: Authentication Token Modification and Forgery Unprotected AIDL uimlpaservice Vulnerability in Snapdragon Platforms Denial of Service Vulnerability in Leptonica before 1.80.0 Heap-Based Buffer Over-Read Vulnerability in Leptonica before 1.80.0 Heap-based Buffer Over-read in Leptonica's rasteropGeneralLow Improper Access Vulnerability in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20 Heap-based Buffer Over-read in Leptonica's pixReadFromTiffStream Function Heap-based Buffer Over-read in pixFewColorsOctcubeQuantMixed Unsafe Deserialization Vulnerability in JMS Client for RabbitMQ CSRF Vulnerability in HID OMNIKEY 5427 and OMNIKEY 5127 Readers with EEM Driver CWE-347: Free Shopping Exploit in Union Pay Android App CWE-347: Improper Verification of Cryptographic Signature in Union Pay iOS Mobile Apps Allows for Free Shopping Jira Server and Data Center Vulnerability: Unauthorized Group and Member Enumeration Unauthenticated Remote Access to Gadget Settings in Atlassian Gadgets Plugin DOM Cross-Site Scripting (XSS) Vulnerability in Jira Server and Data Center Information Disclosure Vulnerability in Atlassian Jira Server and Data Center Stack Out-of-Bound Vulnerability in DSP Capabilities Query Cross-Site Scripting (XSS) Vulnerability in Livesearch Macro in Confluence Server and Data Center Out of Bound Access Vulnerability in Multiple Snapdragon Platforms Cross-Site Scripting (XSS) Vulnerability in Redmine before 4.0.7 and 4.1.x before 4.1.1 via back_url Field Stored XSS via Textile Inline Links in Redmine before 4.0.7 and 4.1.x before 4.1.1 Information Disclosure Vulnerability in Redmine CSV Export Unsafe Character Vulnerability in ngx_http_lua_module Infinite Loop Vulnerability in Linux Kernel's SVM Module (CVE-2020-XXXX) Denial of Service Vulnerability in Linux Kernel's SEV VM Destruction (CID-7be74942f184) Memory Leak in kvm_io_bus_unregister_dev in Linux Kernel Out-of-Range Access Vulnerability in Linux Kernel's KVM Subsystem (CID-0774a964ef56) Directory Traversal Vulnerability in GNOME File-Roller through 3.38.0 RSA PKCS#1 v1.5 Signature Forgery Vulnerability Buffer Overflow in PKCS#1 v1.5 Signature Verification in RELIC (pre-2021-04-03) Panic Safety Vulnerability in Rust's String::retain() Function Double Free Vulnerability in Rust's VecDeque::make_contiguous Exposure of Sensitive Data through Insecure Configuration of Default ObjectMapper in Vaadin Flow Server Memory Overflow Vulnerability in Snapdragon Compute and Snapdragon Mobile Processors Unsafe Validation RegEx in EmailValidator Class in Vaadin Server Versions 7.0.0 through 7.7.21 Arbitrary File Access Vulnerability in Vaadin Flow Server Incomplete Fix for FUSE Filesystem Vulnerability (CVE-2021-28950) Uninitialized Bytes Exposure Vulnerability in Rust Standard Library (Before 1.52.0) Reflected XSS Vulnerability in Wikimedia Quarry Analytics Out-of-Bounds Read-Access Bug in Jansson's json_loads Function Object Injection Vulnerability in PHPMailer 6.1.8 through 6.4.0 via addAttachment with UNC Pathname Bundler Dependency Confusion Vulnerability Heap-based Buffer Overflow in libwebp: Invalid Buffer Size Check in WebPDecodeRGBInto (CVE-2021-38142) Use-after-free vulnerability in libwebp before 1.0.1 allows for data confidentiality, integrity, and system availability compromise Array Out of Bounds Vulnerability in Snapdragon Platforms Out-of-Bounds Read Vulnerability in libwebp: Threats to Data Confidentiality and Service Availability Out-of-Bounds Read Vulnerability in libwebp: Threats to Data Confidentiality and Service Availability Excessive Memory Allocation Vulnerability in libwebp Unauthenticated Database Wipe Vulnerability in themegrill-demo-importer Plugin CSRF Vulnerability in themegrill-demo-importer Plugin (<=1.6.3) Allows Database Wipe Multiple Read Overflows Vulnerability in Snapdragon Processors Stack-based Overflow Vulnerability in Snapdragon Processors Out of Bound Write Vulnerability in Snapdragon Platforms Weak Cipher Suites in Amazon AWS CloudFront TLSv1.2_2019 Path Traversal Vulnerability in SmartstoreNET ImportController Open Redirect Vulnerability in SmartstoreNET 4.1.0 Stack Overflow Vulnerability in parse_value Cesanta MJS 1.20.1: Remote DoS via Crafted File Stack Overflow Vulnerability in parse_block Cesanta MJS 1.20.1: Remote DoS via Crafted File Stack Overflow Vulnerability in parse_statement Cesanta MJS 1.20.1: Remote DoS via Crafted File Stack Overflow Vulnerability in parse_statement_list Cesanta MJS 1.20.1: Remote DoS via Crafted File Stack Overflow Vulnerability in parse_unary Cesanta MJS 1.20.1: Remote DoS Exploit Stack Overflow Vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1: Remote DoS Exploit Stack Overflow Vulnerability in parse_plus_minus Cesanta MJS 1.20.1: Remote DoS Exploit Stack Overflow Vulnerability in parse_shifts Cesanta MJS 1.20.1: Remote DoS via Crafted File Stack Overflow Vulnerability in parse_comparison Cesanta MJS 1.20.1: Remote DoS via Crafted File Stack Overflow Vulnerability in parse_equality Cesanta MJS 1.20.1: Remote DoS via Crafted File Arbitrary Code Execution Vulnerability in shenzhim aaptjs 1.3.1 Arbitrary Code Execution Vulnerability in shenzhim aaptjs 1.3.1 Arbitrary Code Execution Vulnerability in shenzhim aaptjs 1.3.1 Arbitrary Code Execution Vulnerability in shenzhim aaptjs 1.3.1 Improper Page Permissions Vulnerability in Snapdragon Platforms Arbitrary Code Execution Vulnerability in shenzhim aaptjs 1.3.1 Arbitrary Code Execution Vulnerability in shenzhim aaptjs 1.3.1 OpenVPN Access Server Denial of Service Vulnerability Reflected XSS Vulnerability in PageLayer Plugin (<=1.3.5) via font-size Parameter Reflected XSS Vulnerability in PageLayer 1.3.5 and earlier via Color Settings Use-after-free vulnerability in Linux kernel before 5.10 in drivers/infiniband/core/ucma.c Slab Out-of-Bounds Read Vulnerability in Linux Kernel's hci_extended_inquiry_result_evt Use-after-free vulnerability in Linux kernel before 5.8.2 related to io_uring.c and io_async_task_func Arbitrary Code Execution via Crafted PHAR Archive Upload in CiviCRM CSRF Vulnerability in CiviCRM CKEditor Configuration Form Vulnerability in Snapdragon Processors: Non-standard SIP Sigcomp Message Exploitation Arbitrary Filesystem Quota Manipulation in pam_setquota Module Stored XSS Vulnerability in LavaLite 5.8.0 /admin/user/team Component Stored Cross Site Scripting (XSS) Vulnerability in LavaLite 5.8.0's /admin/roles/role Component Stored XSS Vulnerability in LavaLite 5.8.0 /admin/contact/contact Component Stored XSS Vulnerability in phplist 3.5.4 and Below: Arbitrary Code Execution via Crafted Payload in Campaign Field Stored XSS Vulnerability in phplist 3.5.4 and Below: Bounce Rules Module rule1 Parameter Header Resizing Vulnerability in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, QCS404, QCS610, Rennell, Saipan, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130 Heap-Based Buffer Overflow in ZeroMQ libzmq 4.3.3's zmq::tcp_read Function Double Free Vulnerability in mruby 2.1.2's mrb_default_allocf Stack-Use-After-Return Vulnerability in Solidity 0.7.5 Out-of-Bounds Write Access in HTSlib's vcf_parse_format Function Invalid Free Vulnerability in Keystone Engine 0.9.2 Use-after-free vulnerability in Keystone Engine 0.9.2: llvm_ks::X86Operand::getToken. Stack-based Buffer Overflow in uWebSockets 18.11.0 and 18.12.0 Out-of-Bounds Write Vulnerability in libavif 0.8.0 and 0.8.1 Stored XSS Vulnerability in CMS Made Simple 2.2.14 via Crafted Payload in Add Shortcut Parameter Stored XSS Vulnerability in CMS Made Simple 2.2.14 via Crafted Payload in Add Category Parameter Improper Validation of Atom Size Leading to Integer Overflow in Snapdragon Processors Stored XSS Vulnerability in CMS Made Simple 2.2.14 via Crafted Payload in Email address to receive notification of news submission Parameter Stored XSS Vulnerability in CMS Made Simple 2.2.14 via Crafted Payload in Content Editing Settings Stored XSS Vulnerability in CMS Made Simple 2.2.14 via Crafted Payload in Admin Search Stored XSS Vulnerability in CMS Made Simple 2.2.14 via Crafted Payload in Exclude IP Addresses Parameter Stored XSS Vulnerability in CMS Made Simple 2.2.14 via Crafted Payload in URL (slug) or Extra Fields Stored XSS Vulnerability in CMS Made Simple 2.2.14 Stylesheets Module Stored XSS Vulnerability in CMS Made Simple 2.2.14 Designs Module Critical Use After Free Vulnerability in Snapdragon Camera Applications Denial of Service Vulnerability in Unsupported Polipo Versions Side Channel Vulnerability in Arm Mbed TLS Allows Disclosure of RSA Private Key Side Channel Vulnerability Allows Recovery of ECC Private Key in Arm Mbed TLS Lucky 13 Countermeasure Vulnerability in Arm Mbed TLS Side-Channel Attack Vulnerability in Arm Mbed TLS: Private Key Recovery Certificate Revocation Bypass via Clock Manipulation Buffer Over-read Vulnerability in Arm Mbed TLS before 2.24.0 JPEG Image Crash Vulnerability in GNOME gThumb Heap-Based Buffer Overflow in matio's ReadInt32DataDouble Function Out-of-Bounds Write Vulnerability in Variant_encodeJson in open62541 1.x before 1.0.4 Partial Secure Display-Touch Session Tear-Down Vulnerability in Snapdragon Processors Heap-Based Buffer Overflow in libass 0.15.x before 0.15.1 Out-of-Bounds Write Vulnerability in Unicorn Engine 1.0.2's helper_wfe_arm Uninitialized Memory Drop in Matrix::new() in alg_ds Crate Chunk API Alignment Vulnerability Double Free Vulnerability in sys-info Crate Lack of Bounds Checks in ruspiro-singleton Crate Missing Send and Sync Trait Bounds in unicycle Crate Unconditional Send and Sync Implementations in conqueue Crate Lack of Send and Sync Bounds in Future<T> in tiny_future Crate Unconditional Send Implementations in ticketed_lock Crate Information Disclosure Vulnerability in Multiple Snapdragon Platforms Vulnerability: Send Implementation in libsbc Crate Allows Read Access AtomicBox<T> Allows Send and Sync Without T: Send and T: Sync Requirements Lack of Sync Bound on Send Trait in beef::Cow Uninitialized Buffer Vulnerability in libp2p-deflate Crate Missing Trait Bounds in ArcGuard<RC, T> Implementation for Send and Sync Unconditional Send and Sync Implementations in ConVec<T> Vulnerability Unconditional Send and Sync Implementations in Rust's signal-simple Crate Unconditional Sync Implementation Vulnerability in v9 Crate Unconditional Send and Sync Implementations in Cache Crate for Rust Vulnerability: Lack of Send Trait Requirement in ShmWriter<H> Implementation Firmware Assertion Vulnerability in WLAN Firmware with FILS IE in Snapdragon Compute, Connectivity, Consumer Electronics, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure, and Networking Unconditional Send and Sync Implementations in Bunch<T> Vulnerability Unconditional Send and Sync Implementations in RcuCell<T> Vulnerability Uninitialized Memory Drop Vulnerability in array-tools Crate Unconditional Send and Sync Implementations in scottqueue Crate Unconditional Send Implementation in parc Crate for Rust Unconditional Implementation of Send and Sync in slock<T> Crate Lack of Bounds on Contained Type in CopyCell<T> in Toolshed Crate Lever Crate: Send and Sync Traits Implementation Vulnerability Vulnerability: Sync Implementation with Unsafe Trait Bounds in lexer crate Unbounded Send Vulnerability in dces Crate Buffer Overflow Vulnerability in Video Application on Snapdragon Platforms Vulnerability: Unchecked Send and Sync Implementation in Model Crate Unconditional Send and Sync Implementations in MvccRwLock in noise_search Crate Unconditional Send Implementation Vulnerability in syncpool Crate Unconditional Send Implementations in multiqueue Crate for Rust Heapless crate: Clone implementation of IntoIter clones entire Vec without considering partial consumption Soundness Violation in generic-array Crate: Lifetime Extension with arr! Macro Vulnerability: Unsafe Send and Sync Implementation in cgc Crate Multiple Mutable References Vulnerability in cgc Crate Non-Atomic Write Operations Vulnerability in cgc Crate Unconditional Implementation of Send and Sync in Appendix Crate for Rust Critical Buffer Overflow Vulnerability in Snapdragon Compute, Industrial IOT, Mobile, Voice & Music Processors Unbounded Mutable References Vulnerability in disrustor Crate Lack of Send Bounds in Generator Crate: Vulnerability Sync Implementation Vulnerability in max7301 Crate Cleartext HTTP Vulnerability in UCWeb UC 12.12.3.1219 through 12.12.3.1226 DNS Rebinding Vulnerability in SafeCurl before 0.9.2 Denial of Service Vulnerability in Mbed TLS: Unbounded Calculations in mbedtls_mpi_exp_mod Missing Zeroization of Plaintext Buffers in Mbed TLS SSL Read Function Mbed TLS X.509 Certificate Name Verification Vulnerability Vulnerability: Null Algorithm Parameters Bypass in Mbed TLS Out of Bound Write Vulnerability in DSP Driver Code in MSM8909W Arbitrary Code Execution via File Upload in Portable Ltd Playable v9.18 Cross-Site Scripting (XSS) Vulnerability in Swift File Transfer Mobile v1.1.2 and Below Directory Traversal Vulnerability in Sky File v2.1.0 FTP Server Cross-Site Scripting (XSS) Vulnerability in Dropouts Technologies LLP Air Share v1.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2 file_manage_view.php Component Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2 Component tags_main.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2 via select_media.php Component Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2 via media_main.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2 via mychannel_edit.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2's file_manage_view.php Component Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2 sys_admin_user_edit.php Component Multiple Cross-Site Scripting (XSS) Vulnerabilities in DedeCMS v7.5 SP2 via makehtml_homepage.php Cross-Site Scripting (XSS) Vulnerability in Macrob7 Macs Framework Content Management System - 1.14f Account Reset Function Cross-Site Scripting (XSS) Vulnerability in TAO Open Source Assessment Platform v3.3.0 RC02 Rubric Block (Add) Module Cross-Site Scripting (XSS) Vulnerabilities in SugarCRM v6.5.18 Support Module Cross-Site Scripting (XSS) Vulnerability in Swift File Transfer Mobile v1.1.2 via devicename Parameter CSV Injection Vulnerability in Connections Business Directory WordPress Plugin CSRF Vulnerability in WP-Pro-Quiz WordPress Plugin Allows Arbitrary Quiz Deletion Unauthenticated Attackers Can Delete All Comments in WordPress Blog via Delete All Comments Easily Plugin Active Command Timeout Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IoT, Snapdragon Industrial IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS605, QM215, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130 Reflected Cross-Site Scripting in 15Zine WordPress Theme Uninitialized Memory Read Vulnerability in Bite Crate Uninitialized Memory Read Vulnerability in buffoon crate's InputStream::read_exact Uninitialized Memory Read Vulnerability in acc_reader Crate Uninitialized Memory Read Vulnerability in acc_reader Crate Mixed IPID Assignment Vulnerability DNS Resolver Information Leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 Java StackOverflow and Denial of Service Vulnerability in Jackson-databind Mimecast Email Security Address Rewrite Feature Misuse Vulnerability Buffer Over-read Vulnerability in Windows x86 WLAN Driver Function Improper Input Validation in TIFF File Processing Leading to Denial-of-Service and Memory Disclosure Cross-Site Scripting Vulnerability in PlantUML 6.43's Database Information Macro Refined Toolkit UI-Image/UI-Button Component Cross Site Scripting Vulnerability Remote Cross-Site Scripting Vulnerability in Linking's New Windows Macro Cross-Site Scripting (XSS) Vulnerability in Countdown Timer's Macro Handler Component Cross-Site Scripting (XSS) Vulnerability in Server Status Component Critical Broken Access Control Vulnerability in Platinum Mobile 1.0.4.850 Critical Privilege Escalation Vulnerability in SevOne Network Management System (up to 5.7.2.22) via Traceroute Handler Buffer Over-read Vulnerability in Windows WLAN Driver Function in Snapdragon Compute, Snapdragon Connectivity, and Various Snapdragon Chipsets Critical SQL Injection Vulnerability in SevOne Network Management System (up to 5.7.2.22) Allows Remote Attackers to Manipulate Alert Summary Critical Privilege Escalation Vulnerability in SevOne Network Management System up to 5.7.2.22 Critical Information Disclosure Vulnerability in Klapp App's Authorization Component Remote Code Execution Vulnerability in Klapp App's JSON Web Token Handler Cross-Site Request Forgery (CSRF) Vulnerability in easyii CMS Critical SQL Injection Vulnerability in MINMAX's /newsDia.php Critical SQL Injection Vulnerability in Brandbugle's main.php Critical SQL Injection Vulnerability in Everywhere CMS Critical SQL Injection Vulnerability in Eatan CMS Allows Remote Attack Critical SQL Injection Vulnerability in Lógico y Creativo 1.0 Buffer Overflow Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Critical SQL Injection Vulnerability in Neetai Tech's /product.php Critical SQL Injection Vulnerability in Demokratian Critical Privilege Escalation Vulnerability in Demokratian's install/install3.php Critical SQL Injection Vulnerability in SialWeb CMS via /about.php Cross-Site Scripting (XSS) Vulnerability in SialWeb CMS Search Handler Component Critical Vulnerability: Hard-coded Credentials in GE Voluson S8 Service Browser Improper Authentication and Elevated Access Vulnerability in GE Voluson S8 Service Browser Critical Vulnerability in GE Voluson S8: Windows XP Operating System Exposes Excessive Attack Surface XSS Vulnerability in Multi Restaurant Table Reservation System 1.0 XSS Vulnerability in Multi Restaurant Table Reservation System 1.0 XSS Vulnerability in Multi Restaurant Table Reservation System 1.0 XSS Vulnerability in Multi Restaurant Table Reservation System 1.0 Race Condition Vulnerability in Linux Kernel: Use-After-Free via VT_DISALLOCATE ioctl Race Condition Vulnerability in Linux Kernel VT_RESIZEX Leading to NULL Pointer Dereference and General Protection Fault Directory Traversal Vulnerability in HTTPEngine.Handle Allows Unauthorized File Access Vulnerability: Out of Bound Access in MHI Command Process Path Traversal Vulnerability Path Traversal Vulnerability Unchecked Type Assertions: A Potential Denial of Service Vector Vulnerability: SHA-1 Collision Attack in XML Digital Signatures Malformed Expected Token Bypass Vulnerability Directory Traversal Vulnerability in Windows Static File Handler Path Traversal Vulnerability Arbitrary Log Injection Vulnerability in gin-gonic/gin before v1.6.0 Remote Code Execution via Unsanitized Input in GitHub Revel Query Parser Global Authentication Bypass Vulnerability in nanobox-io/golang-nanoauth Remote Code Execution Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, Wired Infrastructure and Networking Possible Null-Pointer Dereference Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Unescaped message_key value in OmniAuth before 1.9.2 (and before 2.0) Possible Null-Pointer Dereference Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Multiple Qualcomm Chipsets Critical Out-of-Bounds Write Vulnerability in Power Consumption Module Kernel Modules Out-of-Bounds Write Vulnerability Leading to Panic Reboot Headset Products Vulnerable to Out-of-Bounds Read and Write Exploit Local Privilege Escalation in Genshin Impact's mhyprot2.sys Driver Prototype Poisoning Vulnerability in Hoek before 8.5.1 and 9.x before 9.0.3 Incorrect Default Permissions Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, and Hitachi Ops Center Viewpoint on Linux Arbitrary Code Execution via lang Attribute in FeehiCMS 2.0.8 Cross-Site Scripting (XSS) Vulnerability in Tribal Systems Zenario CMS Cross-Site Scripting (XSS) Vulnerability in annyshow DuxCMS 2.1 Buffer Overflow Vulnerability in Snapdragon Processors Cross-Site Request Forgery Vulnerability in annyshow DuxCMS 2.1 (VDB-215116) Hitachi Tuning Manager on Linux Incorrect Default Permissions Vulnerability Improper Bounds Checking in Font Processing Allows Arbitrary Code Execution Uninitialized Pointer Vulnerability in ewxrjk sftpserver Critical Prototype Pollution Vulnerability in Furqan node-whois (VDB-216252) Critical Format String Vulnerability in multimon-ng's add_ch function (CVE-2021-216269) Buffer Overflow Vulnerability in Parsing eac3 Header in Snapdragon Platforms Resource Consumption Vulnerability in Brondahl EnumStringValues up to 4.0.0 (VDB-216466) Cross Site Scripting (XSS) Vulnerability in chedabob whatismyudid Cross-Site Request Forgery Vulnerability in Sah-Comp Bienlein (VDB-216473) Cross-Site Request Forgery Vulnerability in Pengu's runApp Function (VDB-216475) Critical Remote Code Execution Vulnerability in ahorner text-helpers up to 1.0.x Cross-Site Request Forgery Vulnerability in destiny.gg Chat Critical SQL Injection Vulnerability in Modern Tribe Panel Builder Plugin (CVE-2021-216738) Open Redirect Vulnerability in Macaron i18n (CVE-2021-216745) Critical Path Traversal Vulnerability in Calsign APDE ZIP File Handler (CVE-2021-216747) Critical Path Traversal Vulnerability in SimbCo httpster (VDB-216748) Buffer Over-Write Vulnerability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Critical SQL Injection Vulnerability in FreePBX cdr 14.0 (VDB-216771) Critical SQL Injection Vulnerability in barronwaffles dwc_network_server_emulator Critical Prototype Pollution Vulnerability in hughsk/flat up to 5.0.0 (CVE-2021-216777) Cross-Site Request Forgery Vulnerability in Moodle-Block_Sitenews 1.0 Cross-Site Scripting (XSS) Vulnerability in Indeed Engineering util up to 1.0.33 (CVE-2021-216882) Cross-Site Scripting Vulnerability in OpenMRS Appointment Scheduling Module (CVE-2021-216915) Cross-Site Scripting (XSS) Vulnerability in OpenMRS Admin UI Module up to 1.4.x Cross-Site Scripting (XSS) Vulnerability in Chris92de AdminServ (Unsupported) Cross-Site Scripting (XSS) Vulnerability in Chris92de AdminServ Critical Path Traversal Vulnerability in AlliedModders AMX Mod X on Windows (VDB-217354) Invalid Read Access Vulnerability in Snapdragon Platforms XML External Entity (XXE) Reference Vulnerability in bonitasoft bonita-connector-webservice up to 1.3.0 XML External Entity (XXE) Reference Vulnerability in gturri aXMLRPC up to 1.12.0 (VDB-217450) Critical Command Injection Vulnerability in trampgeek jobe up to 1.6.x (VDB-217553) Cross-Site Scripting (XSS) Vulnerability in jamesmartin Inline SVG up to 1.7.1 Critical SQL Injection Vulnerability in Square Squalor (VDB-217623) Unchecked Return Value to Null Pointer Dereference in MediaArea ZenLib up to 0.4.38 (VDB-217629) Critical Path Traversal Vulnerability in YunoHost-Apps transmission_ynh (VDB-217638) Critical SQL Injection Vulnerability in pouetnet pouet 2.0 (VDB-217641) Regular Expression Complexity Vulnerability in mholt PapaParse up to 5.1.x (VDB-218004) Firmware Command Processing Buffer Overflow Vulnerability Critical Command Injection Vulnerability in IonicaBizau node-gry up to 5.x (VDB-218019) Critical Path Traversal Vulnerability in youngerheart nodeserver (VDB-218461) Incorrect Default Permissions Vulnerability in Hitachi Software Components Cross-Site Scripting (XSS) Vulnerability in GENI Portal Cross Site Scripting (XSS) Vulnerability in GENI Portal's no_invocation_id_error Function Arbitrary Code Execution via Yii2 Gii Generator.php MessageCategory Field Stored XSS Vulnerability in Spectra WordPress Plugin Privilege Escalation via Hard Link Vulnerability in uptimed before 0.4.6-r1 on Gentoo Lack of X.509 Certificate Validation in Apache::Session::LDAP Lack of X.509 Certificate Validation in Apache::Session::Browseable Out of Bounds Memory Access Vulnerability in Snapdragon Auto, Compute, Connectivity, Consumer Electronics, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Infrastructure and Networking Information Disclosure Vulnerability in paxswill EVE Ship Replacement Program 0.12.11 Inefficient Regular Expression Complexity in Kong lua-multipart 0.5.8-1 (VDB-220642) Artesãos SEOTools Open Redirect Vulnerability Artesãos SEOTools up to 0.17.1 - Open Redirect Vulnerability Artesãos SEOTools up to 0.17.1 - Critical Open Redirect Vulnerability Vulnerability: Unsecured AJAX Calls in Multiple WordPress Plugins Unauthorized Back-up Location Changes in JetBackup – WP Backup, Migrate & Restore Plugin for WordPress (Versions up to 1.4.1) Sensitive Information Disclosure in JetBackup – WP Backup, Migrate & Restore Plugin for WordPress Cross-Site Request Forgery (CSRF) Vulnerability in JetBackup – WP Backup, Migrate & Restore Plugin for WordPress (Versions up to 1.3.9) Buffer Overflow in mic calculation for WPA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCS404, QCS405, QCS605, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130 NEX-Forms Plugin for WordPress: Unauthorized Data Disclosure and Modification Vulnerability Buffer overflow vulnerability in PMF enabled MCBC frame parsing in multiple Snapdragon platforms Buffer Overflow Vulnerability in WLAN TCP/IP Verification in Snapdragon Chips Denial of Service Vulnerability in Linux Kernel's Netlink Policy Handling Reflected XSS via POST Vulnerability in Sophos Web Appliance Report Scheduler Use-After-Free Vulnerability in Linux Kernel's Netfilter Module Incorrect Default Permissions Vulnerability in Hitachi Device Manager and Other Linux Components Authorization Bypass Vulnerability in Product Input Fields for WooCommerce Plugin Authorization Bypass Vulnerability in WP GDPR Plugin for WordPress Vulnerability: Unauthorized User Interaction in CleanTalk WordPress Plugin (Versions up to 2.50) Authorization Bypass Vulnerability in Quick Page/Post Redirect Plugin for WordPress Out of Bounds Read Vulnerability in Snapdragon Platforms Authorization Bypass Vulnerability in KingComposer WordPress Plugin (Versions up to 2.9.3) Arbitrary File Upload Vulnerability in KingComposer WordPress Plugin (up to v2.9.3) Authenticated Settings Change Vulnerability in Ultimate Addons for Gutenberg Plugin Stored Cross-Site Scripting Vulnerability in Elementor Website Builder Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Fruitful Theme for WordPress Arbitrary File Upload Vulnerability in Adning Advertising Plugin for WordPress Arbitrary File Upload Vulnerability in Simple:Press WordPress Forum Plugin Cross-Site Request Forgery Vulnerability in Coming Soon & Maintenance Mode Page Plugin for WordPress (Versions up to 1.57) Function Injection Vulnerability in Multiple WordPress Themes Stored Cross-Site Scripting Vulnerability in KingComposer WordPress Plugin (Versions < 2.9.4) Dangling Pointer Vulnerability in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Vulnerability: Login Page Disclosure in WPS Hide Login Plugin for WordPress Stored Cross-Site Scripting Vulnerability in Avada WordPress Theme (up to version 6.2.3) Unauthenticated Arbitrary Post Deletion in Kali Forms WordPress Plugin (Versions up to 2.1.1) Authentication Bypass Vulnerability in MStore API Plugin for WordPress (Versions up to 2.1.5) Authorization Bypass Vulnerability in Brizy WordPress Plugin (Versions up to 1.0.125) Authorization Bypass Vulnerability in Login/Signup Popup Plugin for WordPress Authorization Bypass Vulnerability in WP Activity Log Plugin Cross-Site Request Forgery Vulnerability in Kali Forms WordPress Plugin (up to 2.1.1) Vulnerability: PHP Object Injection in GDPR CCPA Compliance Support Plugin for WordPress Arbitrary Plugin Manipulation Vulnerability in ListingPro WordPress Theme Authenticated Options Change Vulnerability in Kali Forms WordPress Plugin (up to version 2.1.1) Arbitrary Plugin Activation/Deactivation Vulnerability in Brilliance, Activello, and Newspaper X WordPress Themes Visual Composer Plugin for WordPress: Cross-Site Scripting Vulnerability in Versions up to 26.0 Sensitive Data Exposure in ListingPro WordPress Theme Authentication Bypass Vulnerability in Wordable Plugin for WordPress (up to 3.1.1) Options Change Vulnerability in TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro Plugins PHP Object Injection Vulnerability in Ultimate Reviews Plugin for WordPress Insecure Deserialization Vulnerability in Newsletter Manager Plugin for WordPress Adning Advertising Plugin for WordPress: Path Traversal File Deletion Vulnerability Authorization Bypass Vulnerability in 2J-SlideShow Plugin for WordPress Buffer Overflow Vulnerability in Snapdragon Processors Authorization Bypass Vulnerability in CMP for WordPress Unauthenticated Arbitrary Plugin Settings Update and Stored Cross-Site Scripting Vulnerabilities in Flexible Checkout Fields for WooCommerce Plugin Insecure Random Number Generation in crypto-js Package for Node.js Cross-Site Request Forgery (CSRF) Vulnerability in WP ERP Plugin Cross-Site Request Forgery (CSRF) Vulnerability in WooCommerce Checkout & Funnel Builder Plugin Cross-Site Request Forgery Vulnerability in Import / Export Customizer Settings Plugin for WordPress Cross-Site Request Forgery Vulnerability in Cool Timeline WordPress Plugin Cross-Site Request Forgery Vulnerability in Feed Them Social WordPress Plugin (Versions up to 2.8.6) Improper Data Transfer Vulnerability in Snapdragon Platforms Cross-Site Request Forgery Vulnerability in Radio Buttons for Taxonomies WordPress Plugin (up to 2.0.5) Cross-Site Request Forgery Vulnerability in MultiVendorX WordPress Plugin (up to 3.5.7) Cross-Site Request Forgery Vulnerability in Custom Field Template Plugin for WordPress Cross-Site Request Forgery Vulnerability in Product Catalog Simple Plugin for WordPress Cross-Site Request Forgery (CSRF) vulnerability in NotificationX WordPress Plugin (up to version 1.8.2) Cross-Site Request Forgery (CSRF) Vulnerability in WP Project Manager Plugin Cross-Site Request Forgery Vulnerability in Menu Swapper WordPress Plugin (Versions up to 1.1.0.2) Cross-Site Request Forgery Vulnerability in Lightweight Sidebar Manager Plugin for WordPress Cross-Site Request Forgery Vulnerability in Dokan Plugin for WordPress (up to 3.0.8) Cross-Site Request Forgery Vulnerability in Easy Testimonials WordPress Plugin (up to 3.6.1) Integer Underflow Vulnerability in NDPE Attribute Parsing in Snapdragon Platforms Cross-Site Request Forgery Vulnerability in EWWW Image Optimizer Plugin for WordPress Cross-Site Request Forgery Vulnerability in Coupon Creator Plugin for WordPress Cross-Site Request Forgery Vulnerability in Coming Soon & Maintenance Mode Page Plugin for WordPress Hueman WordPress Theme Cross-Site Request Forgery Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Paid Memberships Pro Plugin for WordPress Cross-Site Request Forgery Vulnerability in Customizr WordPress Theme (up to 4.3.0) Cross-Site Request Forgery Vulnerability in 10WebAnalytics WordPress Plugin Cross-Site Request Forgery Vulnerability in WP Hotel Booking Plugin Cross-Site Request Forgery Vulnerability in Feedzy WordPress Plugin (up to 3.4.2) Cross-Site Request Forgery Vulnerability in Woody Code Snippets Plugin for WordPress Memory Corruption Vulnerability in Perfservice: Improper Validation in Snapdragon Platforms Ocean Extra Plugin for WordPress Cross-Site Request Forgery Vulnerability Cross-Site Request Forgery Vulnerability in Top 10 WordPress Plugin Critical OS Command Injection Vulnerability in ONS Digital RAS Collection Instrument (CVE-2021-234248) Arbitrary Code Execution via Cross Site Scripting (XSS) in DuxCMS 2.1 Kernel Memory Leak in Linux CEC API Shell Metacharacter Injection in tinyfiledialogs Critical SQL Injection Vulnerability in rl-institut NESP2 Initial Release/1.0 (VDB-246642) Stored Cross-Site Scripting Vulnerability in Widget Settings Importer/Exporter Plugin for WordPress Privilege Escalation Vulnerability in Slurm Ebuild's pkg_postinst Function CageFS 7.1.1-1 or below Vulnerability: Authentication Token Exposure and Code Execution Insufficient File Path Restriction in CloudLinux CageFS 7.0.8-2 or Below Out-of-Bounds Write and Use-After-Free Vulnerability in Artifex Ghostscript Denial of Service Vulnerability in GNOME Glade's GladeGtkBox Widget Rebuilding CVE-2020-36775 CVE-2020-36776 CVE-2020-36777 CVE-2020-36778 CVE-2020-36779 Buffer Overflow Vulnerability in Snapdragon Platforms CVE-2020-36780 CVE-2020-36781 CVE-2020-36782 CVE-2020-36783 CVE-2020-36784 CVE-2020-36785 CVE-2020-36786 CVE-2020-36787 Address Space Layout Randomization Bypass Vulnerability in Snapdragon Platforms Race Condition Vulnerability in Snapdragon Platforms Remote Code Execution Vulnerability in HPAV2 Systems via Forged Authenticated and Encrypted Payloads CVE-2020-36825 CVE-2020-36826 CVE-2020-36827 Access Permission Policy Validation Vulnerability in Snapdragon Platforms Memory Corruption and Denial of Service Vulnerability in Multiple Snapdragon Platforms Memory Out of Bounds Vulnerability in Snapdragon Platforms during Music Playback Arbitrary Read Vulnerability in Windows Admin Services Buffer overflow vulnerability in Snapdragon processors when parsing corrupted sample atoms in mp4 clips Modem Crypto Engine Vulnerability in Snapdragon Platforms Integer Underflow Vulnerability in Snapdragon Platforms: Potential Out-of-Bound Memory Access in Audio Processing Buffer Overflow Vulnerability in Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile Processors Out of Range Pointer Vulnerability in Snapdragon Platforms Out of Range Pointer Vulnerability in Snapdragon Platforms Use After Free Vulnerability in IPCRTR Allows Unauthorized Access in Multiple Snapdragon Platforms Out-of-Bound Write Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Improper Length Check Vulnerability in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables in Multiple Qualcomm Chipsets Out of Bounds Read Vulnerability in Snapdragon Wi-Fi Driver Use After Free Vulnerability in Snapdragon Mobile (SM8250) Camx Driver Error Notification Processing Critical Wi-Fi Encryption Vulnerability in Multiple Snapdragon Devices Buffer Over-read Vulnerability in Bluetooth Peripheral Firmware in Snapdragon Auto, Compute, Connectivity, Consumer Electronics, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music Vulnerability: Deadlock State in Peripheral System due to Invalid Connection Request PDU Memory Corruption Vulnerability in Adobe Illustrator CC Versions 24.0 and Earlier: Risk of Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator CC Versions 24.0 and Earlier: Risk of Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator CC Versions 24.0 and Earlier: Risk of Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator CC Versions 24.0 and Earlier: Risk of Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator CC Versions 24.0 and Earlier: Risk of Arbitrary Code Execution Stored Cross-Site Scripting Vulnerability in Magento Versions 2.3.3 and Earlier, 2.2.10 and Earlier, 1.14.4.3 and Earlier, and 1.9.4.3 and Earlier Deserialization of Untrusted Data Vulnerability in Magento Versions 2.3.3 and Earlier Path Traversal Vulnerability in Magento Versions 2.3.3 and Earlier, 2.2.10 and Earlier, 1.14.4.3 and Earlier, and 1.9.4.3 and Earlier Arbitrary Code Execution Vulnerability in Magento Versions 2.3.3 and Earlier, 2.2.10 and Earlier, 1.14.4.3 and Earlier, and 1.9.4.3 and Earlier SQL Injection Vulnerability in Magento Versions 2.3.3 and Earlier, 2.2.10 and Earlier, 1.14.4.3 and Earlier, and 1.9.4.3 and Earlier Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Heap Overflow Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Buffer Overflow Vulnerability in Adobe Framemaker 2019.0.4 and Below Heap Overflow Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.4 and Below Memory Corruption Vulnerability in Adobe Framemaker 2019.0.4 and Below Memory Corruption Vulnerability in Adobe Framemaker 2019.0.4 and Below Uncontrolled Resource Consumption Vulnerability in Adobe Experience Manager Versions 6.5 and 6.4 Heap Overflow Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Use After Free Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Stack Exhaustion Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Stack Exhaustion Vulnerability in Adobe Acrobat and Reader Type Confusion Vulnerability in Adobe Flash Player Stored Cross-Site Scripting Vulnerability in Magento Versions 2.3.3 and Earlier, 2.2.10 and Earlier, 1.14.4.3 and Earlier, and 1.9.4.3 and Earlier Buffer Errors Vulnerability in Adobe Digital Editions 4.5.10 and Below: Risk of Information Disclosure Command Injection Vulnerability in Adobe Digital Editions 4.5.10 and Below: Arbitrary Code Execution Remote File Read Vulnerability in ColdFusion 2016 and ColdFusion 2018 Privilege Escalation Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20061 and Earlier Privilege Escalation Vulnerability in Adobe Acrobat and Reader Versions 2019.021.20061 and Earlier Out-of-Bounds Write Vulnerability in Adobe Media Encoder (Versions 14.0 and Earlier) Out-of-Bounds Write Vulnerability in Adobe After Effects: Arbitrary Code Execution Insecure File Permissions Vulnerability in Adobe Genuine Integrity Service Versions 6.4 and Earlier Insufficient Input Validation Vulnerability in ColdFusion 2016 and ColdFusion 2018 DLL Search-Order Hijacking Vulnerability in ColdFusion 2016 and 2018: Privilege Escalation Risk Adobe Experience Manager 6.5 and Earlier: Server-Side Request Forgery (SSRF) Vulnerability Buffer Errors Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Out-of-Bounds Read Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Buffer Errors Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Out-of-Bounds Write Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Buffer Errors Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Buffer Errors Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Buffer Errors Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Out-of-Bounds Read Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Out-of-Bounds Read Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Out-of-Bounds Write Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Buffer Errors Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Out-of-Bounds Read Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Out-of-Bounds Read Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Heap Corruption Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Memory Corruption Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Memory Corruption Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Memory Corruption Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Memory Corruption Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Memory Corruption Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Memory Corruption Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Memory Corruption Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Out-of-Bounds Read Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020 Use-After-Free Vulnerability in Adobe Acrobat and Reader Use-After-Free Vulnerability in Adobe Acrobat and Reader Arbitrary Code Execution via File Inclusion in ColdFusion 2016 and ColdFusion 2018 Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Improper Access Control Vulnerability in ColdFusion 2016 and 2018: System File Structure Disclosure Memory Corruption Vulnerability in Adobe Acrobat and Reader Adobe Digital Editions File Enumeration Vulnerability Stack-Based Buffer Overflow Vulnerability in Adobe Acrobat and Reader Memory Address Leak Vulnerability in Adobe Acrobat and Reader Use-After-Free Vulnerability in Adobe Acrobat and Reader Use-After-Free Vulnerability in Adobe Acrobat and Reader Insecure Library Loading (DLL Hijacking) Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use-After-Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Buffer Overflow Vulnerability in Adobe Acrobat and Reader Time-of-Check to Time-of-Use (TOCTOU) Race Condition Vulnerability in Creative Cloud Desktop Application Versions 5.0 and Earlier Out-of-Bounds Read Vulnerability in Adobe After Effects (Versions 17.0.1 and Earlier) Denial of Service Vulnerability in APT's ar/tar Implementations Mail-Address Verification Bypass Vulnerability in qmail-verify Privilege Escalation Vulnerability in qmail-verify Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in Image Processing JPEG File Memory Corruption Vulnerability in macOS Catalina 10.15.3 Lock Screen Contact Access Vulnerability Elevated Privileges Vulnerability Patched in iOS 13.3.1 and Other Apple Operating Systems Symlink Validation Vulnerability in macOS Catalina 10.15.3 Race Condition Vulnerability in iOS 13.3.1 and iPadOS 13.3.1 Allows Arbitrary Code Execution with Kernel Privileges Address Bar Spoofing Vulnerability Fixed in Safari 13.0.5 WatchOS 6.1.2 Patch: Memory Corruption Vulnerability Allows Arbitrary Code Execution Symlink Validation Vulnerability in macOS Catalina 10.15.3 Kernel Memory Layout Disclosure Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Arbitrary Code Execution Vulnerability with System Privileges Improved Input Sanitization in macOS Catalina 10.15.3 Fixes Memory Reading Vulnerability Off by one vulnerability in racoon configuration file handling leading to arbitrary code execution Unencrypted Password Transmission Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Memory Corruption Vulnerability in iOS 12.4.7 and watchOS 5.3.7 Vulnerability: State Alteration by Removed Users in iMessage Conversation Memory Corruption Vulnerability in macOS Catalina 10.15.3 Allows Arbitrary Code Execution Buffer Overflow Vulnerability Patched in Multiple Apple Operating Systems and Applications Improper Input Validation Leads to Memory Leak in macOS Catalina 10.15.3 Memory Corruption Vulnerability in macOS Catalina 10.15.3 Allows Remote Code Execution Memory Corruption Vulnerability in macOS Catalina 10.15.3 Allows Remote Code Execution Memory Corruption Vulnerability in macOS Catalina 10.15.3 Allows Remote Code Execution Elevated Privileges Vulnerability Patched in macOS Catalina and Mojave Security Updates URL Scheme Ignored in Multimedia Permission Determination Vulnerability Type Confusion Vulnerability Allows Arbitrary Code Execution with System Privileges Memory Corruption Vulnerability in macOS Catalina 10.15.3 Allows Arbitrary Code Execution Arbitrary File Overwrite Vulnerability in macOS Catalina 10.15.3 and Earlier Heap Corruption Vulnerability Fixed in Multiple Apple Operating Systems Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Arbitrary Code Execution Vulnerability in iOS and iPadOS 13.3.1 Inconsistent User Interface Allows Unauthorized Access to Contacts from Lock Screen Arbitrary Code Execution Vulnerability in iOS, iPadOS, and watchOS iTunes for Windows 12.10.4 Patch: Enhanced Permissions Logic to Prevent Unauthorized File System Access Improved Memory Handling to Prevent Denial of Service Vulnerability Memory Corruption Vulnerability in macOS Catalina 10.15.3 and Security Updates DOM Object Context Security Origin Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Gatekeeper Bypass Vulnerability in macOS Catalina 10.15.3 Universal Cross-Site Scripting Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Remote FaceTime User Camera Manipulation Vulnerability Arbitrary Code Execution Vulnerability in Image Processing Memory Corruption Vulnerability in macOS Catalina 10.15.3 Allows Arbitrary Code Execution with Kernel Privileges Memory Initialization Issue Allows Unauthorized Memory Access Improved Setting Propagation for Remote Content in Messages Vulnerability: Sensitive Message Content Exposed in Screenshots Memory Reading Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Improper Input Validation Leads to Remote Code Execution in macOS and watchOS Arbitrary Code Execution Vulnerability in Image Processing Arbitrary Code Execution Vulnerability in Apple Operating Systems Improved State Management Fixes Logic Issue Allowing Local User to View Sensitive User Information in macOS Catalina 10.15.4 Calendar Invitation Exfiltration Vulnerability Patched in macOS Catalina 10.15.5 Arbitrary Entitlements Vulnerability Patched in iOS 13.4 and macOS Catalina 10.15.4 Remote Code Execution Vulnerability in macOS Catalina 10.15.4 File URL Processing Logic Issue in iOS 13.4 and Other Apple Products Use After Free Vulnerability in macOS Catalina 10.15.4 and Security Updates 2020-002 Improper Origin Association Vulnerability Improved Restrictions for Logic Issue in iOS 13.4 and iPadOS 13.4: Preventing Interference with Web Contexts Improper File Access Vulnerability in macOS Catalina 10.15.4 Improved Deletion Addresses Autocompletion Vulnerability in iOS 13.4 and iPadOS 13.4 Vulnerability: Unauthorized Message Response on Locked iOS Devices Memory Corruption Vulnerability in macOS Catalina 10.15.4 Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in macOS Catalina 10.15.4 Allows Arbitrary Code Execution with Kernel Privileges Race Condition Vulnerability Patched in iOS 13.4 and Other Apple Products Memory Corruption Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud Vulnerability Patched: Arbitrary File Overwrite in macOS Catalina 10.15.4 and Security Updates Type Confusion Vulnerability in iOS 13.4 and Other Apple Products Elevated Privileges Vulnerability Patched in macOS Catalina 10.15.4 Memory Consumption Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud Memory Corruption Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud Type Confusion Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud Cross-Site Scripting Vulnerability Patched in iOS 13.4 and Other Apple Products Memory Corruption Vulnerability in macOS Catalina 10.15.4 Allows Arbitrary Code Execution Memory Corruption Vulnerabilities in macOS Catalina 10.15.4 Allow Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in macOS Catalina 10.15.4 Allows Arbitrary Code Execution with Kernel Privileges Code Signing Bypass Vulnerability in macOS Catalina 10.15.4 Improper Input Validation in macOS Catalina 10.15.4 Allows Local User to Read Kernel Memory Improper Input Validation in macOS Catalina 10.15.4 Allows Local User to Read Kernel Memory Buffer Overflow Vulnerability Patched in Multiple Apple Operating Systems and Applications Buffer Overflow Vulnerability Addressed with Improved Size Validation Buffer Overflow Vulnerability Patched in Multiple Apple Operating Systems and Applications Improper Input Validation in macOS Catalina 10.15.4 Allows Local User to Read Kernel Memory Privilege Escalation Vulnerability in Apple Operating Systems Memory Initialization Vulnerability Path Traversal Vulnerability in macOS Catalina 10.15.4 Allows Arbitrary File Overwrite Vulnerability: Unauthorized Photo Disclosure via Alternate App Icon Setting Privileged SSH Client Access Vulnerability Sandbox Restriction Bypass Vulnerability Memory Initialization Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Allows Arbitrary Code Execution Unauthorized Access to Privileged Account Management in UltraLog Express Device Management Interface Cleartext Storage Vulnerability in UltraLog Express Device Management Software LisoMail Vulnerability: Unauthenticated Database Access via SQL Injection Misconfigured Authentication Mechanism in TONNET's TAT-76 and TAT-77 DVR Firmware Insecure Patch File Verification in TONNET DVR Firmware Remote Code Execution Vulnerability in ServiSign Security Plugin Arbitrary File Access Vulnerability in ServiSign Security Plugin Arbitrary File Access Vulnerability in ServiSign Security Plugin Hardcoded Root Password Vulnerability in GeoVision Door Access Control Devices Shared Cryptographic Private Keys in GeoVision Door Access Control Devices: A Gateway for MITM Attacks and Plaintext Recovery Insecure Log Storage and Access Control in GeoVision Door Access Control Devices Remote Code Execution Vulnerability in Geovision Door Access Control Devices Unpatched SNMP Vulnerability in Draytek VigorAP910C Allows Information Leakage User Account Enumeration and Examination Vulnerability in TAIWAN SECOM CO., LTD. Door Access Control and Personnel Attendance Management System Pre-Auth SQL Injection Vulnerability in TAIWAN SECOM CO., LTD. Door Access Control and Personnel Attendance Management System Clear-text Storage of Passwords in Cookie: A Critical Vulnerability in TAIWAN SECOM CO., LTD.'s Door Access Control and Personnel Attendance Management System SQL Injection Vulnerability in UltraLog Express Device Management Interface SQL Injection Vulnerability in SysJust Syuan-Gu-Da-Shih (versions before 20191223) Enables Unauthorized Database Access and File Retrieval SysJust Syuan-Gu-Da-Shih Vulnerability: Request Forgery Allows Unauthorized Server Inquiries Cross-Site Scripting (XSS) Vulnerability in SysJust Syuan-Gu-Da-Shih Secure Your Data: VMware Workspace ONE SDK and Mobile App Patch Vulnerability Race Condition Privilege Escalation Vulnerability in VMware Tools for Windows 10.x.y Unauthenticated Remote Code Execution in vRealize Operations for Horizon Adapter Authentication Bypass in vRealize Operations for Horizon Adapter Information Disclosure Vulnerability in vRealize Operations for Horizon Adapter Billion Laughs Attack Vulnerability in InstallBuilder AutoUpdate Tool and Regular Installers Use-after vulnerability in vmnetdhcp in VMware Workstation and Fusion Local Privilege Escalation Vulnerability in Cortado Thinprint on Linux Guest VMs Privilege Escalation Vulnerability in VMware Fusion, VMRC, and Horizon Client for Mac Denial-of-Service Vulnerability in VMware Workstation and Horizon Client Inadequate Access Controls in VMware vCenter Server's vmdir Improper Input Validation in VMware vRealize Log Insight prior to 8.1.0 Allows Cross Site Scripting (XSS) Attacks Open Redirect Vulnerability in VMware vRealize Log Insight (CVE-2021-21975) HTML Script Injection Vulnerability in ESXi 6.5 and 6.7 Arbitrary Remote Code Execution in VMware Cloud Director Local Privilege Escalation Vulnerability in VMware Fusion, VMRC, and Horizon Client for Mac Denial-of-Service Vulnerability in VMware ESXi, Workstation, and Fusion Memory Leak Vulnerability in VMware VMCI Module Out-of-Bounds Read Vulnerability in VMware NVMe Functionality Privilege Escalation Vulnerability in VMware Horizon Client for Windows Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion Use-After-Free Vulnerability in PVNVRAM Allows Privileged Information Leakage Information Leak in VMware ESXi, Workstation, and Fusion USB Controller Information Leak in XHCI USB Controller in VMware ESXi, Workstation, and Fusion Heap-Overflow Vulnerability in VMware ESXi, Workstation, and Fusion Heap-Overflow Vulnerability in VMware ESXi, Workstation, and Fusion USB 2.0 Controller (EHCI) Out-of-Bounds Write Vulnerability in VMware ESXi, Workstation, and Fusion Off-by-one Heap-Overflow Vulnerability in VMware SVGA Device Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion Shader Functionality Heap Overflow Vulnerability in VMware ESXi, Workstation, and Fusion Allows Privileged Information Leakage Denial-of-Service Vulnerability in VMware Tools for macOS (11.x.x and prior before 11.1.1) Blind SQL-Injection Vulnerability in VeloCloud Orchestrator Privilege Escalation Vulnerability in VMware Fusion, VMware Remote Console, and Horizon Client for Mac Stored Cross-Site Scripting (XSS) Vulnerability in VMware App Volumes Partial Denial of Service Vulnerability in VMware ESXi and vCenter Server Authentication Services Broken Authentication Vulnerability in VMware Horizon DaaS Allows Bypass of Two-Factor Authentication Predictable Location Vulnerability in InstallBuilder for Qt Windows Installers Privilege Escalation Vulnerability in VMware Fusion (11.x) Allows Execution of Malicious Code Out-of-Bounds Read Vulnerability in VMware ESXi, Workstation, and Fusion VMware ESXi, Workstation, and Fusion Out-of-Bounds Write Vulnerability SQL Injection Vulnerability in SD-WAN Orchestrator 3.3.2 and 3.4.x Arbitrary Authorization Level Vulnerability in SD-WAN Orchestrator Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Out-of-Bounds Read Vulnerability in VMware Workstation and Horizon Client for Windows Denial-of-Service Vulnerability in VMware Workstation and Horizon Client for Windows due to Out-of-Bounds Write in Cortado ThinPrint Component Integer Overflow Information Disclosure Vulnerability in VMware Workstation and Horizon Client for Windows Denial-of-Service Vulnerability in VMware Horizon Client for Windows Use-After-Free Vulnerability in OpenSLP Service Allows Remote Code Execution in VMware ESXi Vulnerability: Man-in-the-Middle Exploit in VMware NSX-T Session Hijack Vulnerability in VMware vCenter Server Appliance Management Interface Update Function Memory Leak Vulnerability in VMware Hypervisors Volume Identifier Information Leakage in Velero (prior to 1.4.3 and 1.5.2) Cross Site Scripting (XSS) Vulnerability in VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) Information Disclosure Vulnerability in VMware Horizon Client for Windows Denial of Service Vulnerability in VMware ESXi, Workstation, Fusion, and Cloud Foundation Directory Traversal Vulnerability in SD-WAN Orchestrator Default Passwords in SD-WAN Orchestrator: A Gateway to Pass-the-Hash Attack Arbitrary Code Execution Vulnerability in SD-WAN Orchestrator SQL Injection Vulnerability in VMware SD-WAN Orchestrator 3.3.2 - 4.0.1 Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion XHCI USB Controller Privilege Escalation Vulnerability in VMware ESXi (CVE-2020-4005) Command Injection Vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector Insecure File Handling Vulnerability in macOS Sensor Installer for VMware Carbon Black Cloud Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Review Objectives Improper Authorization Vulnerability in Atlassian Fisheye and Crucible Allows Unauthorized Removal of Repository Watching Settings Information Disclosure Vulnerability in Altassian Fisheye and Crucible Allows Remote User Email Address Viewing Information Disclosure Vulnerability in Atlassian Fisheye and Crucible Plugin Information Disclosure Vulnerability in Atlassian Fisheye and Crucible Plugin Cross-Site Request Forgery (CSRF) Vulnerability in Atlassian Fisheye and Crucible Setup Process Untrusted Search Path Vulnerability in Atlassian Companion App Allows for Arbitrary Code Execution Arbitrary .exe File Execution Vulnerability in Atlassian Companion App Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center XML Export View Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Fisheye and Crucible Cross-Site Scripting (XSS) vulnerability in Atlassian Jira Server and Data Center Cross-Site Scripting (XSS) Vulnerability in Atlassian Jira Server and Data Center Unauthorized Enumeration of Linked Applications in Atlassian Navigator Links Velocity Template Injection Vulnerability in Atlassian Confluence Server and Data Center Information Disclosure Vulnerability in Jira Versions before 8.9.1 Improper Authorization Vulnerability in Atlassian Jira Server and Data Center Out of Bounds Read and Integer Overflow Vulnerability in FreeRDP Use-after-free vulnerability in gdi_SelectObject in FreeRDP before version 2.1.2 Integer Casting Vulnerability in FreeRDP's update_recv_secondary_order Out of Bounds Read Vulnerability in FreeRDP WatermelonDB iOS Adapter SQL Injection Vulnerability Unvalidated Redirect Vulnerability in OAuth2 Proxy Severe XSS Reflection Attack Vulnerability in GraphQL Playground Directory Traversal Vulnerability in SUSI.AI Server Allows Unauthorized Access and Manipulation of Admin Config and Files CSRF Vulnerability in Bolt CMS Previews Stored XSS Vulnerability in Bolt CMS 3.7.0 and earlier versions Bareos Director Authentication Bypass Vulnerability Unserialization Vulnerability in phpMussel Versions 1.0.0 - 1.5.9 Buffer Overflow Vulnerability in xrdp-sesman Service Information Disclosure Vulnerability in SSB-DB Version 20.0.0 Unfiltered HTML Injection Vulnerability in WordPress Embed Block JavaScript Injection Vulnerability in WordPress Media File Attachment Pages Arbitrary External Link Open Redirect Vulnerability in WordPress Self-XSS vulnerability in WordPress theme upload allows for JavaScript execution in /wp-admin Arbitrary User Meta Field Injection in WordPress via Misuse of `set-screen-option` Filter Cross-Site Scripting Vulnerability in Dijit Editor's LinkDialog Plugin Stored Cross-Site Scripting through Template Injection in Wiki.js Path Traversal Vulnerability in Helm 3.0.0 - 3.2.3 Allows Unauthorized File Access Cross-Site Scripting Vulnerability in Sanitize (RubyGem sanitize) 3.0.0 - 5.2.0 Command Injection Vulnerability in mversion before 2.0.0 Use After Free Vulnerability in LoRa Basics Station Leads to Memory Corruption Froala Richeditor Self-XSS Vulnerability Critical Vulnerability in Conjur OSS Helm Chart Allows Unauthorized Access to Postgres Database Command Injection Vulnerability in Limdu's trainBatch Function (Fixed in 0.95) Information Leakage in coturn STUN/TURN Response Buffer Initialization Heap Buffer Overflow in APNSwift 1.0.0 Cross-Site Scripting (XSS) Vulnerability in CSS Validator (Commit 54d68a1) Timing Attack Vulnerability in django-basic-auth-ip-whitelist Vulnerability: Log Forgery in generator-jhipster-kotlin 1.6.0 Authentication Bypass and Command Execution Vulnerability in PrestaShop Versions 1.5.0.0 to 1.7.6.5 Arbitrary Local File Read Vulnerability in Electron Context Isolation Bypass in Electron Context Isolation Bypass in Electron Unrestricted Data Access in iTop's Excel Export Portal Functionality Stored Cross-Site Scripting (XSS) Vulnerability in HCL Verse v10 and v11 WSRP Consumer Cross-Site Scripting (XSS) Vulnerability in Digital Experience 8.5, 9.0, and 9.5 Cross-Site Scripting (XSS) Vulnerability in HCL Connections 5.5 Help System Information Leakage Vulnerability in HCL Connections 6.5 Cross-Site Scripting (XSS) Vulnerability in HCL Connections v5.5, v6.0, and v6.5 Stack Trace Information Leakage Vulnerability in HCL Connections Information Leakage Vulnerability in HCL Notes via 'mailto' Protocol Unencrypted Communication Vulnerability in HCL Nomad on Android and iOS Platforms Clear Text Credential Storage Vulnerability in BigFix Platform Buffer Overflow Vulnerability in HCL Notes Client Weak Digital Signature Key Length Vulnerability Dynamic Code Loading Vulnerability in HCL Verse for Android Unveiling the Server Side Request Forgery Vulnerability in HCL Digital Experience Buffer Overflow Vulnerability in HCL Notes DXL Input Validation Stored Cross-Site Scripting (XSS) Vulnerability in HCL BigFix WebUI's Apps->Software Module Insufficient Access Control in HCL Domino: Privilege Escalation, DoS, and Information Disclosure Vulnerability File Download Vulnerability in HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x Sensitive Cookie Exposure Vulnerability in HCL iNotes Title: HCL Domino Login CSRF Vulnerability Allows Unauthorized Access Lockout Policy Bypass Vulnerability in HCL Domino's ID Vault Service LDAP Service Lockout Policy Bypass Vulnerability in HCL Domino Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Local File Disclosure Vulnerability in IBM SiteProtector Appliance 3.1.1 Cross-Site Scripting (XSS) Vulnerability in IBM Security SiteProtector System 3.1.1 Missing 'HttpOnly' Flag in IBM Security SiteProtector System 3.1.1 Allows Remote Attackers to Obtain Sensitive Information Hard-coded Credentials in IBM SiteProtector Appliance 3.1.1 Improper Input Validation in IBM QRadar SIEM 7.3.0 - 7.3.3 Cleartext Transmission of Sensitive Data in IBM QRadar Network Security Cross-Site Scripting (XSS) Vulnerability in IBM QRadar Network Security 5.4.0 and 5.5.0 Hard-coded Credentials Vulnerability in IBM QRadar Network Security 5.4.0 and 5.5.0 Information Disclosure Vulnerability in IBM QRadar Network Security 5.4.0 and 5.5.0 Improper HTTP Strict Transport Security Configuration in IBM QRadar Network Security 5.4.0 and 5.5.0 Denial of Service Vulnerability in IBM DB2 11.5 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.5 and 11.7 Arbitrary File Execution Vulnerability in IBM WebSphere Application Server Sensitive Information Exposure in IBM Security Information Queue (ISIQ) 1.0.0-1.0.5 Remote Click Hijacking Vulnerability in IBM Security Guardium Insights 2.0.1 Remote Information Disclosure Vulnerability in IBM Security Guardium Insights 2.0.1 Improper Authentication in IBM Security Guardium Insights 2.0.1 Weak Cryptographic Algorithms in IBM Security Guardium Insights 2.0.1: A Potential Decryption Vulnerability Cross-Site Request Forgery Vulnerability in IBM Security Guardium Insights 2.0.1 Local File Disclosure Vulnerability in IBM Security Guardium Insights 2.0.1 Sensitive Information Disclosure in IBM Security Guardium Insights 2.0.1 via URL Parameters Insecure Cookie Handling in IBM Guardium Activity Insights 10.6 and 11.0 Weak Cryptographic Algorithms in IBM Security Guardium Insights 2.0.1: A Potential Decryption Vulnerability IBM Security Guardium Insights 2.0.1 HTTP Strict Transport Security Bypass Vulnerability Hard-coded Credentials Vulnerability in IBM Security Guardium 11.1 Remote Code Execution Vulnerability in IBM Security Guardium 11.1 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.1 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.1 Privilege Escalation Vulnerability in IBM Security Guardium 11.2 Weak Cryptographic Algorithms in IBM Security Guardium 10.5, 10.6, and 11.1: A Decryption Vulnerability Sensitive Information Disclosure on IBM Security Guardium Login Page Information Disclosure Vulnerability in IBM Security Guardium 11.1 Login Page Insufficient Randomness in IBM Security Guardium 10.6 and 11.1 IBM Security Guardium 11.2 Response Header Information Disclosure Vulnerability Hard-coded Credentials Vulnerability in IBM Security Guardium Weak Cryptographic Algorithms in IBM Security Guardium 11.1: A Potential Decryption Vulnerability Inadequate Account Lockout Setting in IBM Security Guardium 11.1 Allows Remote Brute Force Attacks Clickjacking Vulnerability in IBM API Connect V2018.4.1.0 through 2018.4.1.10 Cross-Site Scripting (XSS) Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Local File Disclosure Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Cross-Site Scripting (XSS) Vulnerability in IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 Cross-Site Request Forgery Vulnerability in IBM Tivoli Netcool/OMNIbus 8.1.0 Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows User Impersonation Vulnerability in IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 with Distributed Front End (DFE) Enabled Improper Access Controls in IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8: Disclosure of Highly Sensitive Information Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Authentication Bypass Vulnerability in IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 Arbitrary Command Execution Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Buffer Overflow Vulnerability in IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 Hard-coded Credentials Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Arbitrary File Creation Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Plus 10.1.0 and 10.1.5 Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Plus 10.1.0 and 10.1.5 Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Plus 10.1.0 and 10.1.5 Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Plus 10.1.0 and 10.1.5 Arbitrary Directory Deletion Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Hard-coded Credentials Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 IBM Spectrum Scale Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Plus 10.1.0 and 10.1.5 Cross-Site Scripting (XSS) Vulnerability in IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 Sensitive Information Disclosure in IBM StoredIQ 7.6.0.17-7.6.0.20 Information Disclosure via URL Parameters in IBM MobileFirst Platform Foundation 8.0.0.0 Session Cookie Invalidation Vulnerability in IBM Worklight/MobileFoundation 8.0.0.0 Privilege Escalation Vulnerability in IBM DB2 for Linux, UNIX and Windows Hazardous Input Validation Vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 User Enumeration Vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 Failure to Set Secure Flag for Session Cookie in IBM Security Identity Governance and Intelligence 5.2.6 Cross-Site Scripting Vulnerability in IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 Denial of Service Vulnerability in IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 Cross-Site Request Forgery Vulnerability in IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 Cross-Site Request Forgery Vulnerability in IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 Information Disclosure Vulnerability in IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 Directory Traversal Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Arbitrary Command Execution Vulnerability in IBM Spectrum Scale and IBM Spectrum Protect Plus Arbitrary Command Execution Vulnerability in IBM Spectrum Scale and IBM Spectrum Protect Plus Session Token Invalidation Vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance User Enumeration Vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 Weak Password Policy in IBM Security Identity Governance and Intelligence 5.2.6 XML External Entity Injection (XXE) Vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 Sensitive Information Disclosure in IBM Security Identity Governance and Intelligence 5.2.6 Unauthorized Disclosure of Sensitive Information in IBM Security Identity Governance and Intelligence 5.2.6 Cross-Site Scripting (XSS) Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.8 Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.2 - 6.0.61 Session Invalidation Vulnerability in IBM Content Navigator 3.0CD Weak Cryptographic Algorithms in IBM Security Guardium Big Data Intelligence 1.0 (SonarG) Vulnerability Arbitrary Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 IBM Sterling File Gateway Cookie Manipulation Vulnerability Sensitive Information Disclosure in IBM UrbanCode Deploy (UCD) 7.0.5 Arbitrary Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Memory Leak Vulnerability in IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD Cross-Site Scripting (XSS) Vulnerability in IBM QRadar 7.3.0 to 7.3.3 Patch 2 Hard-coded Credentials Vulnerability in IBM QRadar 7.3.0 to 7.3.3 Patch 2 Weak File Permissions Vulnerability in IBM QRadar 7.3.0 to 7.3.3 Patch 2 Privilege Escalation Vulnerability in IBM QRadar 7.3.0 to 7.3.3 Patch 2 Arbitrary File Inclusion Vulnerability in IBM QRadar 7.3.0 to 7.3.3 Patch 2 Privilege Escalation Vulnerability in IBM Spectrum Scale 4.2 and 5.0 Inadequate Permission Checks in IBM QRadar 7.3.0 to 7.3.3 Patch 2 Privilege Escalation Vulnerability in IBM WebSphere Application Server Sensitive Information Disclosure in IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 Privilege Escalation Vulnerability in IBM Platform LSF and Spectrum Suites Insecure Deserialization Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 Bypassing Illegal Character Restrictions in IBM Security Information Queue (ISIQ) 1.0.0-1.0.5 Hard-coded Credentials Vulnerability in IBM Security Information Queue (ISIQ) 1.0.0 - 1.0.4 Insufficient Timeout Functionality in IBM Security Information Queue (ISIQ) Web UI Remote Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Cross-Site Request Forgery Vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 Remote Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Remote Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Failure to Set HTTPOnly Flag in IBM Security Information Queue (ISIQ) 1.0.0-1.0.5 Allows Remote Information Disclosure Spoofing Vulnerability in IBM Security Information Queue (ISIQ) Insufficient Timeout Functionality in IBM Security Information Queue (ISIQ) Web UI Cross-Domain Policy File Disclosure Vulnerability in IBM Security Information Queue (ISIQ) IBM QRadar 7.3.0 to 7.3.3 Patch 2 Server Side Request Forgery (SSRF) Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 Cross-Site Scripting (XSS) Vulnerability in IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 Sensitive Information Exposure in IBM Sterling B2B Integrator Standard Edition XML External Entity Injection (XXE) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Cross-Site Request Forgery Vulnerability in IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 Arbitrary Code Execution via CSV Injection in IBM Cognos Analytics 11.0 and 11.1 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 Arbitrary Code Execution Vulnerability in IBM InfoSphere Information Server Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics Local 2.0.0 - 2.0.9 Vulnerability in IBM Security Guardium 11.1 Allows Network-based Access to Solr Dashboard and Enables Denial of Service Attack IBM Content Navigator 3.0CD Information Disclosure Vulnerability Denial of Service Vulnerability in IBM MQ and MQ Appliance (CVE-2020-4448) Arbitrary Code Execution Vulnerability in IBM Tivoli Monitoring 6.3.0 Information Disclosure Vulnerability in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 Insecure Cookie Handling in IBM Business Automation Content Analyzer on Cloud 1.0 Insecure Cookie Handling in IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 Cross-Site Scripting (XSS) Vulnerability in IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics Cross-Site Scripting Vulnerability in IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics Data Leak Vulnerability in IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop Inadequate Certificate Distinguished Name Validation in IBM MQ Appliance and IBM MQ AMQP Channels Remote Click Hijacking Vulnerability in IBM Security Secret Server 10.7 Cross-Site Scripting (XSS) Vulnerability in IBM Security Secret Server 10.7 Improper Input Validation in IBM Security Secret Server Prior to 10.9 Memory Leak in IBM Process Federation Server Global Teams REST API Sensitive Information Disclosure in IBM Security Secret Server 10.7 SQL Injection Vulnerability in IBM Financial Transaction Manager 3.2.4 Improper Parameter Checking Vulnerability in IBM WebSphere Application Server and Liberty Sensitive Information Disclosure in IBM WebSphere eXtreme Scale 8.6.1 via URL Parameters Phishing Vulnerability in IBM API Connect 2018.4.1.0 through 2018.4.1.12 Local Information Disclosure Vulnerability in IBM MQ 9.1.4 Improper Certificate Validation in IBM Security Secret Server Prior to 10.9 Sensitive Information Disclosure in IBM Security Secret Server 10.7 Information Disclosure Vulnerability in IBM Security Secret Server 10.7 Remote Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Local File Disclosure Vulnerability in IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 Local Privilege Escalation Vulnerability in IBM i 7.2, 7.3, and 7.4 Unsecured API in IBM API Connect Management Server Allows Unauthorized Access to Sensitive Information Privilege Escalation Vulnerability in IBM InfoSphere Information Server Missing Function Level Access Control in IBM Spectrum Scale GUI Weak Cryptographic Algorithms in IBM Spectrum Scale 5.0.0.0 through 5.0.4.4: A Critical Vulnerability Weak Cryptographic Algorithms in IBM Spectrum Scale 5.0.0.0 through 5.0.4.4: A Critical Vulnerability Privilege Escalation Vulnerability in IBM MQ on HPE NonStop 8.0.4 and 8.1.0 Physical Access Vulnerability in IBM MaaS360 6.82: Application Crash Exploit Cross-Site Scripting (XSS) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Sensitive Information Disclosure in IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 Cross-Site Scripting (XSS) Vulnerability in IBM Spectrum Scale Web UI Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics Local 2.0 Disclosure of Private IP Addresses in IBM Planning Analytics 2.0 HTTP Responses Vulnerability Privilege Escalation Vulnerability in IBM WebSphere Application Server Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Server-Side Request Forgery (SSRF) Vulnerability in IBM WebSphere Application Server 8.5 Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics Local 2.0 Weak Cryptographic Algorithms in IBM Planning Analytics Local 2.0: A Potential Decryption Vulnerability ClearText Storage of Highly Sensitive Information in IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 Sensitive Information Exposure in IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 Clear Text Storage of User Credentials in IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 Memory Leak Vulnerability in IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS Denial of Service Vulnerability in IBM MQ and IBM MQ Appliance XML External Entity Injection (XXE) Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Privileged User Unauthorized Actions Vulnerability in IBM Spectrum Scale Weak Cryptographic Algorithms in IBM Spectrum Scale 5.0.0.0 through 5.0.4.4: A Critical Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Workload Scheduler 9.3.0.4 Denial of Service Vulnerability in IBM Spectrum Scale for IBM Elastic Storage Server Denial of Service Vulnerability in IBM Spectrum Scale for IBM Elastic Storage Server Denial of Service Vulnerability in IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 Hard-coded Credentials Vulnerability in IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 Race Condition Vulnerability in IBM DB2 for Linux, UNIX and Windows Race Condition Vulnerability in IBM DB2 for Linux, UNIX and Windows Denial of Service Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Session Invalidation Vulnerability in IBM Security Access Manager Appliance 9.0.7 Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 179359) Sensitive Information Exposure in IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 Denial of Service Vulnerability in IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 Inadequate Account Lockout Setting in IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 World Readable Log File Vulnerability in IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 Remote Click Hijacking Vulnerability in IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management Inadequate Password Masking Vulnerability in IBM QRadar Advisor IBM Maximo Asset Management 7.6.0 and 7.6.1 Remote Tabnabbing Vulnerability Unauthorized Access to Attachments in IBM Jazz Foundation and IBM Engineering Products Denial of Service Vulnerability in Spectrum Scale File System Component Spectrum Scale File System Denial of Service Vulnerability Improper HTTP Strict Transport Security Configuration in IBM Security Secret Server 10.7 Improper Usage of Shared Memory Vulnerability in IBM DB2 Stack-based Buffer Overflow Vulnerability in IBM Spectrum Protect Server (CVE-2020-4428) Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows OpenIDConnect Identity Spoofing Vulnerability in IBM WebSphere Application Liberty Remote Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 SAML Authentication Bypass Vulnerability in IBM Data Risk Manager 2.0.x Arbitrary Command Execution Vulnerability in IBM Data Risk Manager 2.0.1-2.0.4 Default Password Vulnerability in IBM Data Risk Manager 2.0.x Directory Traversal Vulnerability in IBM Data Risk Manager 2.0.1-2.0.4 Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics Local 2.0 IBM Aspera Applications Command Injection Vulnerability Stack-based Buffer Overflow in IBM Aspera Applications: Remote Code Execution and Server Crash Vulnerability Buffer Overflow Vulnerability in IBM Aspera Applications: Execution of Arbitrary Code and DoS via HTTP Fallback Service Arbitrary Memory Corruption Vulnerability in IBM Aspera Applications Buffer Overflow Vulnerability in IBM Aspera Applications Allows Arbitrary Code Execution Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications Insufficient Authorization Checks in IBM Business Process Manager and IBM Business Automation Workflow Cross-Site Scripting (XSS) Vulnerability in IBM FileNet Content Manager 5.5.3 and 5.5.4 Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server Network Deployment Remote Information Disclosure Vulnerability in IBM WebSphere Application Server Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server 8.5 and 9.0 Traditional Weak Cryptographic Algorithms in IBM API Connect V2018.4.1.0 through 2018.4.1.11: High-Risk Information Decryption Vulnerability Hard-coded Credentials Vulnerability in IBM Security Verify Access 10.7 Vulnerability: Security Bypass via id_token Claims Manipulation in IBM Security Access Manager Appliance 9.0.7.1 XML External Entity Injection (XXE) Vulnerability in IBM Sterling External Authentication Server and IBM Sterling Secure Proxy XML External Entity Injection (XXE) Vulnerability in IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server Buffer Overflow Vulnerability in IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS Denial of Service Vulnerability in IBM MQ for HPE NonStop 8.0.4 and 8.1.0 Remote Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Remote Code Execution Vulnerability in IBM i2 Intelligent Analysis Platform 9.2.1 Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Arbitrary File Upload and Code Execution Vulnerability in IBM Spectrum Protect Plus Administrative Console Denial of Service and DNS Hijacking Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Sensitive Information Disclosure in IBM Sterling B2B Integrator Standard Edition Sensitive Information Disclosure in IBM Sterling File Gateway Plain Text Disclosure of Highly Sensitive Information in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 XML External Entity Injection (XXE) Vulnerability in IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 Bypassing Security via Unauthorized Status Addition in IBM UrbanCode Deploy Sensitive Information Disclosure in IBM UrbanCode Deploy (UCD) Information Disclosure Vulnerability in IBM UrbanCode Deploy (UCD) Vulnerability: Authenticated User Can Disable Wincollect Service in IBM QRadar 7.2.0-7.2.9 Arbitrary File Overwrite/Delete Vulnerability in IBM QRadar 7.2.0-7.2.9 after WinCollect Installation Sensitive Information Disclosure in IBM Jazz Foundation Products Reverse Tabnabbing Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager Denial of Service Vulnerability in IBM Spectrum Scale Denial of Service Vulnerability in IBM Spectrum Scale Authentication Bypass and Command Execution Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Improper Session Validation in IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management Web User Interfaces Improper Access Control Vulnerability in IBM Jazz Foundation and IBM Engineering Products Improper Certificate Validation in IBM Spectrum Protect Plus Server Connection Unencrypted Communication Flow in IBM Spectrum Protect Plus vSnap and Agents Information Disclosure Vulnerability in IBM MQ Appliance 9.1 LTS and 9.1 CD Unauthorized Public OAuth Client Bypass Vulnerability in IBM Security Access Manager and IBM Security Verify Access Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics Local 2.0 XML External Entity Injection (XXE) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 IBM QRadar SIEM 7.3 and 7.4 XML External Entity Injection (XXE) Vulnerability Denial of Service Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Remote Command Execution Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Cross-Site Scripting (XSS) Vulnerability in IBM Business Process Manager and IBM Business Automation Workflow Remote Code Execution Vulnerability in IBM Cognos Analytics 11.0 and 11.1 Arbitrary Code Execution Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Cross-Site Scripting Vulnerability in IBM Jazz Team Server Applications Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 182435) Cross-Site Request Forgery Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Failure to Set Secure Flag for Session Cookie in IBM Planning Analytics 2.0 Information Disclosure Vulnerability in IBM MQ Appliance Server Side Request Forgery (SSRF) Vulnerability in IBM Maximo Asset Management 7.6.0 and 7.6.1 Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager Sensitive Information Disclosure in IBM Business Automation Workflow and IBM Business Process Manager Sensitive Information Disclosure in IBM Business Automation Workflow and IBM Business Process Manager Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 Elevated Privilege Vulnerability in IBM WebSphere Application Server Cross-Site Scripting (XSS) Vulnerability in IBM OpenPages GRC Platform 8.1 Sensitive Information Disclosure in IBM OpenPages GRC Platform 8.1 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service 6.0.2 - 7.0.1 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service 7.0 and 7.0.1 Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (X-Force ID: 183046) Sensitive Information Disclosure in IBM Jazz Foundation Products Arbitrary Code Execution Vulnerability in IBM Aspera Connect 3.9.9 Cross-Site Scripting Vulnerability in IBM Jazz Team Server Based Applications Remote Click Hijacking Vulnerability in IBM Jazz Foundation Products Improper Input Validation Vulnerability in IBM Content Navigator 3.0.7 and 3.0.8 Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.1 and 9.2.2 Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.1 and 9.2.2 Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.1 and 9.2.2 Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.1 and 9.2.2 Session Invalidation Vulnerability in IBM Financial Transaction Manager 3.0.6 and 3.1.0 Local File Disclosure Vulnerability in IBM Financial Transaction Manager for High Value Payments Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow and IBM Business Process Manager Improper Input Validation in IBM Spectrum Protect 7.1 and 8.1 Leading to Denial of Service Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager 3.2.4 Unauthenticated Remote File Read/Write Vulnerability in IBM Cognos Analytics DQM API Cross-Window Communication Vulnerability in IBM Planning Analytics 2.0 Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway Insecure Communications Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Sensitive Information Exposure in IBM Sterling B2B Integrator Log Files Inadequate Account Lockout Setting in IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 Clear Text Storage of User Credentials in IBM Tivoli Key Lifecycle Manager Bypassing Protection Mechanism in IBM Tivoli Key Lifecycle Manager Sensitive Information Disclosure Vulnerability in IBM Tivoli Key Lifecycle Manager Unauthenticated HTTP Request Vulnerability in IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 Weak Password Policy in IBM Tivoli Key Lifecycle Manager Puts User Accounts at Risk Cross-Site Scripting Vulnerability in IBM WebSphere Application Server and WebSphere Virtual Enterprise with High Availability Deployment Manager Configuration Remote Information Disclosure Vulnerability in IBM WebSphere Application Server Cross-Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Denial of Service Vulnerability in IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 via Specially Crafted HTTP/2 Request Denial of Service Vulnerability in IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 Denial of Service Vulnerability in IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 Sensitive Information Disclosure in IBM i2 iBase 8.9.13 Stack-based Buffer Overflow in IBM Sterling Connect:Direct for UNIX Arbitrary File Upload Vulnerability in IBM i2 iBase 8.9.13 Arbitrary Code Execution Vulnerability in IBM WebSphere Application Server Denial of Service Vulnerability in IBM WebSphere Application Server Liberty Unencrypted Second Chunk Disclosure in IBM Spectrum Protect Server Data Corruption Vulnerability in IBM MQ Appliance 9.1.CD and LTS Vulnerability: User Credentials Stored in Plain Text in IBM Security Guardium Insights 2.0.1 Weak Cryptographic Algorithms in IBM Security Guardium Insights 2.0.2: A Potential Threat to Sensitive Data Weak Cryptographic Algorithms in IBM Security Guardium Insights 2.0.2: A Potential Threat to Sensitive Data Weak Cryptographic Algorithms in IBM Security Guardium Insights 2.0.2: A Potential Decryption Vulnerability Insecure Cookie Handling in IBM Security Guardium Insights 2.0.2 Open Redirect Vulnerability in IBM Security Guardium Insights 2.0.1 Sensitive Information Disclosure in IBM Security Guardium Insights 2.0.2 Remote Information Disclosure Vulnerability in IBM Security Guardium Insights 2.0.2 Vulnerability: Plain Text Storage of User Credentials in IBM Security Guardium Insights 2.0.2 Privilege Escalation Vulnerability in IBM Security Guardium Insights 2.0.1 Vulnerability: User Credentials Stored in Plain Text in IBM Security Guardium Insights 2.0.2 XML External Entity Injection (XXE) Vulnerability in IBM Security Verify Privilege Manager 10.8 Improper Input Validation in IBM Security Verify Privilege Vault Remote 1.2 Buffer Overflow Vulnerability in IBM Security Verify Privilege Manager 10.8.2 Local Code Execution Vulnerability in IBM Security Verify Privilege Manager 10.8.2 Authentication Bypass Vulnerability in IBM Data Risk Manager (iDNA) 2.0.6 Information Disclosure Vulnerability in IBM Data Risk Manager (iDNA) 2.0.6 Weak Cryptographic Algorithms in IBM Data Risk Manager (iDNA) 2.0.6: A Potential Threat to Sensitive Data Weak Cryptographic Algorithms in IBM Data Risk Manager (iDNA) 2.0.6: A Potential Decryption Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Data Risk Manager (iDNA) 2.0.6 Sensitive Username Disclosure in IBM Data Risk Manager (iDNA) 2.0.6 Cross-Site Request Forgery Vulnerability in IBM Data Risk Manager (iDNA) 2.0.6 Denial of Service Vulnerability in IBM Data Risk Manager (iDNA) 2.0.6 Clear Text Storage of User Credentials in IBM Data Risk Manager (iDNA) 2.0.6 Arbitrary File Upload Vulnerability in IBM Data Risk Manager (iDNA) 2.0.6 Privilege Escalation Vulnerability in IBM Data Risk Manager (iDNA) 2.0.6 Hard-coded Credentials Vulnerability in IBM Data Risk Manager (iDNA) 2.0.6 IBM i2 iBase 8.9.13 DLL Search Order Hijacking Vulnerability Weak Cryptographic Algorithms in IBM Cloud Pak for Security 1.3.0.1 (CP4S) Vulnerability IBM Cloud Pak for Security 1.3.0.1 (CP4S) Information Disclosure Vulnerability Information Disclosure Vulnerability in IBM Cloud Pak for Security 1.3.0.1 (CP4S) CSV Injection Vulnerability in IBM Cloud Pak for Security 1.3.0.1 (CP4S) Sensitive Information Disclosure in IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 Sensitive Information Disclosure in IBM WebSphere Application Server Insecure Permissions in IBM Spectrum Protect Plus Agent Files on Windows IBM InfoSphere Metadata Asset Manager 11.7 Server-Side Request Forgery Vulnerability Formula Injection Vulnerability in IBM Resilient SOAR V38.0 User Enumeration Vulnerability in IBM Resilient SOAR 40 and Earlier IBM Resilient OnPrem 38.2 Privileged User Command Injection Vulnerability Privilege Escalation Vulnerability in IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 Sensitive Information Exposure in IBM API Connect Denial of Service Vulnerability in IBM DB2 Management Service XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Remote Click Hijacking Vulnerability in IBM Planning Analytics Local 2.0.0 through 2.0.9.1 Cross-Site Scripting (XSS) Vulnerability in IBM Planning Analytics Local 2.0.0 through 2.0.9.1 Improper Authorization Control in IBM Sterling B2B Integrator Standard Edition SQL Injection Vulnerability in IBM Sterling File Gateway Unauthorized Avatar Modification Vulnerability in IBM Planning Analytics 2.0 Vulnerability: Data Exposure in IBM Planning Analytics Local and Workspace Local File Inclusion Vulnerability in IBM Maximo Spatial Asset Management 7.6.0.3-7.6.1.0 Cross-Site Request Forgery (CSRF) Vulnerability in IBM Maximo Spatial Asset Management Open Redirect Vulnerability in IBM Planning Analytics 2.0 Allows for Phishing Attacks Improper Permission Control in IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 SQL Injection Vulnerability in IBM Sterling B2B Integrator Standard Edition Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition Cross-Site Scripting (XSS) Vulnerability in IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 Timing Side Channel Vulnerability in IBM Security Access Manager and IBM Security Verify Access Timing Side Channel Vulnerability in IBM Security Access Manager and IBM Security Verify Access Improper Authentication Validation in IBM Event Streams 10.0.0 Allows Unauthorized Schema Access Cross-Site Scripting (XSS) Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises Cross-Site Scripting (XSS) Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises Insecure Cookie Handling in IBM Sterling File Gateway Cross-Site Scripting (XSS) Vulnerability in IBM Engineering Requirements Quality Assistant On-Premises Improper Input Validation in IBM Engineering Requirements Quality Assistant On-Premises (IBM X-Force ID: 186282) Cross-Site Request Forgery (CSRF) Vulnerability in IBM Sterling B2B Integrator Unauthenticated Remote Access to MongoDB in IBM Planning Analytics Local 2.0 Unprotected Redis Server Allows Unauthorized Access in IBM Planning Analytics Local 2.0 Information Disclosure Vulnerability in IBM Sterling B2B Integrator Cross-Site Scripting (XSS) Vulnerability in IBM Business Automation Workflow 20.0.0.1 Sensitive Information Disclosure in IBM Workload Automation 9.5 via HTML Comments Server Path Disclosure in IBM Workload Automation 9.5 Cross-Site Request Forgery Vulnerability in IBM InfoSphere Master Data Management Server 11.6 Privilege Escalation Vulnerability in IBM Security Guardium 11.2 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.2 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.2 Cross-Site Scripting (XSS) Vulnerability in IBM Security Guardium 11.2 Arbitrary Code Execution Vulnerability in IBM MQ 7.5-9.2 Privilege Escalation Vulnerability in IBM Cognos Controller Privilege Escalation Vulnerability in IBM Spectrum Virtualize 8.3.1 Unauthorized Access to Cached Content in IBM Content Navigator 3.0.7 and 3.0.8 Command Injection Vulnerability in IBM Security Guardium 10.6 and 11.2 IBM Security Guardium 11.2 CSV Injection Vulnerability Hard-coded Credentials Vulnerability in IBM Security Guardium 11.3 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Information Disclosure Vulnerability in IBM Sterling B2B Integrator Dashboard UI Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Operations Center Insecure Communications in IBM API Connect V10 Database Replication: A Threat to Confidentiality Session Invalidation Vulnerability in IBM Cloud Pak for Security 1.3.0.1 (CP4S) Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Stored Cross-Site Scripting Vulnerability in IBM Business Process Manager and IBM Business Automation Workflow Timing Side Channel Vulnerability in IBM Security Access Manager and IBM Security Verify Access Privilege Escalation Vulnerability in IBM Sterling B2B Integrator Buffer Overflow Vulnerability in IBM DB2 for Linux, UNIX and Windows Stored Cross-Site Scripting in IBM InfoSphere Information Server 11.7 Arbitrary File Upload and Code Execution Vulnerability in IBM Spectrum Protect Plus Administrative Console Stored Cross-Site Scripting Vulnerability in IBM Content Navigator 3.0CD Cross-Site Scripting (XSS) Vulnerability in IBM Sterling B2B Integrator HTTP Header Injection Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.10 Cross-Site Scripting (XSS) Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.11 Wildcard in Access-Control-Allow-Origin Header in IBM Security Trusteer Pinpoint Detect 11.6.5 Could Lead to Information Disclosure Directory Traversal Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Arbitrary File Write Vulnerability in IBM SPSS Modeler Subscription Installer Stored Cross-Site Scripting in IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 IBM Cloud APM 8.1.4 Server DNS Query Injection Vulnerability Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.0 and 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.0 and 9.2.1 Arbitrary Code Execution Vulnerability in IBM i2 Analyst Notebook 9.2.0 and 9.2.1 Memory Corruption Vulnerability in IBM i2 Analyst Notebook 9.2.0 and 9.2.1 Allows for Arbitrary Code Execution HTML Content Modification Vulnerability in IBM Monitoring (IBM Cloud APM 8.1.4) Local File Disclosure Vulnerability in IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) Clickjacking Vulnerability in IBM InfoSphere Information Server 11.7 API Request Denial of Service Vulnerability in IBM Counter Fraud Management for Safer Payments Cross-Site Scripting (XSS) Vulnerability in IBM Aspera Web Application 1.9.14 PL1 Lack of Security Restrictions in IBM Jazz Foundation and IBM Engineering Products: Sensitive Information Disclosure Vulnerability Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products DLL Search Order Hijacking Vulnerability in IBM DB2 Accessories Suite for Linux, UNIX, and Windows HTML Injection Vulnerability in IBM InfoSphere Information Server 11.5 and 11.7 Stored Cross-Site Scripting Vulnerability in IBM InfoSphere Information Server 11.5 and 11.7 Improper Authentication Methods in IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 Cross-Site Scripting (XSS) Vulnerability in IBM Spectrum Scale 5.0.0 - 5.0.5.2 Insecure Cookie Handling in IBM Spectrum Scale 5.0.0 through 5.0.5.2 Cross-Site Scripting (XSS) Vulnerability in IBM Spectrum Scale 5.0.0 - 5.0.5.2 Denial of Service Vulnerability in IBM Spectrum Scale and IBM Elastic Storage System Stored Cross-Site Scripting Vulnerability in IBM FileNet Content Manager and IBM Content Navigator 3.0.CD IBM FileNet Content Manager 5.5.4 and 5.5.5 CSV Injection Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Content Navigator 3.0CD Sensitive Information Disclosure in IBM Sterling B2B Integrator Privileged Account Creation Vulnerability in IBM Sterling B2B Integrator Insecure Cookie Handling in IBM Sterling File Gateway 6.0.0.0 - 6.0.3.2 and 2.2.0.0 - 2.2.6.5 Cross-Site Request Forgery Vulnerability in IBM Planning Analytics 2.0 Local File Inclusion Vulnerability in IBM Cloud Pak for Multicloud Management (CVE-2021-20505) Denial of Service Vulnerability in IBM MQ Internet Pass-Thru 2.1 and 9.2 IBM Sterling Connect Direct for Microsoft Windows Remote Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in IBM Case Manager and IBM Business Automation Workflow Improper Authentication in IBM Spectrum Protect Operations Center XML External Entity Injection (XXE) Vulnerability in IBM Curam Social Program Management 7.0.9 and 7.0.10 CSRF Vulnerability in IBM Curam Social Program Management 7.0.9 and 7.0.10 XPath Injection Vulnerability in IBM Curam Social Program Management 7.0.9 and 7.0.10 Cross-Site Scripting (XSS) Vulnerability in IBM Curam Social Program Management 7.0.9 and 7.0.10 IBM Curam Social Program Management 7.0.9 and 7.0.10 Path Traversal Vulnerability Insecure Token Hashing in IBM Curam Social Program Management 7.0.9 and 7.0.10 HTTP Verb Tampering Vulnerability in IBM Curam Social Program Management 7.0.9 and 7.0.10 Missing 'secure' attribute on session cookie in IBM Curam Social Program Management 7.0.9 and 7.0.10 Improper Input Validation in IBM Curam Social Program Management 7.0.9 and 7.0.10 Leading to Denial of Service Directory Traversal Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Improper HTTP Strict Transport Security Configuration in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Click Hijacking Vulnerability in IBM App Connect Enterprise Certified Container Vulnerability: Server Side Request Forgery (SSRF) in IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 Vulnerability: Server Side Request Forgery (SSRF) in IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 IBM Power9 L1 Cache Information Disclosure Vulnerability Directory Traversal Vulnerability in IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 Improper URL Validation in IBM Security Identity Governance and Intelligence 5.2.6 Leads to Denial of Service Improper Certificate Validation in IBM Security Identity Governance and Intelligence 5.2.6 Allows for Man-in-the-Middle Attacks Cross-Site Scripting (XSS) Vulnerability in IBM Edge 4.2 Improper Authorization Checking Vulnerability in IBM Automation Workstream Services, IBM Business Automation Workflow, and IBM Business Process Manager Information Disclosure Vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 Out of Bounds Write Vulnerability in IBM Informix Spatial 14.10 Local File Disclosure Vulnerability in IBM Edge 4.2 Local File Disclosure Vulnerability in IBM Edge 4.2 Local File Disclosure Vulnerability in IBM Edge 4.2 Improper Input Validation in IBM Cloud Pak for Security (CP4S) Allows Privileged User to Inject Malicious Data Information Disclosure Vulnerability in IBM Cloud Pak for Security (CP4S) 1.4.0.0 Improper HTTP Strict Transport Security Configuration in IBM Cloud Pak for Security (CP4S) 1.4.0.0 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak for Security (CP4S) 1.4.0.0 Bypassing Authentication Mechanisms with Empty Password String in IBM InfoSphere Data Replication and Change Data Capture Cross-Site Scripting (XSS) Vulnerability in IBM API Connect 10.0.0.0 - 10.0.1.0 and 2018.4.1.0 - 2018.4.1.13 Cross-Site Request Forgery Vulnerability in IBM API Connect 10.0.0.0 - 10.0.1.0 and 2018.4.1.0 - 2018.4.1.13 Cross-Site Request Forgery Vulnerability in IBM API Connect 10.0.0.0 - 10.0.1.0 and 2018.4.1.0 - 2018.4.1.13 Web Cache Poisoning Vulnerability in IBM API Connect 10.0.0.0 - 10.0.1.0 and 2018.4.1.0 - 2018.4.1.13 Local Privilege Escalation in IBM AIX 7.1, 7.2, and VIOS 3.1 via ksu User Command Weak Cryptographic Algorithms in IBM DataPower Gateway 10.0.0.0 through 10.0.1.0: A Critical Vulnerability Local Information Disclosure Vulnerability in IBM PowerHA 7.2 Stored Cross-Site Scripting Vulnerability in IBM API Connect 5.0.0.0 through 5.0.8.10 Stack-based Buffer Overflow Vulnerability in IBM Host Firmware for LC-class Systems Open Redirect Vulnerability in IBM Security Secret Server 10.6 Allows for Phishing Attacks Improper HTTP Strict Transport Security Configuration in IBM Security Secret Server 10.6 Sensitive Information Disclosure in IBM Security Secret Server 10.6 Information Disclosure in IBM Security Secret Server 10.6 Cross-Site Scripting (XSS) Vulnerability in IBM Security Key Lifecycle Manager 3.0.1 and 4.0 Sensitive Information Disclosure in IBM Security Key Lifecycle Manager Unauthorized Access to Resources in IBM UrbanCode Deploy Remote Code Execution Vulnerability in IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 IBM Spectrum Scale Transparent Cloud Tiering Information Disclosure Vulnerability Local User Log Poisoning Vulnerability in IBM Spectrum Scale Hard-coded Credentials Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (X-Force ID: 190457) Stored Cross-Site Scripting Vulnerability in IBM Engineering Products (X-Force ID: 190459) Stored Cross-Site Scripting Vulnerability in IBM Engineering Products Stored Cross-Site Scripting Vulnerability in IBM Engineering Products Spoofed Source IP Address Vulnerability in IBM Resilient SOAR V38.0 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products Cross-Site Scripting Vulnerability in IBM Engineering Products: Potential Credentials Disclosure Sensitive Information Disclosure in IBM TRIRIGA 3.0, 4.0, and 4.4 IBM MQ Appliance 9.2 CD and 9.2 LTS Denial of Service Vulnerability Denial of Service Vulnerability in IBM MQ 9.2 CD and LTS Local File Inclusion Vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 CORS Policy Allows Sensitive Information Disclosure XML External Entity Injection (XXE) Vulnerability in IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 XML External Entity Injection (XXE) Vulnerability in IBM Cognos Controller 10.4.0-10.4.2 Unauthorized Modifications in IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 Improper Validation of Authentication Cookies in IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 Lack of Server Hostname Verification in IBM Planning Analytics 2.0 Allows Remote Information Disclosure IBM Planning Analytics 2.0 Server-Side Request Forgery (SSRF) Vulnerability Information Disclosure Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Clear Text Storage of User Credentials in IBM UrbanCode Deploy Race Condition Vulnerability in IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 Sensitive Information Exposure in IBM InfoSphere Information Server 11.7 Arbitrary File Creation Vulnerability in IBM AIX and AIX VIOS Insecure Deserialization Remote Code Execution Vulnerability in IBM QRadar SIEM Local User Log Poisoning Vulnerability in IBM Spectrum Scale Weak or Absent Rate Limiting in IBM Spectrum Scale REST API: Denial of Service Vulnerability Inadequate Account Lockout Setting in IBM Spectrum Scale Rest API Cross-Site Scripting (XSS) Vulnerability in IBM Emptoris Contract Management 10.1.3 Sensitive Information Disclosure via HTTP GET Request Parameters in IBM Emptoris Strategic Supply Management Stored Cross-Site Scripting Vulnerability in IBM Emptoris Strategic Supply Management Web Cache Poisoning Vulnerability in IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 Sensitive Information Disclosure in IBM Emptoris Contract Management and Spend Analysis Weak Cryptographic Algorithms in IBM Emptoris Strategic Supply Management 10.1.3: A Potential Decryption Vulnerability Plain Text Transmission of Sensitive Information in IBM API Connect 5.0.0.0 through 5.0.8.10 Local User Information Disclosure Vulnerability in IBM Business Automation Workflow 19.0.0.3 Username Enumeration Vulnerability in IBM Robotic Process Automation with Automation Anywhere 11.0 SQL Injection Vulnerability in IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) Registration Invitation Link Vulnerability in IBM API Connect V10 and V2018 Cross-Site Request Forgery Vulnerability in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 Vulnerability Title: Man-in-the-Middle Attack in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 Local File Disclosure Vulnerability in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 Sensitive Information Disclosure in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 Information Disclosure Vulnerability in IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak System 2.3 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak System 2.3 Privilege Escalation Vulnerability in IBM Cloud Pak System 2.3 Self Service Console Credential Information Disclosure in IBM Cloud Pak System 2.3 Session Invalidation Vulnerability in IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 Cross-Site Scripting (XSS) Vulnerability in IBM Cloud Pak System 2.3 Cross-Site Request Forgery Vulnerability in IBM Cloud Pak System 2.3 Insecure Direct Object Reference in IBM Cloud Pak System 2.3 Sell Service Console Insufficient Logout Controls in IBM Cloud Pak System 2.3 Allow User Impersonation Stored Cross-Site Scripting Vulnerability in IBM Jazz Team Server Products SQL Injection Vulnerability in IBM Security Guardium 10.6 and 11.2 Spectrum Scale 5.0 and 5.1 mmfsd Daemon Overflow Vulnerability Unauthorized Access and Data Injection Vulnerability in Spectrum Scale 5.1 and IBM Elastic Storage System 6.1 Unauthorized Access and Data Injection Vulnerability in Spectrum Scale Core Component Arbitrary File Upload Vulnerability in IBM Cloud Pak System 2.3 Cross-Site Scripting (XSS) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Denial of Service Vulnerability in IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels Hard-coded Credentials Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Cross-Site Scripting (XSS) Vulnerability in IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 Arbitrary File Viewing Vulnerability in IBM Content Navigator 3.0.CD Cross-Site Scripting (XSS) Vulnerability in IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7) Weak Cryptographic Algorithms in IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 Cross-Site Request Forgery Vulnerability in IBM MQ Appliance 9.1 and 9.2 Information Disclosure Vulnerability in IBM Edge 4.2: Exposing Sensitive Server Version Details Cross-Site Request Forgery Vulnerability in IBM Curam Social Program Management 7.0.9 and 7.0.11 Plain Text Storage of Keystore Passwords in IBM UrbanCode Deploy Improper Group Permissions in IBM Db2 11.5 Allow Authenticated Users to Overwrite Arbitrary Files XML External Entity Injection (XXE) Vulnerability in IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Local Cache Information Disclosure Vulnerability in IBM Cognos Analytics 11.1.7 and 11.2.0 Improper Access Control in IBM Security Guardium 11.2 Allows Authenticated User to Gain Root Access Information Disclosure Vulnerability in IBM Planning Analytics 2.0 Authentication Bypass Vulnerability in IBM Spectrum Protect Operations Center Arbitrary Code Execution Vulnerability in IBM Spectrum Protect Operations Center 7.1 and 8.1 Denial of Service Vulnerability in IBM Spectrum Protect Operations Center 7.1 and 8.1 Sensitive Information Disclosure in IBM Security Identity Governance and Intelligence 5.2.6 via URL Parameters Unauthenticated Access to Critical Functionality in IBM Security Identity Governance and Intelligence 5.2.6 IBM Jazz Team Server Products: Authenticated User Phishing Vulnerability Weak Cryptographic Algorithms in IBM Jazz Team Server Products: A Gateway for Decryption Attacks Insecure Cookie Handling in IBM Security Identity Governance and Intelligence 5.2.6 HTTP Header Information Disclosure in IBM Cloud Pak for Security (CP4S) 1.3.0.1 Weak Cryptographic Algorithms in IBM Security Identity Governance and Intelligence 5.2.6: A Potential Decryption Vulnerability Vulnerability: Information Disclosure via HTTP Strict Transport Security Bypass HTTP Strict Transport Security Bypass in IBM Security Identity Governance and Intelligence IBM Jazz Foundation Products Server Side Request Forgery (SSRF) Vulnerability Cross-Site Scripting Vulnerability in IBM Engineering Products (X-Force ID: 192435) Weak File Permissions Vulnerability in IBM DB2 for Linux, UNIX and Windows Stored Cross-Site Scripting Vulnerability in IBM Engineering Lifecycle Optimization - Publishing Insecure Inter-Deployment Communication Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Insecure Data Protection in IBM QRadar SIEM 7.3 and 7.4 Local Privilege Escalation Vulnerability in IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 Arbitrary Command Execution Vulnerability in IBM Spectrum LSF Sensitive Information Disclosure in IBM Planning Analytics Local 2.0 via Query Body Parameters Stored Cross-Site Scripting Vulnerability in IBM FlashSystem 900 User Management GUI Vulnerability in Loopback 8.0.0 Allows for JavaScript Value Manipulation and Code Execution Information Disclosure in IBM Engineering Workflow Management and Rational Team Concert SQL Injection Vulnerability in IBM Security Guardium 11.2 Cross-Site Request Forgery Vulnerability in IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 Path Traversal Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Denial of Service Vulnerability in IBM DataPower Gateway 10.0.1.0 through 10.0.1.4 and 2018.4.1.0 through 2018.4.1.17 Session Invalidation Vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 Local User Credential Capture Vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 Cross-Site Scripting (XSS) Vulnerability in IBM InfoSphere Information Server 11.7 Cross-Site Scripting Vulnerability in IBM Financial Transaction Manager 3.2.0-3.2.8 Directory Traversal Vulnerability in IBM Financial Transaction Manager 3.2.0 through 3.2.7 Improper Validation in IBM Financial Transaction Manager 3.2.0 through 3.2.10 Allows Unauthorized Actions XML External Entity Injection (XXE) Vulnerability in IBM Financial Transaction Manager 3.2.4 Cross-Site Scripting Vulnerability in IBM Jazz Foundation Products (X-Force ID: 192957) Sensitive Information Disclosure in IBM DataPower Gateway 10.0.0.0 - 10.0.1.0 and 2018.4.1.0 - 2018.4.1.14 XML External Entity Injection (XXE) Vulnerability in IBM QRadar SIEM 7.3 and 7.4 Arbitrary Code Execution via Server-Side Request Forgery in IBM DataPower Gateway V10 and V2018 Denial of Service Vulnerability in IBM Elastic Storage System and IBM Elastic Storage Server Arbitrary Directory Traversal Vulnerability in IBM WebSphere Application Server Local User Information Disclosure Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Sensitive Information Exposure in IBM Spectrum Protect Plus URLs HTTP Header Injection Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Clickjacking Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Session Impersonation Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Unauthenticated and Unauthorized Access to VDAP Proxy in IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Arbitrary Data Injection Vulnerability in IBM Spectrum Protect Plus 10.1.0 through 10.1.7 Denial of Service Vulnerability in IBM DB2 for Linux, UNIX and Windows Buffer Overflow Vulnerability in IBM DB2 db2fm Sensitive Information Disclosure in IBM Financial Transaction Manager for Digital Payments Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 193737) Cross-Site Scripting Vulnerability in IBM Jazz Foundation and IBM Engineering Products (IBM X-Force ID: 193738) Temporary Denial of Service Vulnerability in IBM QRadar SIEM 7.3 and 7.4 SonicWall SMA1000 HTTP Extraweb Server Denial of Service Vulnerability Improper Validation in SonicOS SSLVPN LDAP Login Request Allows Remote DNS Interaction Arbitrary File Write Vulnerability in SonicWall NetExtender Windows Client Domain Name Collision Vulnerability in SonicWall SSL-VPN Products Buffer Overflow Vulnerability in SonicOS Gen 6 and Gen 7 Firewalls Leads to Denial of Service Out-of-Bound File Reference Vulnerability in SonicOS Firewall Buffer Overflow Vulnerability in SonicOS Firewall Software Buffer Overflow Vulnerability in SonicOS SSL-VPN and Virtual Assist Portal Leads to Firewall Crash Buffer Overflow Vulnerability in SonicOS SSLVPN Service Leads to Firewall Crash Heap Overflow Vulnerability in SonicOS Firewall SSLVPN Service SonicOS SSLVPN Service Denial of Service Vulnerability Memory Address Leak DoS Vulnerability in SonicOS SSLVPN Service Brute Force Vulnerability in SonicOS SSLVPN Service Allows Remote Unauthorized Access Stored Cross-Site Scripting (XSS) Vulnerability in SonicOS SSLVPN Web Interface SonicOS SSLVPN Login Page Username Enumeration Vulnerability SonicWall Global VPN Client Privilege Escalation Vulnerability Insecure Library Loading (DLL Hijacking) Vulnerability in SonicWall Global VPN Client OS Command Injection Vulnerability in SonicWall SMA100 Appliance Unquoted Service Path Vulnerability in SonicWall NetExtender Windows Client SonicWall SSO-Agent Default Configuration Vulnerability: Password Hash Capture and Firewall Bypass Remote Command Execution Vulnerability in Comtech Stampede FX-1010 7.4.3 Devices OpenVPN Parameter Injection Vulnerability in Viscosity 1.8.2 Reverse Tabnabbing Vulnerability in J-BusinessDirectory Extension for Joomla! Memory Corruption Vulnerability in FTPGetter Professional 5.97.0.223 Cross-Site Scripting (XSS) Vulnerability in DNN (formerly DotNetNuke) through 9.4.4 Path Traversal Vulnerability in DNN (formerly DotNetNuke) 9.4.4 Insecure Permissions in DNN (formerly DotNetNuke) through 9.4.4 Multiple Persistent XSS Vulnerabilities in PHPGurukul Hospital Management System v4.0 Multiple SQL Injection Vulnerabilities in PHPGurukul Hospital Management System v4.0 Multiple Reflected XSS Vulnerabilities in PHPGurukul Hospital Management System v4.0 Unrestricted API Endpoint Allows Unauthorized Zip and Download of Files in Cerberus FTP Server 8 Reflected XSS in Cerberus FTP Server: Remote Code Execution via Crafted Public Folder URL Unauthorized File Access and Directory Manipulation in Cerberus FTP Server Incorrect Access Control Vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1 Vulnerability: Local Users Can Hijack apt-cacher-ng TCP Port and Obtain Sensitive Information Arbitrary Code Execution Vulnerability in Fat-Free Framework 3.7.1 Buffer Overflow Vulnerability in handle_PORT in uftpd before 2.11 Session Fixation Vulnerability in Pow (Hex package) before 1.0.16 Remember-me Cookie Authentication Bypass in Opencast Request Smuggling Vulnerability in Ktor 1.3.0 and Earlier Versions Remote Code Execution Vulnerability in ipmitool before 1.8.19 Buffer Overflow Vulnerability in NetHack 3.6.5 Allows for Remote Code Execution and Privilege Escalation Buffer Overflow Vulnerability in NetHack before 3.6.5 Allows for Remote Code Execution and Privilege Escalation Buffer Overflow Vulnerability in NetHack 3.6.5 Buffer Overflow Vulnerability in NetHack MENUCOLOR Configuration Option Buffer Overflow Vulnerability in NetHack 3.6.5 SYMBOL Configuration Option Buffer Overflow Vulnerability in NetHack 3.6.5 Allows for Remote Code Execution and Privilege Escalation Segmentation Fault Vulnerability in TensorFlow's String to tf.float16 Conversion Directive Injection Vulnerability in Secure Headers (RubyGem secure_headers) Directive Injection Vulnerability in Secure Headers (RubyGem secure_headers) Sylius Channel Switching Vulnerability Remote Code Execution Vulnerability in Angular Expressions (Versions < 1.0.1) Vulnerability in Sylius ResourceBundle allows unintended serialisation group exposure Directory Traversal Vulnerability in uftpd before 2.11 Remember-Me Cookie Vulnerability in Opencast Versions Before 7.6 and 8.1 Persistent XSS Vulnerability in PrivateBin Versions 1.2.0 - 1.2.2 and 1.3.0 - 1.3.2 Session Takeover Vulnerability in Django User Sessions Log Injection Vulnerability in SimpleSAMLphp before version 1.18.4 Cross-site scripting vulnerability in SimpleSAMLphp before version 1.18.4 via www/errorreport.php email template. XML Denial of Service Vulnerability in feedgen (python feedgen) before 0.9.0 Unintended Public Access to Media and Metadata via OAI-PMH in Opencast Insecure Password Storage in Opencast 8.0 and Earlier Versions Arbitrary Identifier Vulnerability in Opencast Unauthenticated User Creation Vulnerability in Opencast Trapdoor Vulnerability in ENS Domain Ownership Transfer Fixed in New Deployment Open Redirect Vulnerability in OAuth2 Proxy Vulnerability: DoS Attack via Hash Collisions and Stack Overflow in MessagePack for C# and Unity Nanopb Out of Memory Vulnerability Denial of Service (DOS) Vulnerability in Waitress 1.4.2 Multiple Relative Path Traversal Vulnerabilities in oneup/uploader-bundle Denial of Service Vulnerability in GitHub Flavored Markdown Table Extension Mailu Fetchmail Script Vulnerability Unauthenticated User Can View and Delete Other Users' 2FA Devices in wagtail-2fa XSS/Script Injection Vulnerability in matestack-ui-core (RubyGem) before 0.7.4 Arbitrary Command Execution via REST Calls in openHAB Denial of Service Vulnerability in uap-core before 0.7.3 Unauthenticated Data Exposure in BuddyPress REST API Endpoint Arbitrary Code Execution Vulnerability in Dropwizard-Validation LDAP Injection Vulnerability in Traccar GPS Tracking System (Versions prior to 4.9) Puma RubyGem HTTP Response Splitting Vulnerability Default Encryption Key Vulnerability in GLPI HTTP Response Splitting vulnerability in Puma (RubyGem) before 4.3.3 and 3.12.4 Address and Account Information Tampering Vulnerability in PrestaShop User Object Enumeration via Regex in parser-server Potential security issue in command-line safety package for Python Escaping of Characters Vulnerability in NetHack (pre-3.6.0) Out-of-Bound Exploit in NetHack's hilite_status Option Content-Type Header Mismatch Vulnerability in Symfony Remote Code Execution via Image Upload in BookStack (CVE-2021-12345) SQL Injection Vulnerability in Administrate (rubygem) before version 0.13.0 Prototype Pollution vulnerability in dojo's deepCopy method Prototype Pollution vulnerability in dojox's jqMix method Git Credential Helper Vulnerability: Unauthorized Disclosure of Private Credentials Vulnerability: Faulty Token Replay Detection in Sustainsys.Saml2 (versions > 2.0.0, < 2.5.0) GitHub Personal Access Token (PAT) Exposed in EasyBuild Debug Log Files Password Exposure Vulnerability in auth0.js (NPM package auth0-js) versions greater than 8.0.0 and before 9.12.3 Reflected XSS Vulnerability in PrestaShop Prior to 1.7.6.5 Reflected XSS Vulnerability in PrestaShop AdminAttributesGroups Page (Versions 1.7.6.1 - 1.7.6.5) Stored XSS Vulnerability in PrestaShop ps_link Module (Fixed in 3.1.0) XSS Vulnerability in ActionView's JavaScript Literal Escape Helpers Sustainsys.Saml2 Library Token Validation Bypass Vulnerability Reflected XSS Vulnerability in PrestaShop AdminFeatures Page (CVE-2020-12345) Open Redirection Vulnerability in PrestaShop Versions 1.7.6.0 - 1.7.6.5 Reflected XSS Vulnerability in PrestaShop Dashboard Page (Versions 1.6.0.0 - 1.7.6.5) Reflected XSS Vulnerability in PrestaShop Search Page (Versions 1.5.5.0 - 1.7.6.5) Stored XSS vulnerability in PrestaShop module ps_linklist versions before 3.1.0 Improper Escaping and Unauthorized Stacktrace Disclosure in Symfony Access Control Bypass in Symfony Firewall Reflected XSS Vulnerability in PrestaShop AdminCarts Page (Versions 1.7.1.0 - 1.7.6.5) Reflected XSS vulnerability in PrestaShop module ps_facetedsearch prior to 3.5.0 Reflected XSS Vulnerability in PrestaShop Exception Page (Fixed in 1.7.6.5) Improper Access Control in PrestaShop Versions 1.5.0.0 to 1.7.6.5 Local File Inclusion Vulnerability in http4s LDAP Configuration Modification Vulnerability in Perun Arbitrary Shell Execution Vulnerability in Nick Chan Bot (<= 1.0.0-beta) XSS Vulnerability in ViewVC's CVS show_subdir_lastmod Feature Directory Traversal Vulnerability in Next.js versions before 9.3.2 Reflected XSS Vulnerability in PrestaShop 1.7.6.0 - 1.7.6.5 with 'back' Parameter Reflected XSS Vulnerability in PrestaShop Versions 1.7.4.0 - 1.7.6.5 Improper Access Control on Customers Search in PrestaShop Versions 1.5.5.0 - 1.7.6.5 Improper Access Controls on Product Attributes Page in PrestaShop Versions 1.7.0.0 - 1.7.6.5 Insecure Field Guessing Vulnerability in Elide Session Fixation Vulnerability in RedpwnCTF (pre-2.3) Allows Flag Theft and Unauthorized Account Access Privilege Escalation via Bubblewrap (bwrap) in Setuid Mode and Unprivileged User Namespaces SQL Injection Vulnerability in Leantime Versions 2.0.14 and Earlier Improper Access Controls on PrestaShop Product Page with Combinations, Attachments, and Specific Prices Reflected XSS Vulnerability in PrestaShop Module ps_facetedsearch Versions Before 2.1.0 Local File Disclosure Vulnerability in OctoberCMS Arbitrary File Deletion Vulnerability in OctoberCMS Arbitrary File Upload Vulnerability in OctoberCMS Reflected XSS Vulnerability in OctoberCMS Import Functionality CSV Injection Vulnerability in OctoberCMS Uniqueness Check Bypass in Hydra's 'private_key_jwt' Client Authentication Method Information Disclosure Vulnerability in SimpleSAMLphp versions before 1.18.6 Unprivileged User Impersonation Vulnerability in MH-WikiBot IRC Interface Denial-of-Service Vulnerability in Tendermint Versions 0.33.3, 0.32.10, and 0.31.12 Log Injection Vulnerability in WhiteSource Application Vulnerability Management (AVM) Cross-Site Scripting (XSS) Vulnerability in Codoforum 4.8.3 Admin Dashboard Cross-Site Scripting (XSS) Vulnerability in Codoforum 4.8.3 via Display Name, Title Name, or Content Parameters SQL Injection Vulnerabilities in PHPGurukul Dairy Farm Shop Management System 1.0 Cross-Site Scripting (XSS) Vulnerabilities in PHPGurukul Dairy Farm Shop Management System 1.0 Integer Overflow Vulnerability in libImaging/TiffDecode.c in Pillow SGI RLE Buffer Overflow in libImaging/SgiRleDecode.c PCX P Mode Buffer Overflow in libImaging/PcxDecode.c FLI Buffer Overflow in libImaging/FliDecode.c Plain-text Password Storage Vulnerability in Dell EMC Repository Manager (DRM) Version 3.2 Uncontrolled Search Path Vulnerability in Dell SupportAssist for Business and Home PCs XSS Vulnerability in Dell EMC ECS Versions Prior to 3.4.0.1 Unauthenticated File Access Vulnerability in Dell EMC Isilon OneFS Dell EMC Unity: Denial of Service Vulnerability in NAS Server SSH Implementation SQL Injection Vulnerability in Dell EMC OpenManage Enterprise (OME) and OpenManage Enterprise-Modular (OME-M) Improper Input Validation Vulnerability in Dell EMC OpenManage Enterprise and OpenManage Enterprise-Modular Command Injection Vulnerability in Dell EMC OpenManage Enterprise-Modular (OME-M) Versions Prior to 1.10.00 Injection Vulnerability in Dell EMC OpenManage Enterprise (OME) and OpenManage Enterprise-Modular (OME-M) Allows Unauthorized Access and Denial-of-Service Arbitrary File Overwrite Vulnerability in Dell Firmware Update Utility BIOS Setup Configuration Authentication Bypass Vulnerability in Dell Client Platforms Dell Security Management Server Unauthenticated Remote Code Execution Vulnerability Unauthorized Access Vulnerability in Dell EMC Isilon OneFS Versions Prior to 8.2.0 Open Redirect Vulnerability in Dell EMC Avamar Server Information Disclosure Vulnerability in Dell EMC Networking and PowerEdge VRTX Switch Modules Information Exposure Vulnerability in RSA Archer Command Injection Vulnerability in RSA Archer Authorization Bypass Vulnerability in RSA Archer REST API DOM-based Cross-Site Scripting Vulnerability in RSA Archer Cross-Site Request Forgery (CSRF) Vulnerability in RSA Archer URL Injection Vulnerability in RSA Archer RSA Archer URL Redirection Vulnerability Stored Cross-Site Scripting Vulnerability in RSA Authentication Manager Security Console Stored Cross-Site Scripting Vulnerability in RSA Authentication Manager Security Console Deserialization of Untrusted Data Vulnerability in Dell EMC Avamar Server and Integrated Data Protection Appliance Arbitrary Execution with Administrative Privileges in Dell Digital Delivery Insecure Inherited Permissions Vulnerability in Dell Client Platforms Stack-based Buffer Overflow Vulnerability in Dell EMC iDRAC7, iDRAC8, and iDRAC9 Authorization Bypass Vulnerability in Dell EMC Unisphere for PowerMax Stored Cross-Site Scripting Vulnerability in RSA Authentication Manager Security Console Denial of Service Vulnerability in Dell EMC Isilon OneFS Versions 8.2.2 and Earlier UAF Vulnerability in Dell Latitude 7202 Rugged Tablet BIOS (CVE-XXXX) Hardcoded Credential Vulnerability in Dell EMC Networking S4100 and S5200 Series Switches Command Injection Vulnerability in Dell EMC Integrated Data Protection Appliance ACM Component Undocumented Account with Hard-Coded Password in Dell EMC Data Protection Advisor Dell EMC Data Protection Advisor OS Command Injection Vulnerability Dell Isilon OneFS and Dell EMC PowerScale OneFS NFS Spoofing Vulnerability Improper TCP and Stream Forwarding in Dell Isilon OneFS SSHD Process Improper Authorization Vulnerability in Dell PowerProtect Data Manager and PowerProtect X400 Arbitrary File Overwrite Vulnerability in Dell Dock Firmware Update Utilities Privilege Escalation Vulnerability in Dell Encryption and Endpoint Security Suite Unchecked Return Value Vulnerability in Dell BSAFE Micro Edition Suite (Versions Prior to 4.5) Allows Remote Data Corruption Dell BSAFE Micro Edition Suite Buffer Under-Read Vulnerability Unauthorized BIOS Password Reset Vulnerability Dell Manageability Interface Vulnerability Allows Unauthorized BIOS Configuration Reset Dell Client Consumer and Commercial Platforms BIOS Admin Password Vulnerability Dell EMC Isilon OneFS SNMPv2 Vulnerability Predictable Default Password Vulnerability in Dell EMC Isilon Versions 8.2.2 and Earlier Path Traversal Vulnerability in Dell EMC iDRAC9 Versions Prior to 4.20.20.20 Improper Certificate Validation Vulnerability in Dell EMC Unisphere for PowerMax Improper Authentication Vulnerability in Dell EMC VxRail Versions 4.7.410 and 4.7.411 Privilege Escalation via SyncIQ in Dell EMC Isilon OneFS and PowerScale OneFS Arbitrary File Overwrite Vulnerability in Dell EMC OpenManage Enterprise (OME) Versions Prior to 3.4 Insufficient File Permissions Vulnerability in Dell EMC Isilon OneFS and PowerScale Vulnerability: Exposed Test Interface Ports in Dell EMC PowerStore Improper Authentication Vulnerability in Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) Hard-coded Cryptographic Key Vulnerability in Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) Dell Inspiron 7347 BIOS UEFI Boot Services Overwrite Vulnerability Path Traversal Vulnerabilities in Dell EMC OpenManage Server Administrator (OMSA) Versions 9.4 and Prior Dell G7 17 7790 BIOS UEFI Boot Services Overwrite Vulnerability Dell Inspiron 7352 BIOS UEFI Boot Services Overwrite Vulnerability Buffer Overflow Vulnerability in Dell EMC Isilon OneFS and PowerScale OneFS RSA MFA Agent 2.0 for Microsoft Windows Authentication Bypass Vulnerability Incomplete Fix for CVE-2020-5358 in Dell Encryption and Endpoint Security Suite Allows Privilege Escalation via Symbolic Link Dell EMC ECS Directory Table Exposure Vulnerability Improper Exception Handling Vulnerability in Dell XPS 13 9370 BIOS Versions Prior to 1.13.1 Improper SMM Communication Buffer Verification Vulnerability in Dell Inspiron 15 7579 2-in-1 BIOS Versions Prior to 1.31.0 Information Disclosure Vulnerability in Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) XML Signature Wrapping (XSW) Vulnerability in PySAML2 CSRF Vulnerability in Auth0 Plugin for WordPress (Version < 4.0.0) via Domain Field Stored XSS Vulnerability in Auth0 Plugin for WordPress (<= 4.0.0) via Settings Page Session Token Theft via XSS in Appspace On-Prem through 7.1.3 Use-After-Free Vulnerability in FontForge 20190801 Insecure Default Configuration in VMware GemFire and Tanzu GemFire Allows Remote Code Execution CSRF Vulnerability in Spring Framework through CORS Preflight Requests Reflected File Download (RFD) Vulnerability in Spring Framework Insecure Connection Vulnerability in Cloud Foundry CredHub Sensitive Information Exposure in Cloud Foundry Cloud Controller (CAPI) Logs Cloud Foundry Routing Release: Header Injection Vulnerability CSRF Vulnerability in Cloud Foundry UAA: Unchecked OAuth2 State Parameter in External Identity Provider Authentication Premature Connection Closure Vulnerability in Reactor Netty HttpServer Credentials Leak during Redirect in Reactor Netty HttpClient Arbitrary File Access Vulnerability in Spring Cloud Config Server Unauthorized Access to Database via PCF Autoscaling Log Leakage Signature Wrapping Vulnerability in Spring Security SAML Response Validation Fixed Null Initialization Vector Vulnerability in Spring Security Untrusted Website Redirect Vulnerability in Pivotal Concourse Arbitrary Configuration File Access Vulnerability in Spring Cloud Config Jackson Deserialization Vulnerability in Spring Batch Hystrix Dashboard Proxy Stream Endpoint Vulnerability Vulnerability: Unprotected Deserialization in Spring Integration's Kryo Codec Credential Logging Vulnerability in VMware Tanzu Application Service for VMs Identity Spoofing Vulnerability in Concourse with GitLab Auth Connector Denial-of-Service Vulnerability in Cloud Foundry Routing (Gorouter) with NGINX Reverse Proxies Sensitive Route Claiming Vulnerability in Cloud Foundry CAPI Unauthorized Access to Droplet Listing in Cloud Foundry CAPI RabbitMQ 3.8.x Vulnerability: Windows Binary Planting for Arbitrary Code Execution Denial-of-Service Vulnerability in Cloud Foundry Routing (Gorouter) Vulnerability: Bypassing RFD Protections via jsessionid Path Parameter in Spring Framework Exposure of UAA Password in BOSH System Metrics Server Releases Prior to 0.1.0 Denial-of-Service Vulnerability in CAPI (Cloud Controller) YAML Parser User Impersonation Vulnerability in VMware Tanzu Single Sign-On Plaintext Transmission of UAA Client Token in TAS Scheduler SQL Injection Vulnerability in Spring Cloud Data Flow SQL Injection Vulnerability in Spring Cloud Task 2.2.4.RELEASE and below Heap-Based Buffer Overflow in FontForge 20190801's Type2NotDefSplines() Function OpenID Connect Reference Implementation for MITREid Connect XSS Vulnerability Enclave ID Race Vulnerability in Baidu Rust SGX SDK through 1.0.8 CSRF Vulnerability in phpBB 3.2.8 Allows Unauthorized Group Avatar Modification CSRF Vulnerability in phpBB 3.2.8 Allows Unauthorized Approval of Group Memberships SQL Injection in phpMyAdmin User Accounts Page Remote Command Execution Vulnerability in Freelancy v1.0.0 via file Parameter Remote Code Execution in PHPGurukul Car Rental Project v1.0 via Profile Image Upload SQL Injection Vulnerability in PHPGurukul Hostel Management System v2.0 Authentication Bypass via SQL Injection in PHPGurukul Small CRM v2.0 Path Traversal Vulnerability in Gila CMS 1.11.8 Directory Traversal Vulnerability in Gila CMS 1.11.8 Unrestricted File Upload Vulnerability in Gila CMS 1.11.8 via .phar or .phtml SQL Injection Vulnerability in Gila CMS 1.11.8 CSRF Vulnerability in BlueOnyx 5209R Login URI Allows Unauthorized Dashboard Access and Analysis OpenLiteSpeed WebAdmin Console URL Validation Bypass Vulnerability Unverified X.509 Certificates in netprint App for iOS 3.2.3 and Earlier Allow Man-in-the-Middle Attacks Unverified X.509 Certificates Vulnerability in kantan netprint App for iOS Unverified X.509 Certificates Vulnerability in Kantan Netprint App for Android Vulnerability: Insecure Certificate Validation in Android App 'MyPallete' and Banking Applications Arbitrary OS Command Execution Vulnerability in Aterm Series UPnP Function Arbitrary OS Command Execution with Root Privileges in Aterm Series Unverified X.509 Certificate Vulnerability in AWMS Mobile App for Android and iOS MELSOFT Transmission Port Denial-of-Service Vulnerability Arbitrary Script Injection Vulnerability in Movable Type Series Code Execution Vulnerabilities in HtmlUnit CSRF Vulnerability in Easy Property Listings Prior to Version 3.4 Remote Code Execution and Denial of Service Vulnerability in Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 Authentication Bypass Vulnerability in ilbo App Allows Unauthorized Image Access Cross-Site Scripting Vulnerability in Aterm WG2600HS Firmware Ver1.3.2 and Earlier Arbitrary OS Command Execution Vulnerability in Aterm WG2600HS Firmware Ver1.3.2 and Earlier Arbitrary OS Command Execution Vulnerability in OpenBlocks IoT VX2 (Ver.3 Series) Authentication Bypass and Device Initialization Vulnerability in OpenBlocks IoT VX2 Remote Code Execution Vulnerability in Cybozu Desktop for Windows 2.0.23 to 2.2.40 Arbitrary Code Execution Vulnerability in PALLET CONTROL Ver. 6.3 and Earlier Session Management Vulnerability in GRANDIT Versions 1.6 to 3.0 Arbitrary Script Injection Vulnerability in CyberMail Ver.6.x and Ver.7.x Open Redirect Vulnerability in CyberMail Ver.6.x and Ver.7.x: Remote Phishing Attack Vector Buffer Overflow Vulnerability in Mitsubishi Electric MELQIC IU1 Series IU1-1M20-D Firmware Version 1.0.7 and Earlier Session Management Vulnerability in Mitsubishi Electric MELQIC IU1 Series IU1-1M20-D Firmware Version 1.0.7 and Earlier Null Pointer Dereference Vulnerability in Mitsubishi Electric MELQIC IU1 Series IU1-1M20-D Firmware Version 1.0.7 and Earlier Remote Code Execution Vulnerability in Mitsubishi Electric MELQIC IU1 Series IU1-1M20-D Firmware Argument Injection Vulnerability in Mitsubishi Electric MELQIC IU1 Series IU1-1M20-D Firmware TCP Resource Management Errors in Mitsubishi Electric MELQIC IU1 Series IU1-1M20-D Firmware Version 1.0.7 and Earlier Denial of Service Vulnerability in Yamaha Routers and Firewall CSRF Vulnerability in EasyBlocks IPv6 and Enterprise Versions Session Fixation Vulnerability in EasyBlocks IPv6 and Enterprise Ver. 2.0.1 and Earlier: Impersonation and Information Disclosure Bluetooth-based Denial of Service and Command Execution Vulnerability in Toyota 2017 Model Year DCU Cross-Site Scripting Vulnerability in Mailform Version 1.04 Arbitrary PHP Code Execution Vulnerability in Mailform Version 1.04 Directory Traversal Vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 Improper Input Validation in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 Allows Remote File Read/Write Arbitrary OS Command Execution in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 Arbitrary Code Injection Vulnerability in CuteNews 2.0.1 Arbitrary PHP Code Execution Vulnerability in CuteNews 2.0.1 Cross-Site Scripting Vulnerability in WL-Enq 1.11 and 1.12 Arbitrary OS Command Execution in WL-Enq 1.11 and 1.12 Arbitrary OS Command Execution Vulnerability in Keijiban Tsumiki v1.15 Cybozu Garoon SSRF Vulnerability in V-CUBE Meeting Function API Authentication Bypass Vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 Cross-Site Scripting Vulnerability in Cybozu Garoon's 'E-mail' Application Remote Data Alteration Vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 via Workflow and MultiReport Remote authenticated data alteration vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 via 'E-mail' and 'Messages' applications Cybozu Garoon Authentication Bypass Vulnerability Cross-Site Scripting Vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 via 'Messages' and 'Bulletin Board' Applications Unquoted Search Path Vulnerability in HDD Password Tool (Windows) Version 1.20.6620 and Earlier Cross-Site Scripting Vulnerability in Sales Force Assistant v11.2.48 and Earlier Vulnerability: Information Disclosure via Malicious Applications on SHARP AQUOS Series Credential Information Disclosure in Mailwise for Android 1.0.0 to 1.0.1 Credential Information Disclosure in kintone mobile for Android 1.0.0 to 2.5 HTML Attribute Value Injection Vulnerability in Movable Type Series Arbitrary script injection vulnerability in Movable Type series Unspecified Cross-Site Request Forgery (CSRF) Vulnerability in Movable Type Series Arbitrary File Upload and PHP Script Execution Vulnerability in Movable Type SQL Injection Vulnerability in Paid Memberships Plugin (Versions Prior to 2.3.3) Allows Arbitrary SQL Command Execution Bypassing Access Restriction in Cybozu Garoon 4.0.0 to 5.0.1 Path Traversal Vulnerability in Cybozu Garoon 4.0.0 to 5.0.1: Unauthorized Information Disclosure Unspecified Vector Access Restriction Bypass Vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 Access Restriction Bypass Vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 Unspecified Information Disclosure Vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 Arbitrary Script Injection Vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 Arbitrary Script Injection Vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 Unspecified Information Disclosure Vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 Unauthenticated Path Traversal Vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 Bluetooth Pairing Vulnerability in Sony Wireless Headphones Arbitrary File Deletion Vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 XACK DNS Remote Denial of Service and Reflection Attack Vulnerability Arbitrary JavaScript Injection Vulnerability in Zenphoto Versions Prior to 1.5.7 Zenphoto 1.5.7 and Earlier: PHP Code Injection via Crafted .zip File Upload ClearText Transmission Vulnerability in Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX Series CPU Modules Buffer Overflow Vulnerability in Mitsubishi Electric GOT2000 Series TCP/IP Function Remote Code Execution Vulnerability in Mitsubishi Electric GOT2000 Series Null Pointer Dereference Vulnerability in Mitsubishi Electric GOT2000 Series TCP/IP Function Improper Access Control Vulnerability in Mitsubishi Electric GOT2000 Series Firmware Improper Argument Delimiter Neutralization in Mitsubishi Electric GOT2000 Series TCP/IP Function Resource Management Error Vulnerability in Mitsubishi Electric GOT2000 Series Arbitrary Command Execution Vulnerability in Chrome Extension for e-Tax Reception System Ver1.0.0.0 XML External Entity (XXE) Vulnerability in Mitsubishi Electric FA Engineering Software Uncontrolled Resource Consumption Vulnerability in Mitsubishi Electric FA Engineering Software Arbitrary Method Execution Vulnerability in Mercari Android App (Japan version) Prior to 3.52.0 WHR-G54S Firmware 1.43 and Earlier: Directory Traversal Vulnerability Arbitrary Script Injection Vulnerability in WHR-G54S Firmware 1.43 and Earlier Open Redirect Vulnerability in SHIRASAGI v1.13.1 and Earlier: Remote Phishing Attack Vector Remote Authentication Bypass Vulnerability in CAMS for HIS CENTUM CS 3000, CENTUM VP, B/M9000CS, and B/M9000 VP Arbitrary File Creation and Command Execution Vulnerability in CAMS for HIS CENTUM CS 3000, CENTUM VP, B/M9000CS, and B/M9000 VP Denial-of-Service and Arbitrary Code Execution Vulnerability in Global TechStream (GTS) for TOYOTA Dealers CSRF Vulnerability in Social Sharing Plugin Allows Authentication Hijacking Arbitrary Script Execution via Cross-Site Scripting in KonaWiki 2.2.0 and Earlier Arbitrary Script Execution via Cross-Site Scripting in KonaWiki 3.1.0 and Earlier Arbitrary File Read Vulnerability in KonaWiki 3.1.0 and Earlier CSRF Vulnerability in Calendar01 and Calendar02 Free Editions (ver1.0.0) Allows Remote Authentication Hijacking Authentication Bypass Vulnerability in Free Edition Ver1.0.0 of [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] SKYSEA Client View Privilege Escalation Vulnerability Cross-Site Scripting Vulnerability in Exment v3.6.0 and Earlier Cross-Site Scripting Vulnerability in Exment v3.6.0 and Earlier CSRF Vulnerability in NETGEAR Switching Hubs Allows Remote Authentication Hijacking and Device Settings Modification Denial of Service Vulnerability in Shadankun Server Security Type Arbitrary Website Access Vulnerability in NITORI App for Android and iOS Arbitrary SQL Command Execution Vulnerability in XooNIps 3.48 and Earlier Arbitrary Script Injection Vulnerability in XooNIps 3.48 and Earlier Arbitrary OS Command Execution in Logstorage and ELC Analytics Arbitrary Website Access Vulnerability in Yodobashi App for Android Arbitrary Website Access Vulnerability in UNIQLO App for Android Remote Code Execution Vulnerability in UNIQLO App for Android Stored Cross-Site Scripting Vulnerability in CMONOS.JP ver2.0.20191009 and Earlier Authenticated Remote Code Execution in InfoCage SiteShell Authentication Bypass Vulnerability in Multiple NEC Products Arbitrary OS Command Execution Vulnerability in ELECOM LAN Routers Arbitrary Command Execution Vulnerability in Aterm SA3500G Firmware Versions Prior to Ver. 3.5.9 Arbitrary Command Execution Vulnerability in Aterm SA3500G Firmware Integrity Check Bypass Vulnerability in Aterm SA3500G Firmware Arbitrary Script Injection Vulnerability in desknet's NEO Arbitrary File Upload and OS Command Execution Vulnerability in FileZen Versions V3.0.0 to V4.2.2 OneThird CMS v1.96c Local File Inclusion Vulnerability CSRF Vulnerability in GS108Ev3 Firmware Version 2.06.10 and Earlier CSRF Vulnerability in Live Chat - Live Support Version 3.1.0 and Earlier Bulletin Board Data Deletion Vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 Buffer Overflow Vulnerability in TCP/IP Function of GT14 Model of GOT 1000 Series Firmware Session Fixation Vulnerability in TCP/IP Function of GT14 Model of GOT 1000 Series Firmware TCP/IP NULL Pointer Dereference Vulnerability in GT14 Model of GOT 1000 Series Remote Unauthenticated Access Control Vulnerability in GT14 Model of GOT 1000 Series Firmware Argument Injection Vulnerability in GT14 Model of GOT 1000 Series Firmware TCP/IP Resource Management Error Vulnerability in GT14 Model of GOT 1000 Series Firmware Arbitrary Script Injection Vulnerability in Simple Download Monitor 3.8.8 and Earlier Arbitrary SQL Command Execution in Simple Download Monitor 3.8.8 and Earlier Uncontrolled Resource Consumption Vulnerability in Ethernet Port on MELSEC iQ-R, Q, and L Series CPU Modules Buffer Overflow Vulnerability in MELSEC iQ-R Series TCP/IP Function Remote Network Function Stoppage Vulnerability in MELSEC iQ-R Series Firmware Remote NULL Pointer Dereference Vulnerability in MELSEC iQ-R Series TCP/IP Function Remote Code Execution Vulnerability in MELSEC iQ-R Series Network Interface Modules Network Function Stoppage Vulnerability in MELSEC iQ-R Series Remote Resource Management Errors in TCP/IP Function of MELSEC iQ-R Series: Network Disruption Vulnerability XooNIps 3.49 and Earlier SQL Injection Vulnerability Reflected Cross-Site Scripting Vulnerability in XooNIps 3.49 and Earlier Stored Cross-Site Scripting Vulnerability in XooNIps 3.49 and Earlier Arbitrary Code Execution Vulnerability in XooNIps 3.49 and Earlier Denial-of-Service Vulnerability in MELSEC iQ-F Series FX5U(C) CPU Unit Firmware Uncontrolled Resource Consumption Vulnerability in MELSEC iQ-R Series CPU Modules Hard-coded API Key Vulnerability in Studyplus App for Android and iOS Uncontrolled Resource Consumption Vulnerability in MELSEC iQ-R Series Modules Arbitrary Script Injection Vulnerability in Movable Type Premium Untrusted Search Path Vulnerability in SEIKO EPSON Installers Out-of-bounds read vulnerability in GT21, GS21, and LE7-40GU-L series allows remote DoS attack Unspecified Remote Information Disclosure Vulnerability in GROWI v4.1.3 and Earlier Reflected Cross-Site Scripting Vulnerability in GROWI v4.0.0 and Earlier Stored Cross-Site Scripting Vulnerability in GROWI v3.8.1 and Earlier Clickjacking Vulnerability in EC-CUBE Administrative Page EC-CUBE Denial-of-Service Vulnerability Untrusted Search Path Vulnerability in EpsonNet SetupManager and Offirio SynergyWare PrintDirector Denial of Service Vulnerability in GROWI Versions Prior to v4.2.3 Directory Traversal Vulnerability in GROWI Allows Remote Data Alteration via Specially Crafted File Upload Insecure Certificate Verification in iSM Client Versions Prior to V12.1 Arbitrary OS Command Execution and DoS Vulnerability in UNIVERGE SV9500 and SV8500 Series Remote System Maintenance Access Vulnerability in UNIVERGE SV9500 and SV8500 Series Arbitrary File Creation Vulnerability in MikroTik WinBox (CVE-XXXX) Cleartext Password Storage Vulnerability in MikroTik WinBox Unauthenticated Remote SQL Injection Vulnerability in Grandstream UCM6200 Series Unencrypted Password Storage in UCM6200 Series 1.0.20.22 and Below SQL Injection Vulnerability in Grandstream UCM6200 Series: Unauthorized Password Discovery via Websockify Endpoint SQL Injection Vulnerability in Grandstream UCM6200 Series SQL Injection Vulnerability in Grandstream UCM6200 Series SimpliSafe SS3 Firmware 1.4 Authentication Bypass Vulnerability: Unauthorized Pairing of Rogue Keypad Cross-Site Scripting (XSS) Vulnerability in OpenMRS 2.9 and Prior Arbitrary Input Reflection XSS Vulnerability in OpenMRS 2.9 and Prior Cross-Site Scripting Vulnerability in OpenMRS 2.9 and Prior: Exploiting the sessionLocation Parameter Cross-Site Scripting Vulnerability in OpenMRS 2.9 and Prior: ActiveVisit's App Parameter Unauthenticated Access to Data Exchange Module in OpenMRS 2.9 and Prior Unauthenticated Access to Data Export in OpenMRS 2.9 and Prior Buffer Overflow Vulnerability in SolarWinds Dameware: Remote DoS via ECDH Key Exchange Stack-based Buffer Overflow Vulnerability in Amcrest Cameras and NVRs over Port 37777 Amcrest Cameras and NVR Vulnerability: Remote Crash via Null Pointer Dereference Stored XSS Vulnerability in Tenable.Sc before 5.14.0 Grandstream GXP1600 Series Firmware 1.0.4.152 and Below: Authenticated Remote Command Execution Vulnerability Authenticated Remote Command Execution in Grandstream GXP1600 Series Firmware 1.0.4.152 and Below via OpenVPN Up Script Arbitrary Code Execution Vulnerability in Plex Media Server on Windows Arbitrary Code Execution via Deserialization Vulnerability in Plex Media Server on Windows Cross-Origin Resource Sharing (CORS) Vulnerability in Plex Media Server Unauthorized Access to Test Metadata in TCExam 14.2.2 TCExam 14.2.2 Relative Path Traversal Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in TCExam 14.2.2 Persistent Cross-Site Scripting (XSS) Vulnerability in TCExam 14.2.2 Persistent Cross-Site Scripting (XSS) Vulnerability in TCExam 14.2.2 Persistent Cross-Site Scripting (XSS) Vulnerability in TCExam 14.2.2 Self-Registration Feature Persistent Cross-Site Scripting (XSS) Vulnerability in TCExam 14.2.2 Persistent Cross-Site Scripting (XSS) Vulnerability in TCExam 14.2.2 Self-Registration Feature Persistent Cross-Site Scripting (XSS) Vulnerability in TCExam 14.2.2 Arbitrary Command Execution with SYSTEM Privileges in Druva inSync Windows Client 6.6.3 Remote DNS Disclosure Vulnerability in Signal Private Messenger Type Confusion Vulnerability in Webroot Endpoint Agents Privilege Escalation Vulnerability in Webroot Endpoint Agents Authenticated Remote Command Execution via Undocumented API in Grandstream GWN7000 Firmware OS Command Injection Vulnerability in Grandstream UCM6200 Series Firmware Version 1.0.20.23 and Below via HTTP OS Command Injection Vulnerability in Grandstream UCM6200 Series Firmware Version 1.0.20.23 and Below via HTTP OS Command Injection Vulnerability in Grandstream UCM6200 Series Firmware Version 1.0.20.23 and Below Grandstream HT800 Series Firmware OS Command Injection Vulnerability Grandstream HT800 Series Firmware CPU Exhaustion Vulnerability Denial of Service Vulnerability in Grandstream HT800 Series Firmware Backdoor Vulnerability in Grandstream HT800 Series Firmware Directory Traversal Vulnerability in MX Player Android App Prior to v1.24.5 Stored XSS Vulnerability in Nessus 8.10.0 and Earlier SQL Injection Vulnerability in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 Cross-Site Request Forgery Vulnerability SQL Injection Vulnerability in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 Persistent Cross-Site Scripting (XSS) Vulnerability in Teltonika Firmware TRB2_R_00.02.02 Teltonika Firmware TRB2_R_00.02.04.01 Cross-Site Request Forgery Vulnerability Root Privilege Escalation via Malicious Backup Archive Upload in Teltonika Firmware TRB2_R_00.02.04.01 Root Privilege Escalation via Malicious Package Upload in Teltonika Firmware TRB2_R_00.02.04.01 Unauthorized Write Operations Vulnerability in Teltonika Firmware TRB2_R_00.02.04.01 Session Expiration Vulnerability in Nessus Versions 8.11.0 and Earlier Canvas LMS 2020-07-29: Remote Server-Side Request Forgery Vulnerability CSRF Vulnerability in MAGMI Allows for Remote Code Execution Remote Authentication Bypass in MAGMI Versions Prior to 0.7.24 Remote Code Execution Vulnerability in Trading Technologies Messaging 7.1.28.3 Invalid Parameter Handling Vulnerability in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) Unauthenticated Email Forgery/Spoofing Vulnerability in Icegram Email Subscribers & Newsletters Plugin for WordPress Denial-of-Service Vulnerability in IgniteNet HeliOS GLinq v2.2.1 r2961 Denial of Service Vulnerability in IgniteNet HeliOS GLinq v2.2.1 r2961 CSRF Vulnerability in IgniteNet HeliOS GLinq v2.2.1 r2961 Server-Side Request Forgery (SSRF) Vulnerability in Teltonika Firmware TRB2_R_00.02.04.3 Reflected Cross-Site Scripting Vulnerability in Teltonika Firmware TRB2_R_00.02.04.3 Teltonika Firmware TRB2_R_00.02.04.3 Cross-Site Request Forgery Vulnerability Arbitrary File Deletion Vulnerability in Teltonika Firmware TRB2_R_00.02.04.3 Arbitrary File Deletion Vulnerability in Teltonika Firmware TRB2_R_00.02.04.3 Teltonika Firmware TRB2_R_00.02.04.3: Remote File Read Vulnerability Cross-Site Request Forgery Vulnerability in Nagios XI 5.7.3 Command Injection Vulnerability in Nagios XI 5.7.3 Allows Remote Admin User to Execute OS Commands Arbitrary File Write and Code Execution Vulnerability in Nagios XI 5.7.3 File Copy Vulnerability in Nessus for Windows and Nessus Agent for Windows Arbitrary Code Execution Vulnerability in Nessus Network Monitor for Windows Archer A7(US)_V5_200721: Authenticated Admin Symlink Vulnerability Allows Arbitrary Code Execution via USB Drive Privilege Escalation via Weak File Permissions in Nagios XI 5.7.4 TP-Link Archer C9(US)_V1_180125 Firmware Symlink Vulnerability Privilege Escalation Vulnerability in inSync Client Installer for macOS Versions v6.8.0 and Prior Backdoor Account Vulnerability in Eat Spray Love Mobile App Allows Unauthorized Access to User Data Authentication Bypass Vulnerability in Eat Spray Love Mobile App FactoryTalk Linx 6.11 OpenNamespace Message Remote Code Execution Vulnerability Memory Allocation Vulnerability in RnaDaSvr.dll Arbitrary File Deletion Vulnerability in Marvell QConvergeConsole GUI 5.5.0.74 Path Traversal Vulnerability in Marvell QConvergeConsole GUI Clear-text Storage of Credentials in Marvell QConvergeConsole GUI Memory Allocation Size Vulnerability in CServerManager::HandleBrowseLoadIconStreamRequest FactoryTalk Diagnostics 6.11 Unauthenticated Remote Code Execution Vulnerability Unrestricted Scanner Access in Tenable.sc Prior to 5.17.0 Stored XSS Vulnerability in Umbraco CMS: Arbitrary JavaScript Injection via TinyMCE Editor Stored XSS Vulnerability in Umbraco CMS: Uploading Malicious .svg Files Authenticated Path Traversal Vulnerability in Umbraco CMS Package Installation Certificate Validation Vulnerability in Nessus AMI Versions 8.12.0 and Earlier Privilege Escalation Vulnerability in Symantec Endpoint Protection DLL Injection Vulnerability in Symantec Endpoint Protection Privilege Escalation Vulnerability in Symantec Endpoint Protection Privilege Escalation Vulnerability in Symantec Endpoint Protection Denial of Service Vulnerability in Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE) Arbitrary File Write Vulnerability in Symantec Endpoint Protection Out of Bounds Memory Read Vulnerability in Symantec Endpoint Protection Out of Bounds Memory Read Vulnerability in Symantec Endpoint Protection Manager (SEPM) Out of Bounds Memory Read Vulnerability in Symantec Endpoint Protection Manager (SEPM) Out of Bounds Memory Read Vulnerability in Symantec Endpoint Protection Manager (SEPM) Out of Bounds Memory Read Vulnerability in Symantec Endpoint Protection Manager (SEPM) Out of Bounds Memory Read Vulnerability in Symantec Endpoint Protection Manager (SEPM) Privilege Escalation Vulnerability in Symantec Data Center Security Manager Component Out of Bounds Memory Read Vulnerability in Symantec Endpoint Protection Manager Directory Traversal Vulnerability in Symantec Endpoint Protection Manager Race Condition in Symantec Endpoint Protection Manager Client Remote Deployment Leading to Privilege Elevation ACL Reset Vulnerability in Symantec Endpoint Protection File Permission Bypass Vulnerability in Symantec Endpoint Protection Cross-Site Scripting (XSS) Vulnerability in Symantec IT Analytics Information Disclosure Vulnerability in Symantec Endpoint Detection And Response (prior to 4.4) Directory Traversal Vulnerability in HashBrown CMS SQL Injection Vulnerability in OpServices OpMon 9.3.1-1 Allows Unauthorized Password Change Cross-Site Scripting (XSS) Vulnerability in Codoforum 4.8.3 User Registration Page Cross-Site Scripting (XSS) Vulnerability in Codoforum 4.8.3 Admin Dashboard via Category in Manage Users Screen Arbitrary PHP Script Upload and Execution in Pandora FMS v7.0 NG Insecure File Upload and Code Execution Vulnerability in Ahsay Cloud Backup Suite 8.3.0.30 Unraid 6.8.0 Remote Code Execution Vulnerability Unraid 6.8.0 Authentication Bypass Vulnerability Vulnerability: Limited System Integrity Check in TPM on Specific Engineering Hotfixes and Platforms Disruption of Service Vulnerability in Traffic Management Microkernel (TMM) through FastL4 Profile Internal Portal Access Name Conflict Vulnerability in BIG-IP APM Vulnerability: TMM Crash in BIG-IP Connector Profile Windows Logon Integration Vulnerability in BIG-IP Edge Client for Windows TMM Restart Vulnerability in BIG-IP Virtual Edition Instances on AWS Undisclosed HTTP Behavior Denial of Service Vulnerability on BIG-IP Elevated Privilege Command Execution Vulnerability in BIG-IP and BIG-IQ HTTP/3 Message Format Vulnerability on BIG-IP 15.1.0.1 Unencrypted Failover Service Vulnerability in BIG-IP and BIG-IQ Memory Error Vulnerability in BIG-IP 12.1.0-12.1.5 TMM Crash Vulnerability on BIG-IP with DPDK/ENA Driver on AWS Unprivileged User Account Creation Vulnerability in NGINX Controller Default TLS Verification Bypass in NGINX Controller Versions Prior to 3.2.0 Unencrypted Communication Vulnerability in NGINX Controller Command-line argument vulnerability in NGINX Controller's helper.sh script Insecure Package Installation in NGINX Controller Agent Installer Script Remote Command Execution Vulnerability in BIG-IQ 6.0.0-7.0.0 Insecure High Availability Synchronization in BIG-IQ 5.2.0-7.0.0 Unauthenticated High Availability Synchronization in BIG-IQ 5.2.0-7.0.0 Denial of Service (DoS) Vulnerability in BIG-IP HTTP/2 Virtual Servers TLS Traffic Processing Vulnerability with Hardware Cryptographic Acceleration on BIG-IP Platforms with Intel QAT Hardware Arbitrary Command Execution via Maliciously Crafted SCP Request Crafted Requests Vulnerability in BIG-IP APM Virtual Server Leading to TMM Service Disruption Vulnerability: SSL Traffic Processing with HTTP/2 Full Proxy on BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3 Can Cause TMM Restart and Core File Generation Race Condition Vulnerability in BIG-IP Configuration Sync Process Denial of Service Vulnerability in BIG-IP DATAGRAM::tcp iRules Command TMM Restart Vulnerability on BIG-IP Virtual Edition Unencrypted Data Plane Traffic Vulnerability on BIG-IP ASM 11.6.1-11.6.5.1 Arbitrary File Upload and Authorization Bypass Vulnerability in BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3 Vulnerability: Network Device Abstraction Layer (NDAL) Interface Lockup in BIG-IP Virtual Edition (VE) Intel QuickAssist Technology (QAT) Cryptography Driver Vulnerability HTTP POST Requests Cause XData Memory Leak in BIG-IP Virtual Servers with HTTP Explicit Proxy Insecure Default Deployment Mode for BIG-IP High Availability Pair Mirroring Insecure Transfer of Cryptographic Objects in BIG-IP Connection Mirroring Insecure Communication Channel Vulnerability in BIG-IP Systems with Connection Mirroring Remote Access Vulnerability in BIG-IP Virtual Edition (VE) Vulnerability: Adjacent Network Attackers Can Bypass Port Lockdown on BIG-IP Virtual Edition (VE) Reflected XSS Vulnerability in BIG-IP APM Portal Access LDAP Credential Obfuscation Vulnerability Denial of Service Vulnerability in BIG-IP with Fallback Host and HTTP/2 Profile Session ID Exposure in BIG-IP Edge Client Components Vulnerability: Insecure Authentication and Captive Portal Detection in BIG-IP Edge Client Session Token Invalidation Vulnerability in NGINX Controller Webserver World-Readable and World-Writable Socket Permissions in NGINX Controller AVRD Weak File and Folder Permissions in BIG-IP Edge Client's Windows Installer Service's Temporary Folder Use-After-Free Memory Vulnerability in BIG-IP Edge Client Windows ActiveX Component (Versions 7.1.5-7.1.9) BIG-IP Edge Client Windows Stonewall Driver Local Denial of Service Vulnerability Plain Text Storage and Transmission of Password Recovery Codes in NGINX Controller 3.0.0-3.4.0 Insufficient CSRF Protections in NGINX Controller User Interface Reflected Cross Site Scripting (XSS) Vulnerability in NGINX Controller 3.3.0-3.4.0 Remote Code Execution (RCE) Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Cross-Site Scripting (XSS) Vulnerability in BIG-IP Configuration Utility CSRF Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Unsanitized User Data Display Vulnerability in BIG-IP System Configuration Utility Network > WCCP Page SCP Access Control Bypass Vulnerability in BIG-IP System Arbitrary File Read/Write Vulnerability in BIG-IP's TMOS Shell (tmsh) SFTP Functionality Exposure of Full Session ID in Edge Client for Linux Local Log Files Server TLS Certificate Verification Bypass Vulnerability Unauthenticated Access Vulnerability in NATS Messaging Services of NGINX Controller Insecure HTTP Download of Kubernetes Packages in NGINX Controller Installer Arbitrary File Overwrite Vulnerability in BIG-IP's restjavad Dump Command SSL/TLS Certificate Revocation Bypass Vulnerability Undisclosed Server Cookie Vulnerability in BIG-IP ASM Stored XSS Vulnerability in TMUI Page of BIG-IP Systems with Device Trust Arbitrary File Read Vulnerability in BIG-IP Versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 Insecure Key Length in BIG-IP and BIG-IQ OpenSSH Servers High Volume SCTP Traffic Causes TMM to Stop Responding Vulnerability Session Variable Rendering Vulnerability in BIG-IP APM UI-based Agents Blind SQL Injection Vulnerability in BIG-IP AFM Configuration Utility MCPD Memory Consumption Vulnerability in BIG-IP VIPRION Hosts iControl REST Vulnerability: Cross Site Request Forgery Protection Bypass with Basic Authentication Self-IP Port-Lockdown Bypass via IPv6 Link-Local Addresses Memory Leakage in BIG-IP APM Versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2 with RADIUS Authentication Undisclosed UDP Traffic Vulnerability in BIG-IP Traffic Management Microkernel (TMM) Memory Leakage in BIG-IP Virtual Server with SIP ALG Profile Stored Cross-Site Scripting Vulnerability in BIG-IP ASM Configuration Utility Multiple CSRF Token Reuse Vulnerability in BIG-IP ASM Configuration Utility Vulnerability: SSL/TLS Handshake Oracle in BIG-IP Platforms with Cavium Nitrox SSL Hardware Acceleration Cards Unauthenticated Disruption of Service Vulnerability in BIG-IP and BIG-IQ WebSocket Header Handling Vulnerability in BIG-IP Virtual Servers with OneConnect Profile Cross-Site Scripting (XSS) Vulnerability in BIG-IP ASM Configuration Utility Response and Blocking Pages Out-of-Memory Vulnerability in BIG-IP Systems with HTTP Compression Profile TCP Keep-Alive Connection Disruption Vulnerability in BIG-IP APM MQTT Traffic Handling Vulnerability on BIG-IP Excessive Resource Consumption in BIG-IP LTM SSL Traffic Processing BIG-IP AFM 15.1.0-15.1.0.5 L4 Behavioral DoS Traffic Core File Vulnerability IPSec Tunnel Key Length Mismatch Vulnerability TMM Transmission Failure Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in BIG-IP Traffic Management User Interface (TMUI) Denial of Service Vulnerability in BIG-IP RESOLV::lookup Command BIG-IP PEM Capabilities-Exchange-Answer (CEA) Packet Processing Vulnerability Insecure Obfuscation of Protected Fields in BIG-IP REST Interface Disabled Grafana Reverse Proxy in BIG-IQ 7.1.0 Web Service Configuration Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in BIG-IP TMUI Page Allows Privilege Escalation BIG-IP Advanced WAF and FPS Denial-of-Service Vulnerability TCP Sequence Number Reuse Vulnerability in Specific BIG-IP Platforms Reflected XSS Vulnerability in BIG-IP iControl REST Endpoints FTP Channel Break Vulnerability Reflected XSS Vulnerability in iControl REST on BIG-IP 14.1.0-14.1.2.6 InsydeH2O UEFI Firmware SWSMI Handler Privilege Escalation Vulnerability Privilege Escalation Vulnerability in InsydeH2O on Intel Client Chipsets Untrusted External Input Vulnerability in Insyde InsydeH2O SdLegacySmm NVIDIA Windows GPU Display Driver Local Privilege Escalation Vulnerability NVIDIA Windows GPU Display Driver Local System Access Vulnerability Denial of Service Vulnerability in NVIDIA Virtual GPU Manager Null Pointer Dereference Vulnerability in NVIDIA Virtual GPU Manager Denial of Service Vulnerability in NVIDIA vGPU Graphics Driver for Guest OS NVIDIA Windows GPU Display Driver Local Privilege Escalation Vulnerability Vulnerability in NVIDIA Windows GPU Display Driver: Improper Access Control in Inter Process Communication APIs Vulnerability in NVIDIA Windows GPU Display Driver Allows Code Execution and Information Disclosure NVIDIA Windows GPU Display Driver DirectX 11 Out of Bounds Access Vulnerability NVIDIA Windows GPU Display Driver Kernel Mode NULL Pointer Dereference Vulnerability Race Condition Vulnerability in NVIDIA Linux GPU Display Driver NVIDIA Virtual GPU Manager vGPU Plugin Resource Access Vulnerability Race Condition Vulnerability in NVIDIA Virtual GPU Manager's vGPU Plugin Unvalidated Input Data Size Vulnerability in NVIDIA Virtual GPU Manager Buffer Overflow Vulnerability in NVIDIA Virtual GPU Manager Uninitialized Pointer Vulnerability in NVIDIA Virtual GPU Manager Privilege Escalation Vulnerability in NVIDIA Virtual GPU Manager and Guest Drivers Improper Permissions Setting in NVIDIA JetPack SDK Installation Scripts Sensitive Information Disclosure in NVIDIA GeForce NOW Desktop Application Insecure Transmission of Sensitive Information in NVIDIA GeForce NOW Uncontrolled Search Path Vulnerability in NVIDIA GeForce Experience Privilege Escalation Vulnerability in NVIDIA GeForce Experience NVIDIA Windows GPU Display Driver Privilege Escalation Vulnerability Insecure Dependency Loading Vulnerability in NVIDIA Windows GPU Display Driver NVIDIA Windows GPU Display Driver DirectX11 Out of Bounds Access Vulnerability NVIDIA Windows GPU Display Driver Denial of Service Vulnerability NVIDIA Virtual GPU Manager Memory Write Vulnerability Use-after-free vulnerability in NVIDIA Virtual GPU Manager vGPU Plugin Unvalidated Input Length Vulnerability in NVIDIA Virtual GPU Manager Vulnerability in NVIDIA Virtual GPU Manager: Unvalidated Input Data Size Leading to Tampering or Denial of Service Vulnerability in NVIDIA Virtual GPU Manager: Guest-Writable Parameters Leading to Denial of Service or Privilege Escalation Double Free Vulnerability in NVIDIA Virtual GPU Manager NVIDIA Virtual GPU Manager vGPU Plugin NULL Pointer Dereference Vulnerability Vulnerability in NVIDIA GeForce Experience ShadowPlay Component Out-of-Bounds Read/Write Vulnerability in NVIDIA CUDA Toolkit's NVJPEG Library Vulnerability in NVIDIA GeForce NOW Application Software: OpenSSL Binary Planting Attack Heap-based Buffer Overflow in Philips Hue Bridge Model 2.X: Remote Code Execution Vulnerability Arbitrary File Write Vulnerability in LifterLMS WordPress Plugin (Version < 3.37.15) Unauthenticated SQL Injection in LearnDash WordPress Plugin (Versions below 3.1.6) SQL Injection Vulnerability in LearnPress WordPress Plugin (<= 3.2.6.7) Privilege Escalation via File Replacement in ZoneAlarm Anti-Ransomware Elevated Privilege Code Execution Vulnerability in ZoneAlarm Firewall and Antivirus Products DLL Loading Vulnerability in Check Point Endpoint Security Client for Windows Denial of Service Vulnerability in Check Point Endpoint Security for Windows Heap-Based Buffer Underflow and Remote Code Execution in Valve's Game Networking Sockets Heap-Based Buffer Overflow in Valve's Game Networking Sockets v1.2.0 and earlier Stack-Based Buffer Overflow in Valve's Game Networking Sockets v1.2.0 and earlier Improper Handling of Inlined Statistics Messages in Valve's Game Networking Sockets Vulnerability: Command Execution and Denial of Service in Check Point Security Management's Internal CA Web Management Privilege Escalation via DLL Hijacking in Check Point Endpoint Security Client for Windows Local File Deletion Vulnerability in Check Point ZoneAlarm Anti-Ransomware Local Privilege Escalation Vulnerability in Check Point ZoneAlarm Anti-Ransomware Local Privilege Escalation in Check Point SmartConsole Out-of-Bounds Read Vulnerability in MiniSNMPD 1.4 Allows Information Disclosure and Denial of Service Out of Bounds Read Vulnerability in MiniSNMPD 1.4 Allows Information Disclosure and Denial of Service Stack Buffer Overflow Vulnerability in MiniSNMPD Version 1.4 Allows Denial of Service Attacks CoTURN 4.5.1.1 Web Server Heap Out-of-Bounds Read Vulnerability CoTURN 4.5.1.1 Web Server Denial-of-Service Vulnerability Accusoft ImageGear igcore19d.dll Library PCX File Out-of-Bounds Write Vulnerability Accusoft ImageGear igcore19d.dll Library PCX File Out-of-Bounds Write Vulnerability Accusoft ImageGear igcore19d.dll Library BMP Parsing Out-of-Bounds Write Vulnerability Accusoft ImageGear 19.5.0 Library JPEG SOFx Parser Out-of-Bounds Write Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Accusoft ImageGear 19.5.0 TIFF tifread Parser Remote Code Execution Vulnerability in Accusoft ImageGear 19.5.0 Library Accusoft ImageGear 19.5.0 Library JPEG Parser Out-of-Bounds Write Remote Code Execution Vulnerability Code Execution Vulnerability in fsck.f2fs 1.12.0 Denial-of-Service Vulnerability in Videolabs libmicrodns 0.1.0: Recursive Compression Pointer Exploit Double Free Vulnerability in Videolabs libmicrodns 0.1.0 Integer Overflow Denial-of-Service Vulnerability in Videolabs libmicrodns 0.1.0 Nitro Pro 13.9.1.155 PDF Parser Use-After-Free Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Accusoft ImageGear 19.5.0 Remote Code Execution Vulnerability in Accusoft ImageGear 19.5.0 Library Denial-of-Service Vulnerability in Videolabs libmicrodns 0.1.0 Message Parsing Uninitialized Variable Usage Leading to Null Pointer Dereference in Videolabs libmicrodns 0.1.0 Denial-of-Service Vulnerability in Videolabs libmicrodns 0.1.0: Resource Exhaustion via mDNS Message Parsing Denial-of-Service Vulnerability in Videolabs libmicrodns 0.1.0 Resource Allocation Handling Remote Code Execution Vulnerability in 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30 Remote Code Execution Vulnerability in Accusoft ImageGear 19.6.0 ENIP Request Path Port Segment Denial of Service Vulnerability in Allen-Bradley Flex IO 1794-AENT/B Denial-of-Service Vulnerability in Allen-Bradley Flex IO 1794-AENT/B 4.003 Denial-of-Service Vulnerability in Allen-Bradley Flex IO 1794-AENT/B 4.003 ENIP Request Path Data Segment Denial-of-Service Vulnerability in Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Data Segment Denial-of-Service Vulnerability in Allen-Bradley Flex IO 1794-AENT/B Denial-of-Service Vulnerability in Allen-Bradley Flex IO 1794-AENT/B 4.003 Buffer Overflow Vulnerability in Leadtools 20 ANI File Format Parser Remote Code Execution Vulnerability in WAGO PFC 200 03.03.10(15) Web-Based Management Authentication Bypass Vulnerability in Epson EB-1470Ui Web Control Functionality Nitro Pro 13.9.1.155 Pattern Object Code Execution Vulnerability Nitro Pro 13.9.1.155 XML Error Handling Information Disclosure Vulnerability Accusoft ImageGear TIFF fillinraster Function Out-of-Bounds Write Remote Code Execution Vulnerability GStreamer/gst-rtsp-server 1.14.5 Denial of Service Vulnerability Signed Comparison Vulnerability in ARMv7 memcpy() Implementation of GNU glibc 2.30.9000 Denial of Service Vulnerability in atftpd Daemon of atftp 0.7.git20120829-3.1+b1 Denial-of-Service Vulnerability in freeDiameter 1.3.2 Heap Buffer Overflow in Graphisoft BIMx Desktop Viewer 2019.2.2328 Memory Corruption Vulnerability in AMD Graphics Driver (atidxx64.dll) Allows Guest-to-Host Escape AMD Radeon DirectX 11 Driver Shader Code Execution Vulnerability AMD Radeon DirectX 11 Driver Shader Code Execution Vulnerability AMD Radeon DirectX 11 Driver Shader Code Execution Vulnerability Information Disclosure Vulnerability in F2fs-Tools F2fs.Fsck 1.13 Code Execution Vulnerability in F2fs-Tools F2fs.Fsck 1.13 Information Disclosure Vulnerability in F2fs-Tools F2fs.Fsck 1.12 and 1.13 Uninitialized Read Information Disclosure Vulnerability in F2fs-Tools F2fs.Fsck 1.13 Heap Buffer Overflow in F2fs-Tools F2fs.Fsck 1.13 Zoom Client 4.6.10 Path Traversal Vulnerability Allows Arbitrary Code Execution Arbitrary Code Execution via Path Traversal in Zoom Client 4.6.10 IPv4 Denial-of-Service Vulnerability in Allen-Bradley MicroLogix 1100 PLC Systems JPEG2000 Stripe Decoding Memory Corruption Vulnerability in Nitro Pro 13.13.2.242 Integer Overflow Vulnerability in Nitro Pro 13.13.2.242 Object Stream Parsing SQL Injection Vulnerability in Glacies IceHRM v26.6.0.OS Admin Reports Functionality Use-After-Free Vulnerability in Nitro Pro 13.13.2.242 Arbitrary Code Execution Vulnerability in Nitro Pro 13.13.2.242 SQL Injection Vulnerability in CheckDuplicateStudent.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in CheckDuplicateStudent.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in CheckDuplicateStudent.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in CheckDuplicateStudent.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in CheckDuplicateStudent.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in CheckDuplicateStudent.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in OS4Ed openSIS 7.3 EmailCheck.php SQL Injection Vulnerability in OS4Ed openSIS 7.3 EmailCheckOthers.php SQL Injection Vulnerability in OS4Ed openSIS 7.3 GetSchool.php Functionality SQL Injection Vulnerability in CoursePeriodModal.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in CoursePeriodModal.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in CoursePeriodModal.php of OS4Ed openSIS 7.3 SQL Injection Vulnerability in OS4Ed openSIS 7.3: Exploiting the course_period_id Parameter in CpSessionSet.php SQL Injection Vulnerability in OS4Ed openSIS 7.3: MassDropSessionSet.php SQL Injection Vulnerability in OS4Ed openSIS 7.3: MassScheduleSessionSet.php SQL Injection Vulnerability in OS4Ed openSIS 7.3's ChooseCP.php Page SQL Injection Vulnerability in OS4Ed openSIS 7.3 CourseMoreInfo.php Page SQL Injection Vulnerability in OS4Ed openSIS 7.3: MassDropModal.php ID Parameter SQL Injection Vulnerability in OS4Ed openSIS 7.3 Validator.php Functionality SQL Injection Vulnerability in OS4Ed openSIS 7.3 DownloadWindow.php Functionality SQL Injection Vulnerability in OS4Ed openSIS 7.3 Password Reset Functionality SQL Injection Vulnerability in OS4Ed openSIS 7.3 Password Reset Functionality SQL Injection Vulnerability in OS4Ed openSIS 7.3 Password Reset Functionality SQL Injection Vulnerability in OS4Ed openSIS 7.3 Password Reset Functionality SQL Injection Vulnerability in OS4Ed openSIS 7.3 Login Functionality Remote Code Execution Vulnerability in OS4Ed openSIS 7.3 Modules.php Allows Local File Inclusion Remote Code Execution Vulnerability in OS4Ed openSIS 7.4 Install Functionality Remote Code Execution Vulnerability in OS4Ed openSIS 7.4 Install Functionality SQL Injection Vulnerability in ERPNext 11.1.38: Exploiting frappe.desk.reportview.get Functionality Heap-based Buffer Overflow in Nitro Pro 13.13.2.242 and 13.16.2.300 Heap Overflow Vulnerability in Pixar OpenUSD 20.05: USDC File Format FIELDS Section Decompression Heap Overflow Vulnerability in Pixar OpenUSD 20.05: USDC FIELDSETS Section Decompression Heap Overflow Heap Overflow Vulnerability in Pixar OpenUSD 20.05: Compressed Binary USD File Parsing Heap Overflow Vulnerability in Pixar OpenUSD 20.05: USDC File Format SPECS Section Decompression Heap Overflow Accusoft ImageGear 19.7 TIFF handle_COMPRESSION_PACKBITS Memory Corruption Vulnerability Accusoft ImageGear 19.7 DICOM parse_dicom_meta_info Out-of-Bounds Write Vulnerability Heap Overflow Vulnerability in Pixar OpenUSD 20.05: Remote Code Execution via Malformed Binary USD Files Heap Overflow Vulnerability in Pixar OpenUSD 20.05: Compressed Section Parsing Address Bar Spoofing Vulnerability in Opera Touch for iOS (CVE-2021-XXXX) Insecure URL Protocol Handling in Opera for Android: XSS Attack Vulnerability Uninitialized Value Vulnerability in Bftpd 5.3 XSS Vulnerability in WikibaseMediaInfo Extension 1.35 SilverStripe Application Disclosure Vulnerability Incomplete Permission Checking in SilverStripe 4.5.0 Allows Unauthorized Reading of Records Vulnerability: Unauthorized Access and Theme Manipulation in Minimal Coming Soon & Maintenance Mode Plugin Vulnerability: CSRF Attack and XSS Injection in Minimal Coming Soon & Maintenance Mode Plugin Vulnerability in Minimal Coming Soon & Maintenance Mode Plugin Allows Unauthorized Access to Maintenance Mode Settings Genexis Platinum-4410 v2.1 P4410-V2 1.28 Authentication Bypass Vulnerability Arbitrary Code Injection Vulnerability in CLink Office 2.0 Management Console Uncontrolled Resource Consumption in TUF (The Update Framework) 0.7.2 - 0.12.1 Insecure Cryptographic Signature Verification in TUF (The Update Framework) 0.12.1 Missing SSL Certificate Validation in Citrix SD-WAN 10.2.x and 11.0.x XML External Entity (XXE) Vulnerability in SAP Mobile Platform 3.0 SAP Enable Now Session ID Cookie Information Disclosure Vulnerability SAML SSO Implementation in SAP NetWeaver and SAP ABAP Platform: HTTP Response Splitting Vulnerability Missing Authorization Check Vulnerability in SAP Host Agent 7.21 Reflected Cross-Site Scripting (XSS) Vulnerability in ABAP Online Community in SAP NetWeaver and SAP S/4HANA Stored Cross Site Scripting Vulnerability in ABAP Online Community in SAP NetWeaver and SAP S/4HANA SAP Host Agent 7.21 Denial of Service Vulnerability XML Document Input Validation Vulnerability in SAP NetWeaver (Guided Procedures) Missing Authorization Check in VAT Pro-Rata Reports in SAP ERP and SAP S/4 HANA Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (CMC) 4.2 SAP NetWeaver AS Java Information Disclosure Vulnerability SAP Landscape Management 3.0 Vulnerability: Privilege Escalation via Missing Input Validation Privilege Escalation in SAP Landscape Management 3.0 via SAP Host Agent SAP NetWeaver Knowledge Management ICE Service Reflected XSS Vulnerability Cleartext Password Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (CMC) Denial of Service Vulnerability in SAP BusinessObjects Mobile (MobileBIService) 4.2 Insufficient Session Expiration in SAP Enable Now (pre-1908 versions) Allows Unauthorized Portable Downloads Missing Authentication Check in SAP Solution Manager (Diagnostics Agent) 720: Allowing Unencrypted Connections from Unauthenticated Sources Missing Authorization Check in FIMENAV_COMPCERT in SAP ERP and SAP S/4HANA SAP Commerce (SmartEdit Extension) AngularJS Template Injection Vulnerability Reflected Cross Site Scripting in SAP Commerce (Testweb Extension) Missing XML Validation in SAP NetWeaver Application Server Java User Management Engine Path Traversal Vulnerability in SAP NetWeaver UDDI Server Missing Authorization Check in SAP Treasury and Risk Management: Contract Number Selection Vulnerability Reflected Cross Site Scripting Vulnerability in SAP NetWeaver AS ABAP Business Server Pages (Smart Forms) Cross Site Request Forgery via User Input Reflection in SAP Cloud Platform Integration for Data Services Missing Authentication Check in SAP Solution Manager 7.2 Allows Complete Compromise of SMDAgents Remote Code Execution Vulnerability in SAP Business Objects Business Intelligence Platform (Crystal Reports) 4.1 and 4.2 Missing Authorization Check in SAP Disclosure Management 10.1 Allows Unauthorized Access to Administration Accounts Reflected Cross-Site Scripting (XSS) Vulnerability in SAP Fiori Launchpad URL Redirection Vulnerability in SAP Business Objects Business Intelligence Platform (AdminTools) Versions 4.1 and 4.2 Missing Authorization Check in Egypt Localized Withholding Tax Reports in SAP ERP and S/4 HANA Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB Incorrect Authorization Object Usage in SAP S/4HANA (Financial Products Subledger) Reports URL Redirection Vulnerability in SAP NetWeaver AS ABAP Business Server Pages Test Application IT00 Reflected Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad) 4.2 Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS ABAP Business Server Pages Test Application IT00 Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform Deserialization of Untrusted Data in SAP Business Objects Business Intelligence Platform Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform Content Spoofing Vulnerability in SAP Business Objects Business Intelligence Platform SAP NetWeaver AS Java (HTTP Service) Information Disclosure Vulnerability Path Traversal Vulnerability in SAP NetWeaver (Knowledge Management) Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML Interface) Version 4.2 SAP Business Objects Business Intelligence Platform (CMS / Auditing issues) - Improper Input Validation Vulnerability SAP Business Client Installer Integrity Check Bypass Vulnerability Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME) Code Injection Vulnerability in SAP OrientDB 3.0 Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform (Web Intelligence HTML Interface) Version 4.2 Missing Authorization Check in SAP Commerce Allows Unauthorized Access to Secure Media Missing Authorization Check in SAP S/4 HANA Financial Products Subledger and Banking Services Privilege Escalation in SAP Host Agent 7.21: Exploiting Operation Framework for Root Access Missing Authentication in SAP Solution Manager (Diagnostics Agent) 7.2 Collector Simulator Functionality Privilege Escalation in SAP Landscape Management and SAP Adaptive Extensions Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform XML Input Processing Vulnerability in SAP Commerce Rest API from Servlet xyformsweb SAP Business One (Backup Service) Admin Password Information Disclosure Vulnerability Denial of Service Vulnerability in SAP NetWeaver AS ABAP (Web Dynpro ABAP) SQL Injection Vulnerability in SAP Adaptive Server Enterprise 16.0 Missing Authentication Check in SAP Business Objects Business Intelligence Platform (Live Data Connect) Code Injection Vulnerability in SAP Adaptive Server Enterprise (XP Server on Windows Platform) Uncontrolled Search Path Element Vulnerability in SAP Business Client 7.0 Improper Control of Resource Identifiers in SAP Business Objects Business Intelligence Platform 4.2 Reflected Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE Denial of Service Vulnerability in SAP Business Objects Business Intelligence Platform 4.2 Arbitrary Code Execution and Code Injection in SAP Adaptive Server Enterprise (Backup Server) 16.0 SAP Master Data Governance SQL Injection Vulnerability Information Disclosure Vulnerability in SAP Adaptive Server Enterprise 16.0 Unauthorized Information Access in SAP Business Objects Business Intelligence Platform 4.2 SAP Adaptive Server Enterprise (Cockpit) 16.0 Information Disclosure Vulnerability SQL Injection Vulnerability in SAP Adaptive Server Enterprise (Web Services) Reflected Cross Site Scripting in SAP Enterprise Threat Detection Missing Authorization Check in SAP Master Data Governance Allows Unauthorized Display of Change Request Details Cross-Site Scripting Vulnerability in SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 Missing Authorization Check in SAP Identity Management 8.0 Missing Authorization Check in SAP Adaptive Server Enterprise Versions 15.7 and 16.0 Incomplete XML Validation in SAP Solution Manager (Trace Analysis) 7.20 Allows Injection of Superfluous Data Incomplete XML Validation in SAP Solution Manager (Trace Analysis) 7.20: Log Injection Vulnerability Code Injection Vulnerability in SAP Application Server ABAP Authentication Bypass Vulnerability in SAP NetWeaver AS Java via P4 Protocol SAP Commerce Information Disclosure Vulnerability Hardcoded Credentials Vulnerability in SAP Commerce and SAP Commerce (Data Hub) Insufficient URL Validation in SAP Fiori for SAP S/4HANA: A Potential for Malicious Site Redirection Missing HttpOnly Flag in SAP Disclosure Management 10.1: A Potential Security Breach Missing Authorization Check in Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform 4.2 Missing Authorization Check in SAP NetWeaver AS ABAP (Banking Services) Allows Unauthorized Modification of Individual Conditions Unauthenticated Memory Consumption and Data Disclosure in SAP Solution Manager 7.2 Cross-Site Scripting (XSS) Vulnerability in SAP Commerce Cloud Versions 1808, 1811, 1905, 2005 Missing Authorization Check in SAP S/4 HANA (Fiori UI for General Ledger Accounting) Allows Deletion of Attachments Server Side Request Forgery Attack in SAP Netweaver AS ABAP Cross-Site Scripting Vulnerability in SAP Business Objects Business Intelligence Platform (bipodata) 4.2 Stored Cross Site Scripting in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) SAP NetWeaver (ABAP Server) and ABAP Platform Information Disclosure Vulnerability Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad) 4.2 Server-Side Request Forgery (SSRF) Vulnerability in SAP NetWeaver AS JAVA (IIOP service) Reflected Cross-Site Scripting (XSS) Vulnerability in SAP Fiori Launchpad Stored Cross Site Scripting in SAP NetWeaver (Knowledge Management) SAP NetWeaver XML Toolkit for JAVA Information Disclosure Vulnerability Path Traversal Vulnerability in SAP NetWeaver AS JAVA (LM Configuration Wizard) Missing Authentication Check in SAP NetWeaver AS JAVA (LM Configuration Wizard) Unrestricted File Upload Vulnerability in SAP Business Objects Business Intelligence Platform Insufficient Protection Against Cross-Site Request Forgery in SAP Disclosure Management 10.1 Session Fixation Vulnerability in SAP Disclosure Management 10.1 Insufficient Session Expiration in SAP Disclosure Management 10.1 Insufficient Session Expiration in SAP Disclosure Management 10.1 Unrestricted File Upload Vulnerability in SAP NetWeaver (Knowledge Management) Unauthenticated Access Vulnerability in SAP Business Objects Business Intelligence Platform on Unix Information Disclosure Vulnerability in SAP Adaptive Server Enterprise 16.0 SAP NetWeaver (ABAP Server) and ABAP Platform Code Injection Vulnerability Information Disclosure Vulnerability in SAP Data Hub 2.7 to SAP Data Intelligence 3.0 Upgrade Missing Authorization Check in SAP Banking Services (Generic Market Data) Allows Unauthorized Access and Data Manipulation SAP NetWeaver (ABAP Server) and ABAP Platform Information Disclosure Vulnerability Stored Cross-Site Scripting (XSS) Vulnerability in SAP Business Objects Business Intelligence Platform (Central Management Console) Missing Authorization Check in SAP ERP (HCM Travel Management) Allows Unauthorized Access and Privilege Escalation Session Fixation Vulnerability in SAP Commerce Cross-Site Scripting (XSS) Vulnerability in SAP Disclosure Management Denial of Service Vulnerability in SAP NetWeaver Internet Communication Manager Cross-Site Scripting (XSS) Vulnerability in SAP Process Integration's PI Rest Adapter Missing Authorization Check in SAP Leasing Transaction Insufficient Authorization Checks in Automated Note Search Tool Arbitrary CMS Parameter Injection and Server-Side Request Forgery in SAP BusinessObjects Business Intelligence Platform Unauthenticated Web Service Denial of Service Vulnerability in SAP NetWeaver AS JAVA Improper Access Control in SAP NetWeaver ABAP Server and ABAP Platform Allows User Enumeration and Information Disclosure Improper Authorization Checks in SAP Banking Services: Privilege Escalation and Data Exposure Stored Cross Site Scripting in SAP BusinessObjects Business Intelligence Platform Stored Cross-Site Scripting in SAP NetWeaver Application Server JAVA (XML Forms) Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability Information Disclosure Vulnerability in SAP 3D Visual Enterprise Viewer v9 Missing Authorization Check in SAP ERP and SAP S/4 HANA PS Reporting: Unauthorized Access to Cost Records Information Disclosure Vulnerability in SAP ASE Cockpit Installation Logs Remote Code Execution Vulnerability in SAP NetWeaver and ABAP Platform Reflected Cross Site Scripting in SAP NetWeaver Application Server Java SAP Marketing (Servlet) Authenticated Function Invocation Vulnerability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal (Fiori Framework Page) Reflected Cross Site Scripting in SAP Netweaver AS ABAP (BSP Test Application sbspext_table) Stored Cross Site Scripting in SAP NetWeaver (Knowledge Management) Version 7.30-7.50 Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated HDR File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated BMP File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated BMP File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated HDR File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated BMP File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Temporary Unavailability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crash via Manipulated BMP File Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Remote Crash Incorrect Authorization Object Usage in SAP Banking Services Reports: Privilege Escalation and Segregation of Duties Violation Vulnerability Insufficient Session Expiration in SAP Commerce Cloud Code Injection Vulnerability in SAP Solution Manager and SAP Focused Run Insufficient Reverse Tabnabbing URL Validation in SAP NetWeaver AS Java Arbitrary File Retrieval and Denial-of-Service Vulnerability in SAP NetWeaver (Compare Systems) Reflected Cross-Site Scripting Vulnerability in SAP NetWeaver Composite Application Framework Cross-Site Scripting Vulnerability in SAP Business Planning and Consolidation Default Password Bypass Vulnerability in SAP Solution Manager and SAP Focused Run SAP NetWeaver Design Time Repository (DTR) Cross-Site Scripting (XSS) Vulnerability SAP NetWeaver Application Server ABAP User Enumeration Vulnerability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing and Unavailability Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows for Application Crash Improper Input Validation in SAP 3D Visual Enterprise Viewer v9 Allows Crashing via Manipulated .rh File Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-6383) Use After Free Vulnerability in Google Chrome Speech Processing Heap Corruption Vulnerability in V8 Engine in Google Chrome (CVE-2020-6418) Bypassing Site Isolation via Crafted Chrome Extension in Google Chrome (CVE-2020-6418) Heap Corruption Vulnerability in Google Chrome on ChromeOS and Android Type Confusion Vulnerability in Google Chrome (prior to 80.0.3987.87) Allows Remote Heap Corruption Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 80.0.3987.116) WebAudio Use After Free Vulnerability in Google Chrome Bypassing Site Isolation in Google Chrome via Insufficient Policy Enforcement Heap Corruption Vulnerability in Google Chrome Speech (Versions prior to 80.0.3987.116) Remote Code Execution via Crafted Video Stream in Google Chrome WebRTC (CVE-2020-6418) Heap Corruption Vulnerability in WebAudio in Google Chrome (prior to 80.0.3987.87) Remote Code Execution via Crafted Video Stream in Google Chrome WebRTC (CVE-2020-6418) Heap Corruption Vulnerability in Google Chrome Streams Bypassing Content Security Policy via Crafted HTML Page in Google Chrome (CVE-2020-6407) Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome (CVE-2020-6418) Cross-Origin Data Leakage in Google Chrome Prior to 80.0.3987.87 Bypassing Content Security Policy in Blink in Google Chrome prior to 80.0.3987.87 Out of Bounds Read Vulnerability in Google Chrome (CVE-2020-6418) Omnibox Spoofing Vulnerability in Google Chrome Remote Security UI Spoofing Vulnerability in Google Chrome Uninitialized Data Vulnerability in PDFium Allows Remote Heap Corruption Cross-Origin Data Leakage in AppCache in Google Chrome CORS Implementation Vulnerability in Google Chrome Prior to 80.0.3987.87 Domain Spoofing Vulnerability in Google Chrome (CVE-2020-6418) Arbitrary Code Execution via Malicious Chrome Extension in Google Chrome on OS X Omnibox Spoofing Vulnerability in Google Chrome on iOS Heap Corruption Vulnerability in Google Chrome (CVE-2020-6418) Remote Information Disclosure Vulnerability in SQLite in Google Chrome Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-6418) Heap Corruption Vulnerability in Google Chrome Streams CORS Policy Enforcement Vulnerability in Google Chrome (CVE-2020-6418) Omnibox URI Bypass Vulnerability in Google Chrome Confusion-based Remote Attack in Google Chrome: Insufficient Policy Enforcement in Navigation Domain Spoofing Vulnerability in Google Chrome (CVE-2020-6418) Domain Spoofing Vulnerability in Google Chrome (CVE-2020-6418) HTML Validator Bypass Vulnerability in Google Chrome (CVE-2020-6418) Bypassing Navigation Restrictions in Safe Browsing in Google Chrome Heap Corruption Vulnerability in Google Chrome (prior to 80.0.3987.87) via Crafted HTML Page Heap Corruption Vulnerability in Google Chrome Streams Arbitrary Code Execution via Crafted Registry Entry in Google Chrome Installer Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 80.0.3987.122) Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2020-6457) Bypassing Same Origin Policy in Google Chrome prior to 80.0.3987.132 via Crafted HTML Page WebGL Use After Free Vulnerability in Google Chrome (CVE-2020-6418) Heap Corruption Vulnerability in Google Chrome Prior to 81.0.4044.92 via Crafted HTML Page Remote Code Execution Vulnerability in Google Chrome Prior to 80.0.3987.149 Bypassing Site Isolation via Crafted Chrome Extension in Google Chrome (CVE-2020-6418) Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-6418) Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-6418) Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-6418) Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-6418) Heap Corruption Vulnerability in V8 Engine in Google Chrome (prior to 81.0.4044.92) via Crafted HTML Page Remote Security UI Spoofing Vulnerability in Google Chrome Bypassing Navigation Restrictions in Google Chrome (CVE-2020-6457) Bypassing Navigation Restrictions in Google Chrome Extensions Remote Code Execution via Use After Free in Google Chrome DevTools Bypassing Navigation Restrictions in Google Chrome Extensions Use After Free Vulnerability in Google Chrome Window Management Remote Security UI Spoofing Vulnerability in Google Chrome WebView Insufficient Policy Enforcement in Google Chrome Extensions: Memory Information Disclosure Vulnerability Bypassing Security UI in Google Chrome Prior to 81.0.4044.92 via Crafted HTML Page Information Disclosure Vulnerability in Google Chrome Extensions (Prior to 81.0.4044.92) Bypassing Security UI via Crafted HTML Page in Google Chrome (prior to 81.0.4044.92) Cross-Origin Data Leakage Vulnerability in Google Chrome (prior to 81.0.4044.92) Arbitrary Code Execution via Insufficient Data Validation in Google Chrome Developer Tools Uninitialized Use Vulnerability in WebRTC in Google Chrome (prior to 81.0.4044.92) Allows Remote Heap Corruption Bypassing Content Security Policy in Trusted Types in Google Chrome Bypassing Content Security Policy in Trusted Types in Google Chrome Heap Corruption Vulnerability in Google Chrome Developer Tools Remote Code Execution Vulnerability in V8 Engine in Google Chrome (CVE-2020-6457) Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-6418) WebAudio Use After Free Vulnerability in Google Chrome WebAudio Use After Free Vulnerability in Google Chrome Heap Buffer Overflow in Google Chrome: Remote Code Execution via Crafted HTML Page Heap Corruption Vulnerability in V8 Engine of Google Chrome (CVE-2020-6418) Critical Use After Free Vulnerability in Google Chrome Extensions WebSQL Out of Bounds Read Vulnerability in Google Chrome Clipboard Content Validation Bypass in Google Chrome Prior to 81.0.4044.92 Remote Code Execution via Use After Free in Google Chrome Speech Recognizer Heap Corruption Vulnerability in PDFium in Google Chrome (prior to 81.0.4044.122) Remote Code Execution Vulnerability in Google Chrome Prior to 81.0.4044.122 Domain Spoofing Vulnerability in Google Chrome (prior to 81.0.4044.122) Sandbox Escape via Use After Free Vulnerability in Google Chrome (prior to 81.0.4044.129) Sandbox Escape via Use After Free in Google Chrome Task Scheduling ANGLE Use After Free Vulnerability in Google Chrome Type Confusion Vulnerability in Google Chrome (prior to 81.0.4044.138) Allows Remote Heap Corruption Sandbox Escape Vulnerability in Google Chrome on Android (CVE-2020-6464) Sandbox Escape via Use After Free Vulnerability in Google Chrome's Media Component WebRTC Use After Free Vulnerability in Google Chrome (CVE-2020-6464) Type Confusion Vulnerability in V8: Remote Heap Corruption Exploit in Google Chrome (prior to 83.0.4103.61) Sandbox Escape Vulnerability in Google Chrome Developer Tools Clipboard Injection Vulnerability in Google Chrome (CVE-2020-6464) Sandbox Escape Vulnerability in Google Chrome Developer Tools Insufficient Policy Enforcement in Developer Tools in Google Chrome Prior to 83.0.4103.61: Information Disclosure via Malicious Extension Information Disclosure Vulnerability in Google Chrome (CVE-2020-6464) Remote Code Execution Vulnerability in Google Chrome Prior to 83.0.4103.61 Full Screen Spoofing Vulnerability in Google Chrome (CVE-2020-6462) Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome (CVE-2020-6462) Privilege Escalation Vulnerability in Google Chrome Installer on OS X Remote Spoofing of Security UI in Google Chrome Prior to 83.0.4103.61 Remote Security UI Spoofing Vulnerability in Google Chrome Bypassing Navigation Restrictions via UI Actions in Google Chrome (CVE-2020-6462) Domain Spoofing Vulnerability in Google Chrome Bypassing Navigation Restrictions via Crafted Chrome Extension in Google Chrome (CVE-2020-6463) Bypassing Navigation Restrictions in Google Chrome Prior to 83.0.4103.61 Remote Code Execution Vulnerability in ChromeDriver Bypassing Navigation Restrictions in Google Chrome Media Router Bypassing Navigation Restrictions in Google Chrome (CVE-2020-6462) Bypassing Navigation Restrictions in Google Chrome Prior to 83.0.4103.61 Bypassing Navigation Restrictions in Google Chrome Prior to 83.0.4103.61 Information Disclosure Vulnerability in Google Chrome Developer Tools Cross-Origin Data Leakage Vulnerability in Google Chrome Loader Remote Security UI Spoofing Vulnerability in Google Chrome (prior to 83.0.4103.61) Sandbox Escape Vulnerability in ANGLE in Google Chrome (CVE-2020-6463) Sandbox Escape via Use After Free in WebAuthentication in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome on Android Sandbox Escape Vulnerability in Google Chrome Developer Tools Remote Code Execution via Use After Free in Google Chrome on MacOS Domain Spoofing Vulnerability in Google Chrome on iOS Domain Spoofing Vulnerability in Google Chrome on iOS AppCache Security Bypass Vulnerability in Google Chrome Omnibox Spoofing Vulnerability in Google Chrome (prior to 80.0.3987.87) CSP Bypass Vulnerability in Google Chrome (prior to 80.0.3987.87) Remote Security UI Spoofing Vulnerability in Google Chrome Remote Information Disclosure Vulnerability in Google Chrome Notification Bypass Vulnerability in Google Chrome (prior to 74.0.3729.108) Remote Code Execution via Use After Free in Google Chrome Speech (CVE-2020-6464) Bypassing Site Isolation in WebView on Android Chrome (CVE-2020-6464) Remote Code Execution Vulnerability in V8 Engine of Google Chrome (CVE-2020-6457) Sandbox Escape via Crafted Chrome Extension in Google Chrome (CVE-2020-6519) Heap Buffer Overflow in Background Fetch in Google Chrome Cross-Origin Data Leakage in Google Chrome Prior to Version 84.0.4147.89 Heap Corruption via Type Confusion in V8 Heap Buffer Overflow in PDFium: Remote Code Execution via Crafted PDF File Heap Corruption Vulnerability in WebRTC in Google Chrome (CVE-2020-6519) Use After Free Vulnerability in Google Chrome Tab Strip (Versions prior to 84.0.4147.89) CORS Policy Bypass Vulnerability in Google Chrome (prior to 84.0.4147.89) Allows Cross-Origin Data Leakage Heap Buffer Overflow in Google Chrome: Remote Code Execution via Crafted HTML Page Remote Code Execution via Use After Free in Google Chrome Developer Tools CSP Policy Bypass in Google Chrome Prior to 84.0.4147.89 Skia Buffer Overflow Vulnerability in Google Chrome (CVE-2020-6519) Autofill Information Leakage Vulnerability in Google Chrome Sandbox Escape Vulnerability in Google Chrome's External Protocol Handlers Skia Out of Bounds Write Vulnerability in Google Chrome (CVE-2020-6519) Heap Buffer Overflow in WebAudio in Google Chrome Skia Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Bypassing Navigation Restrictions in Google Chrome's iframe Sandbox CSP Bypass Vulnerability in Google Chrome (prior to 84.0.4147.89) Omnibox Spoofing Vulnerability in Google Chrome on iOS Cross-Origin Data Leakage Vulnerability in WebRTC in Google Chrome Heap Corruption Vulnerability in Google Chrome Developer Tools Cross-Origin Information Leakage in Scroll to Text in Google Chrome SCTP Use After Free Vulnerability in Google Chrome (CVE-2020-6519) Heap Corruption via Type Confusion in V8 WebRTC Heap Buffer Overflow in Google Chrome: Remote Code Execution Vulnerability Remote Code Injection Vulnerability in Google Chrome WebUI Spoofing of Omnibox Contents in Google Chrome PWAs Type Confusion Vulnerability in V8: Remote Code Execution in Google Chrome Cross-Origin Data Leakage in WebView on Android Chrome (prior to 84.0.4147.105) CSS Use After Free Vulnerability in Google Chrome (Versions prior to 84.0.4147.105) Skia Buffer Overflow Vulnerability in Google Chrome (CVE-2020-6519) WebUSB Use After Free Vulnerability in Google Chrome ANGLE Use After Free Vulnerability in Google Chrome Use After Free Vulnerability in Google Chrome Task Scheduling Remote Code Execution Vulnerability in Google Chrome Prior to 84.0.4147.125 Remote Code Execution Vulnerability in Google Chrome Audio (CVE-2020-6519) Privilege Escalation via Crafted Filesystem in Google Chrome Installer Remote Information Disclosure Vulnerability in Google Chrome Heap Buffer Overflow in Skia: Remote Code Execution in Google Chrome Remote Code Execution Vulnerability in Google Chrome Prior to 84.0.4147.125 Use After Free Vulnerability in IndexedDB in Google Chrome WebXR Use After Free Vulnerability in Google Chrome Remote Code Execution Vulnerability in Google Chrome Prior to 84.0.4147.125 Use After Free Vulnerability in Google Chrome for iOS (prior to 84.0.4147.125) Allows Remote Heap Corruption Remote Code Execution via Use After Free in Chrome Extensions WebGL Out of Bounds Read Vulnerability in Google Chrome Heap Buffer Overflow in SwiftShader: Remote Code Execution in Google Chrome Domain Spoofing Vulnerability in Google Chrome (prior to 86.0.4240.75) Bypassing Navigation Restrictions in iOSWeb on Google Chrome for iOS (CVE-2020-15999) Use After Free Vulnerability in Google Chrome Presentation API Cross-Origin Data Leakage in Google Chrome Autofill Cross-Origin Data Leakage in Google Chrome Prior to 85.0.4183.83 via Inappropriate Content Security Policy Implementation Cross-Origin Data Leakage in Google Chrome Prior to 85.0.4183.83 Information Disclosure Vulnerability in Google Chrome on Android Remote Spoofing of Permission Dialog in Google Chrome (CVE-2020-15999) Omnibox Spoofing Vulnerability in Google Chrome on iOS Cross-Origin Data Leakage Vulnerability in Google Chrome (prior to 85.0.4183.83) Command Line Handling Vulnerability in Google Chrome on Windows Bypassing Navigation Restrictions in Google Chrome on Android WebUSB Integer Overflow Vulnerability in Google Chrome WebRTC Information Leakage Vulnerability in Google Chrome Domain Spoofing Vulnerability in Google Chrome (prior to 85.0.4183.83) via IDN Homographs Remote Code Execution Vulnerability in Google Chrome's Media (CVE-2020-6457) Sandbox Escape via Use After Free Vulnerability in Google Chrome for Android Privilege Escalation Vulnerability in Google Chrome Installer on OS X Sandbox Escape Vulnerability in Mojo in Google Chrome (prior to 85.0.4183.102) Use After Free Vulnerability in Offscreen Canvas in Google Chrome SQL Injection Vulnerability in IT-Recht Kanzlei Plugin for Zen Cart 1.5.6c (German Edition) Reflected XSS vulnerability in Zen Cart 1.5.6d via main_page parameter Arbitrary Web Script Injection in MailBeez Plugin for ZenCart Command Injection Vulnerability in Nagios NRPE 3.2.1 Heap-Based Buffer Overflow in Nagios NRPE 3.2.1: Exploiting a Misinterpretation of Negative Numbers XSS Vulnerability in BigProf Online Invoicing System (OIS) 2.6 Allows Session Hijacking Critical Access Control Vulnerability in Nagios Log Server 2.1.3 CSRF Vulnerability in Nagios Log Server 2.1.3 Cross-Site Scripting (XSS) Vulnerability in Nagios Log Server 2.1.3 via /profile and /admin/users pages XML Input Processing Vulnerability in Forcepoint Web Security Content Gateway Heap-Based Buffer Over-Read Vulnerability in GNU LibreDWG 0.9.3.2564's decode_r2007.c Excessive Memory Allocation Vulnerability in GNU LibreDWG 0.9.3.2564 NULL Pointer Dereference in get_next_owned_entity in GNU LibreDWG 0.9.3.2564 Heap-Based Buffer Over-read in GNU LibreDWG 0.9.3.2564's decode_r2007.c Heap-Based Buffer Over-Read Vulnerability in GNU LibreDWG 0.9.3.2564 Heap-Based Buffer Over-Read Vulnerability in GNU LibreDWG 0.9.3.2564 Invalid Pointer Dereference in dwg_dynapi_entity_value in GNU LibreDWG 0.9.3.2564 Vulnerability in Broadcom Chips: Bluetooth Random-Number Generation Mishandling Assertion Failure in stb_truetype.h: Vulnerability in stbtt__cff_int Heap-Based Buffer Over-Read Vulnerability in stb_truetype.h through 1.22 Assertion Failure in stb_truetype.h: Vulnerability in stbtt__buf_seek Heap-Based Buffer Over-Read Vulnerability in stb_truetype.h (Version 1.22) Heap-Based Buffer Over-Read in stb_truetype.h through 1.22: ttUSHORT Vulnerability Heap-Based Buffer Over-Read Vulnerability in stb_truetype.h (Version 1.22) Assertion Failure in stb_truetype.h: Vulnerability in stbtt__cff_get_index Heap-Based Buffer Over-Read Vulnerability in jhead through 3.04 Heap-Based Buffer Over-Read Vulnerability in jhead 3.04's ProcessGpsInfo OS Command Injection Vulnerability in Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 Devices Heap-Based Buffer Over-Read Vulnerability in Ming (aka libming) 0.4.8 NULL Pointer Dereference in decompileGETURL2() function of Ming (libming) 0.4.8 NULL Pointer Dereference in gf_isom_get_media_data_size() Function NULL Pointer Dereference in gf_m2ts_stream_process_pmt() Function XSS Vulnerability in PrestaShop 1.7.6.2 QuickAccess Link Addition/Removal SQL Injection Vulnerability in openSIS Community Edition version 7.3 via USERNAME parameter Insufficient Validation Vulnerability in Grin through 2.1.1 Stored Cross-Site Scripting (XSS) Vulnerability in FortiAnalyzer Admin Profile Description Area Authorization Bypass Vulnerabilities in Fortinet FortiPresence 2.1.0 Administration Interface Cross-Site Scripting (XSS) Vulnerability in Fortinet FortiIsolator version 1.2.2 Insufficient Session Expiration Vulnerability in FortiDeceptor 3.0.0 and Below Stored Cross-Site Scripting (XSS) Vulnerability in FortiWeb via Replacement Message Disclaimer Description Cross-Site Scripting (XSS) Vulnerability in FortiADC Dashboard Cleartext Storage of Sensitive Information Vulnerability in FortiOS CLI and FortiProxy Insufficient Session Expiration Vulnerability in FortiNet's FortiIsolator Version 2.0.1 and Below Eval Injection Vulnerability in UPS Companion Software v1.05 & Prior Command Injection and Code Execution in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior Privilege Escalation Vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & Prior Insecure Storage of User Login Credentials in Eaton's Secure Connect Mobile App DLL Hijacking Vulnerability in Eaton's 9000x Programming and Configuration Software v2.0.38 and Prior Out-of-bounds Remote Code Execution Vulnerability in Eaton's easySoft Software Type Confusion Remote Code Execution Vulnerability in Eaton's easySoft Software v7.xx Timing-dependent vulnerability in GSocketClient in GNOME GLib 2.60-2.62.4 allows occasional direct connections instead of using a proxy server Group Owners' Data Access Vulnerability Stored XSS Vulnerability in Login by Auth0 Plugin for WordPress Directory Traversal and Remote Command Execution in dotCMS before 5.2.4 Remote Code Execution in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) via lang parameter Remote Code Execution in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) via contentHostProperties.php Cross-Site Scripting (XSS) Vulnerability in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) Remote Code Execution Vulnerability in Schmid ZI 620 V400 VPN 090 Routers via SSH Subcommand Menu Command Injection Vulnerability in D-Link DSL-GS225 J1 AU_1.0.4 Devices via TELNET Bosch Video Management System (BVMS) FileTransferService Path Traversal Vulnerability Bosch Video Management System (BVMS) NoTouch Deployment Path Traversal Vulnerability Bosch Video Streaming Gateway (VSG) Missing Authentication Vulnerability Remote Code Execution Vulnerability in Bosch BVMS Mobile Video Service (BVMS MVS) Uncontrolled Search Path Element Vulnerability in Bosch IP Helper Kiosk Mode Escape Vulnerability in Bosch Recording Station Cross-Site Request Forgery Vulnerability in Bosch PRAESIDEO and PRAESENSA Web Management Interface Stored Cross-Site Scripting (XSS) Vulnerability in Bosch PRAESIDEO and PRAESENSA Management Interface Hard-coded Credentials Vulnerability in Bosch FSM-2500 and FSM-5000 Servers Insufficient Computational Effort in Password Hashing Vulnerability in Bosch FSM-2500 and FSM-5000 Servers Certificate Validation Vulnerability in Bosch Smart Home System App for iOS Uncontrolled Search Path Element Vulnerability in Bosch BVMS and BVMS Viewer Uncontrolled Search Path Element Vulnerability in Bosch Video Recording Manager Installer Uncontrolled Search Path Element Vulnerability in Bosch Video Client Installer Uncontrolled Search Path Element Vulnerability in Bosch Configuration Manager Installer Uncontrolled Search Path Element Vulnerability in Bosch Monitor Wall Installer Uncontrolled Search Path Element Vulnerability in Bosch Video Streaming Gateway Installer Uninitialized Memory Usage in Thunderbird < 68.5 Email Identifier Derivation Vulnerability Memory Disclosure Vulnerability in Thunderbird < 68.5 when Processing Ill-Formed Envelope Unencrypted Password Exposure in Thunderbird Versions Prior to 68.5 Null Pointer Dereference in Thunderbird MIME Processing Code Out-of-Bound Write Vulnerability in Firefox < 73 and Firefox < ESR68.5 Arbitrary Application Launch Vulnerability in Mac OSX Cross-Site Scripting (XSS) Vulnerability in Template Tag Usage Command Line Argument Injection Vulnerability in Firefox Memory Corruption Vulnerabilities in Firefox and Thunderbird Memory Corruption Vulnerabilities in Firefox 72 Mutation XSS Vulnerability in Mozilla Bleach before 3.11 Open Redirect Vulnerability on Gateway Login Page Reflected XSS Vulnerability in Gateway: Exploiting Authentication Token Theft Use-after-free vulnerability in Quota Manager leads to potentially exploitable crash Array Resizing Vulnerability in Thunderbird and Firefox Use-after-free vulnerability in Thunderbird and Firefox JavaScript URL Spoofing Vulnerability in Firefox < 74 Local File Disclosure Vulnerability in Firefox Web Extensions Full Screen Mode Popup Spoofing Vulnerability in Firefox < 74 Command Injection via 'Copy as cURL' in Devtools Network Tab AirPods Device Name Disclosure Vulnerability CSS @import Statement Allows Arbitrary Style Injection in Firefox < 74 Memory Corruption Vulnerabilities in Firefox and Thunderbird 68.5 Memory Corruption and Privilege Escalation Vulnerabilities in Firefox 73 Mutation XSS Vulnerability in Mozilla Bleach 3.12 Vulnerability: Regular Expression Denial of Service (ReDoS) in bleach.clean Race Condition Use-After-Free Vulnerability in Thunderbird and Firefox Race Condition Use-After-Free Vulnerability in Thunderbird and Firefox WebGL Memory Disclosure Vulnerability Out of Bounds Write Vulnerability in GMPDecodeData Unauthorized Access to User Accounts via Malicious Extension in Firefox < 75 Password Generation Vulnerability in Firefox < 75 Memory Corruption Vulnerabilities in Firefox 74 and Firefox ESR 68.6 Memory Corruption Vulnerabilities in Firefox 74 Incorrect URI Display Vulnerability in Firefox for Android Arbitrary File Overwrite and Preference Manipulation in Firefox for Android Vulnerability: Partial Nonce Leakage in EC Scalar Point Multiplication Algorithm Token Leakage Vulnerability in Native-to-JS Bridging in Firefox for iOS < 25 Buffer Overflow Vulnerability in WebRTC SCTP Chunk Parsing and Validation Unauthorized Access to Private Project Issues via Project Import Feature GitLab EE 11.3 and Later: Package and File Disclosure Vulnerability via Request Smuggling Heap-Based Off-by-One Error in Bftpd File-Transfer Error Checking Arbitrary Code Injection in hot-formula-parser Package Use-after-free vulnerability in hash_values_at function in mruby 2.1.0 Stack-based Buffer Overflow in mrb_str_len_to_dbl in mruby 2.1.0 Use-after-free vulnerability in hash_slice function in mruby 2.1.0 Arbitrary OS Command Execution in D-Link DCH-M225 Devices via spotifyConnect.php Arbitrary OS Command Execution in D-Link DCH-M225 Devices via Media Renderer Name XSS Vulnerability in Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 Chained Login CSRF Vulnerability in TopManage OLK 2020 Allows Takeover of Admin and User Accounts DOM-Based XSS Vulnerability in TopManage OLK 2020 DOM-based XSS vulnerability in OpenTrade through 0.2.0 allows remote code execution XSS Vulnerability in Axper Vision II 4 Devices via DEVICE_NAME Parameter CSRF and XSS Vulnerability in Marketo Forms and Tracking Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in miniorange-saml-20-single-sign-on Plugin for WordPress Heap-based Buffer Overflow in OpenJPEG's opj_t1_clbl_decode_processor Weak Authentication in CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP Firmware 3.4.2.0919 Allows Unauthorized Root Access Arbitrary Web Script Injection Vulnerability in SOS JobScheduler's JOC Cockpit Component Denial of Service Vulnerability in SOS JobScheduler's JOC Cockpit Component XML External Entity (XEE) Vulnerability in SOS JobScheduler's JOC Cockpit Component Allows Server File Read Insecure Proprietary Password Encryption with Hard-Coded Weak Key in CarbonFTP v1.4 CRLF Injection Vulnerability in Hotels Styx 1.0.0.beta8 Insecure Direct Object Reference vulnerabilities in Ultimate Member plugin allow unauthorized profile and cover photo modifications Stack-based Buffer Overflow in libmysofa 0.9.1's readDataVar Function Vulnerability: Master Spending Key Extraction in Ledger Monero App Information Leak Vulnerability in F6x2W Product Versions V6.0.10P2T2 and V6.0.10P2T5 ZTE E8820V3 Router: Permission and Access Control Vulnerability Allows DDNS Tampering and DoS Attacks ZTE E8820V3 Router Information Leak Vulnerability: Wireless Password Exposure ZTE SDN Controller Platform Information Leakage Vulnerability Denial of Service Vulnerability in ZTE ZXCTN 6500 V2.10.00R3B87 Resource Management Error Vulnerability in ZTE's SDON Controller Input Validation Bypass Vulnerability in ZTE F680 V9.0.10P1N6 PON Terminal ZTEMarket APK Information Leak and Silent Installation Vulnerability Design Error Vulnerability in ZTE U31R20 V12.17.20T115: Unauthorized FTP Server Access and File Manipulation ZTE Server Management Software Authentication Bypass Vulnerability ZTE Server Management Software Module Storage XSS Vulnerability ZTE ZXR10 2800-4_ALMPUFB(LOW) DoS Vulnerability ZTE Product Cryptographic Issues Vulnerability: Account Credential Enumeration and Brute-Force Attack Improper Access Control Vulnerability in ZTE Products: Brute-Force Attack Vector XSS Vulnerability in ZTE eVDC ZXCLOUD-iROSV6.03.04 ZTE ZXA10 eODN V2.3P2T1 Information Leak Vulnerability Input Verification Bypass Vulnerability in ZTE Devices ZXELINK Wireless Controller SQL Injection Vulnerability ZTE E8810/E8820/E8822 Series Routers MQTT DoS Vulnerability Hard-coded MQTT Service Access Credentials Vulnerability in ZTE E8810/E8820/E8822 Series Routers Vulnerabilities in HP Support Assistant: Integrity Compromise and Untrusted Client Communication Vulnerabilities in HP Support Assistant: Integrity Compromise and Untrusted Client Communication Vulnerabilities in HP Support Assistant: Integrity Compromise and Untrusted Client Communication Vulnerabilities in HP Support Assistant: Integrity Compromise and Untrusted Client Communication Vulnerabilities in HP Support Assistant: Integrity Compromise and Untrusted Client Communication Vulnerabilities in HP Support Assistant: Integrity Compromise and Untrusted Client Communication Local Elevation of Privilege Vulnerability in HP Print and Scan Doctor BlackBerry QNX Software Development Platform: Information Disclosure and Remote Code Execution Vulnerability in Slinger Web Server Improper Input Validation Vulnerability in BlackBerry UEM Core Leading to Denial of Service (DoS) Resource Exhaustion Vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x Log File Information Disclosure Vulnerability in Tableau Server Unauthenticated API Access and Account Takeover in Tableau Server with Site-Specific SAML Remote Code Execution Vulnerability in HashBrown CMS through 1.3.3 Privilege Escalation Vulnerability in HashBrown CMS through 1.3.3 Arbitrary File Read Vulnerability in Eclipse Mojarra Cayin SMP-PRO4 Devices: Password Exposure via Connection String Test Reflected XSS Vulnerability in Cayin SMP-PRO4 Image Preview XSS Vulnerability in PCS DEXICON 3.4.1 via loginName Parameter in login_action.jsp XXE Vulnerability in JnlpSupport in YAJSW 12.14: Remote Data Exfiltration and DoS Remote Code Execution Vulnerability in MAXPRO VMS and NVR SQL Injection Vulnerability in MAXPRO VMS and NVR Versions Prior to VMS560 Build 595 T2-Patch SSH Private Key Exposure Vulnerability Arbitrary Remote Code Execution Vulnerability in ApexPro Telemetry Server and CARESCAPE Telemetry Server Hard-coded SMB Credentials Vulnerability Remote Keyboard Input Access Vulnerability in ApexPro Telemetry Server, CARESCAPE Telemetry Server, Clinical Information Center, and CARESCAPE Central Station Arbitrary File Upload Vulnerability in ApexPro Telemetry Server, CARESCAPE Telemetry Server, Clinical Information Center, and CARESCAPE Central Station Weak Encryption Scheme in ApexPro Telemetry Server, CARESCAPE Telemetry Server, Clinical Information Center, and CARESCAPE Central Station Allows Remote Code Execution Insecure Deserialization Vulnerability in Rockwell Automation FactoryTalk Diagnostics Software Privilege Escalation Vulnerability in Honeywell INNCOM INNControl 3 Unprotected Project Files Vulnerability in C-More Touch Panels EA9 Series Heap-based Buffer Overflow Vulnerability in Emerson OpenEnterprise SCADA Server Privilege Escalation Vulnerability in Emerson ValveLink Software Authentication Bypass Vulnerability in Notifier Web Server (NWS) Version 3.50 and Earlier Multiple Cross-Site Scripting Vulnerabilities in Digi International ConnectPort LTS 32 MEI Firmware Version 1.4.3 Honeywell Notifier Web Server (NWS) Version 3.50 Path Traversal Vulnerability File Upload Vulnerability in Digi International ConnectPort LTS 32 MEI Out-of-Bounds Read Overflow Vulnerability in Delta Industrial Automation CNCSoft ScreenEditor Kiosk Mode Escape Vulnerability in GE Ultrasound Products Outdated jQuery Libraries Vulnerability in Honeywell WIN-PAK 4.7.2 and Web Hard-coded Cryptographic Key Vulnerability in Moxa EDS-G516E Series Firmware Cleartext Storage of SMTP Server Authentication Data in RSLogix 500 Unauthenticated Access Vulnerability in Moxa EDS-G516E Series Firmware Header Injection Vulnerability in Honeywell WIN-PAK 4.7.2 and Prior Versions: Remote Code Execution Risk Hard-coded Cryptographic Key Vulnerability in Moxa PT-7528 and PT-7828 Series Firmware Discoverable Cryptographic Function Vulnerability Hard-coded Service Code Vulnerability in Moxa PT-7528 and PT-7828 Series Firmware Omron PLC CJ Series: Denial of Service Vulnerability Weak Cryptographic Algorithm in Moxa PT-7528 and PT-7828 Series Firmware Authentication Bypass Vulnerability in Rockwell Automation MicroLogix Controllers and RSLogix 500 Software Buffer Overflow Vulnerability in Moxa PT-7528 and PT-7828 Series Firmware Hard-coded Cryptographic Key Vulnerability in Rockwell Automation MicroLogix Controllers Weak Password Requirements in Moxa EDS-G516E Series Firmware v5.2 or Lower Vulnerability Local Privilege Escalation Vulnerability in GE Digital CIMPLICITY HMI/SCADA v10.0 and Prior Unauthenticated Information Disclosure in Moxa PT-7528 and PT-7828 Series Firmware Buffer Overflow Vulnerability in Hirschmann Automation and Control HiOS and HiSecOS Devices Weak Password Requirements in Moxa PT-7528 and PT-7828 Series Firmware Stack-based Buffer Overflow in Triangle MicroWorks DNP3 Outstation Libraries Cleartext Transmission of Sensitive Information in Moxa EDS-G516E Series Firmware Infinite Loop Vulnerability in Rockwell Automation CompactLogix and ControlLogix Buffer Overflow Vulnerability in Moxa EDS-G516E Series Firmware Version 5.2 or Lower Vulnerability: Unauthenticated Key Discovery and Authentication Bypass in VISAM VBASE Editor and VBASE Web-Remote Module Weak Cryptographic Algorithm in Moxa EDS-G516E Series Firmware (Version 5.2 or Lower) Allows Information Disclosure Multiple Stack-Based Buffer Overflows in Delta Industrial Automation CNCSoft ScreenEditor v1.00.96 and Prior Clear Text Transmission of Sensitive Information in Moxa ioLogik 2500 Series Firmware and IOxpress Configuration Utility Vulnerability: Weak Permissions in VISAM VBASE Editor and VBASE Web-Remote Module Cross-Site Request Forgery (CSRF) Vulnerability in Honeywell WIN-PAK 4.7.2 and Prior Versions Systech Corporation NDS-5000 Terminal Server Firmware Version 02D.30 Information Disclosure and Remote Code Execution Vulnerability Arbitrary Code Execution and Denial of Service Vulnerability in Moxa EDS-G516E Series Firmware Arbitrary File Read Vulnerability in VISAM VBASE Editor and VBASE Web-Remote Module Privilege Escalation Vulnerability in Elasticsearch API Key Generation Weak Random Number Generator in ECK Versions Prior to 1.1.0 Allows Brute Forcing of Elasticsearch Credentials Cross-Site Scripting (XSS) Vulnerability in Elastic App Search Reference UI Prototype Pollution Vulnerability in Kibana Upgrade Assistant Prototype Pollution in TSVB Visualization in Kibana Incomplete Fix for Privilege Escalation Vulnerability in Elasticsearch Versions 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 Stored XSS Vulnerability in Kibana TSVB Visualization Kibana Timelion Denial of Service (DoS) Vulnerability Stored XSS Vulnerability in Kibana Region Map Visualization Credential Exposure Flaw in Elastic Enterprise Search App Search Interface Field Disclosure Vulnerability in Elasticsearch Scrolling Search with Field Level Security Elasticsearch Document Disclosure Vulnerability Information Disclosure in Elasticsearch Audit Logging CSRF Vulnerability in Avaya Aura Communication Manager and Aura Messaging Local User Unauthorized Access Vulnerability in IP Office Web Interface XML External Entity (XXE) Vulnerability in Avaya WebLM Admin Interface Cross Site Scripting (XSS) Vulnerability in Avaya Equinox Conferencing Unified Portal Client Command Injection Vulnerability in Avaya Session Border Controller for Enterprise XML External Entities (XXE) Vulnerability in Avaya Aura Orchestration Designer XML External Entities (XXE) Vulnerability in Callback Assist Allows Unauthorized Information Disclosure XML External Entities (XXE) Vulnerability in Avaya Equinox Conferencing Allows Unauthorized Information Access Unauthenticated Remote Access Vulnerability in Avaya Equinox Conferencing Management Component Heap-based Buffer Overflow in libslirp 4.1.0 Allows for DoS and Arbitrary Code Execution Symlink Attack Vulnerability in storeBackup.pl Certificate Validation Bypass in openfortivpn 1.11.0 Uninitialized Memory Vulnerability in openfortivpn 1.11.0 Certificate Validation Bypass in openfortivpn 1.11.0 with OpenSSL < 1.0.2 Off-by-one errors in WASSP dissector leading to crashes in Wireshark 3.2.x BT ATT Dissector Opcode Validation Vulnerability Submission-Login and LMTP Vulnerability: Truncated UTF-8 Data Loop Privilege Escalation and User Table Manipulation Vulnerability in WP Database Reset Plugin Unauthenticated User Can Reset WordPress Database Tables and Delete Site Content CSV Injection Vulnerability in Nozomi Networks OS before 19.0.4 DOM-based XSS vulnerability in Codologic Codoforum allows session cookie theft and account takeover Stored XSS in Codologic Codoforum Login Area Allows Account Takeover Uncontrolled Memory Allocation Vulnerability in CODESYS Control V3, Gateway V3, and HMI V3 Use-after-free vulnerability in i915_ppgtt_close function in Linux kernel 4.14 and 4.19 Heap-Based Buffer Overflow in MmsValue_decodeMmsData when Parsing MMS_BIT_STRING Data Type Arbitrary Code Execution via Elementor Import Templates Function User Enumeration Vulnerability in Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version Remote Code Execution in Cacti 1.2.8 via Crafted Input String in data_input.php Buffer Overflow Vulnerability in fgetss() Function in PHP Versions 7.2.x, 7.3.x, and 7.4.x Buffer Overflow Vulnerability in PHP mbstring Functions Buffer Overflow Vulnerability in PHP PHAR Extension on Windows Null Pointer Dereference Vulnerability in PHP File Upload Progress Tracking Insecure Permission Handling in PHAR Archive Creation Uninitialized Memory Read Vulnerability in PHP's exif_read_data() Function Stack Buffer Overflow in mb_strtolower() Function in PHP Versions 7.3.x and 7.4.x URL Truncation Vulnerability in PHP get_headers() Function Memory Access Vulnerability in PHP's urldecode() Function Memory Access Vulnerability in PHP PHAR Extension Vulnerability: Incomplete IV Usage in AES-CCM Mode Encryption in PHP Cookie Name Confusion Vulnerability in PHP Versions 7.2.x, 7.3.x, and 7.4.x URL Validation Vulnerability in PHP Versions 7.3.x, 7.4.x, and 8.0.0 Improper Signature Validation Vulnerability in Autodesk Dynamo BIM Allows Code Execution via Malicious DLL Files Critical Buffer Overflow Vulnerability in Autodesk FBX-SDK Allows Arbitrary Code Execution Type Confusion Vulnerability in Autodesk FBX-SDK Allows Arbitrary Code Read/Write Use-After-Free Vulnerability in Autodesk FBX-SDK Allows Code Execution Integer Overflow Vulnerability in Autodesk FBX-SDK Versions 2019.0 and Earlier: Potential Denial of Service NULL Pointer Dereference Vulnerability in Autodesk FBX-SDK Versions 2019.0 and Earlier: Denial of Service Heap Overflow Vulnerability in Autodesk FBX-SDK Versions 2019.2 and Earlier: Arbitrary Code Execution Reflected XSS Vulnerability in Chained-Quiz Plugin 1.1.8.1 for WordPress NULL Pointer Dereference in libhiredis.a: Unchecked Malloc Return Values Stored XSS Vulnerabilities in Cacti 1.2.8 Cross-Site Scripting (XSS) Vulnerability in Ultimate FAQ Plugin for WordPress Cross-Site Scripting (XSS) Vulnerability in LearnDash LMS Plugin for WordPress Unsanitized Data Creation Vulnerability in Elementor Page Builder Plugin for WordPress Stored Cross Site Scripting Vulnerability in ClearPass Server Side Injection Vulnerability in ClearPass: Remote Code Execution ClearPass Management Interface HTTP Packet Parameter Interception Vulnerability ClearPass Management Interface Remote Database Modification Vulnerability Authentication Bypass and Remote Command Execution Vulnerability in ClearPass Policy Manager Web Interface Authenticated Command Remote Execution in ClearPass Policy Manager WebUI Authenticated Command Remote Execution in ClearPass Policy Manager WebUI Aruba Analytics and Location Engine (ALE) Web Management Interface Privilege Escalation Vulnerability Aruba ClearPass Policy Manager Local Authenticated Buffer Overflow Vulnerability Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400: Local Denial of Service in LLDP Process Vulnerability Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400: Memory Corruption Vulnerabilities Leading to Local Denial of Service in CDP Process Aruba ClearPass Policy Manager Local Escalation of Privilege Vulnerability Aruba Airwave Software Remote Unauthorized Access Vulnerability Aruba Airwave Software Remote Escalation of Privilege Vulnerability Aruba Airwave Software Prior to 1.3.2 - Remote Server-Side Request Forgery (SSRF) Vulnerability Aruba Airwave Software Prior to 1.3.2: Remote Unauthenticated Arbitrary Code Execution Vulnerability Aruba Airwave Software Prior to 1.3.2: Remote Unauthenticated Arbitrary Code Execution Vulnerability Aruba Airwave Software Prior to 1.3.2 Remote Command Execution Vulnerability Remote Information Disclosure Vulnerability in HPE OneView Global Dashboard (OVGD) 1.9 Vulnerability: Open UDP Port 17185 in Blade Maintenance Entity, Integrated Maintenance Entity, and Maintenance Entity Products Remote Exploitation of Reflected Cross Site Scripting in HPE Onboard Administrator Unauthenticated Remote Access Vulnerability in HPE IOT + GCP Versions 1.4.0-1.4.2, 1.2.4.2 Critical Remote Access Vulnerability in HPE IOT + GCP (Versions 1.4.0 - 1.4.2, 1.2.4.2) Local Code Execution Vulnerability in HPE Disk Drive Firmware Installers Remote Unauthorized Access Vulnerability in HPE Smart Update Manager (SUM) Local Elevation of Privilege Vulnerability in HPE Superdome Flex's RMC Component Remote Code Execution Vulnerabilities in HPE Nimble Storage Systems Remote Access Security Vulnerabilities in HPE Nimble Storage Systems Remote Cross-Site Scripting (XSS) Vulnerability in HPE IceWall SSO DFW and Dgfw HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Eventinfo_Content Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability Title: Remote Code Execution Vulnerability in HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Faultparasset Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - perfselecttask Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) CustomTemplateSelect Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) OperatorGroupSelectContent Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) NavigationTo Expression Language Injection Remote Code Execution Vulnerability Title: HPE Intelligent Management Center (iMC) OperationSelect Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) ActionSelectContent Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Expression Language Injection Remote Code Execution Vulnerability Expression Language Injection Remote Code Execution Vulnerability in HPE Intelligent Management Center (iMC) HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to 7.3 (E0705P07) - SMSRulesDownload Expression Language Injection Remote Code Execution Vulnerability Title: Remote Code Execution Vulnerability in HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability in HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) HPE Intelligent Management Center (iMC) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Userselectpagingcontent Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Deviceselect Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Devsoftsel Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Devicethresholdconfig Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Expression Language Injection Remote Code Execution Vulnerability HPE Intelligent Management Center (iMC) Prior to iMC PLAT 7.3 (E0705P07) - Expression Language Injection Remote Code Execution Vulnerability Insecure Handling of Kerberos Passwords in HPE BlueData EPIC Software Platform and HPE Ezmeral Container Platform Remote Authentication Bypass Vulnerability in HPE StoreServ Management Console (SSMC) 3.7.0.0 Remote Escalation of Privilege Vulnerability in HPE OneView and Synergy Composer Title: Remote Authentication Bypass Vulnerability in HPE Edgeline Infrastructure Manager Remote Code Execution Vulnerability in HPE Systems Insight Manager (SIM) 7.6 Remote Exploitation of CSRF Vulnerability in HPE StoreEver Tape Library and Autoloaders Remote Disclosure of Serial Number and Information in HPE Integrated Lights-Out (iLO) Firmware Remote Code Execution Vulnerability in HPE iLO Amplifier Pack Server 1.70 Local Arbitrary Code Execution Vulnerability in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit PHP Code Injection Vulnerability in HP Nagios Plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) Physical Access Security Vulnerability in HPE Proliant Gen10 Servers with Intel Innovation Engine (IE) XSS Vulnerability in LinuxKI v6.0-1 and Earlier Remote Code Execution Vulnerability in LinuxKI v6.0-1 and Earlier CSRF Vulnerability in Umbraco CMS 8.2.2 Allows Unauthorized User Account Manipulation Directory Traversal Vulnerability in libslirp 4.1.0 Allows Unauthorized Access on Windows Inefficient Algorithm in _encode_invalid_chars Function in urllib3 Library Allows Denial of Service Cleartext HTTP Vulnerability in Parallels 13 Update Process Information Disclosure: Cleartext usernames and passwords exposed in Gallagher Command Centre event trail Memory Leak Vulnerability in openSUSE Wicked 0.6.55 and Earlier: Denial of Service via DHCP4 Packets Memory Leak Vulnerability in openSUSE Wicked 0.6.55 and Earlier: Exploiting ni_dhcp4_fsm_process_dhcp4_packet Unauthenticated Denial of Service Vulnerability in HashiCorp Nomad and Nonad Enterprise (CVE-2021-12345) Unauthenticated Denial of Service Vulnerability in HashiCorp Consul and Consul Enterprise (CVE-2020-15157) Vulnerability: Failure to Revoke Dynamic Secrets in Deleted Namespace Privilege Escalation via Symlink Attack in MariaDB 10.4.7 through 10.4.11 Authentication Bypass Vulnerability in Amcrest Web Server 2.520.AC00.18.R OpenVPN Client Vulnerability: Unauthorized Third-Party Library Loading Excessive Memory Allocation Vulnerability in CiphertextHeader.java Information Disclosure Vulnerability in Westermo MRD-315 1.7.3 and 1.7.4 Devices Stored XSS Vulnerabilities in Calculated Fields Form Plugin for WordPress Unauthenticated SQL Injection in Simplejobscript.com SJS 1.65: countSearchedJobs() SQL Injection via landing_location Username Enumeration Vulnerability in Evoko Home 1.31 WebSocket Information Disclosure Vulnerability in Evoko Home Devices Cleartext Password Vulnerability in KMS Controls BAC-A1616BC BACnet Devices Stored XSS Vulnerability in Ruckus ZoneFlex R310 104.0.0.0.1347 Devices via SSID Field Cross-Site Scripting (XSS) Vulnerability in UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 Devices via cB3?ta= (Profile Title) Cross-Site Scripting (XSS) Vulnerability in UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 Devices via cw2?td= (Site Name Field) Remote Code Execution in Cacti 1.2.8 via Performance Boost Debug Log Field HTTP Request Smuggling in Netty 4.1.43.Final due to Mishandling of Transfer-Encoding and Content-Length Headers DOM-based XSS vulnerability in Conversation-Watson WordPress Plugin (<=0.8.21) Arbitrary OS Command Execution in Meinberg Lantime M300 and M1000 Devices via /config/netconf.cmd Script Local File Inclusion Vulnerability in WP Database Backup Plugin Remote Code Execution Vulnerability in Comtech Stampede FX-1010 7.4.3 Devices via Diagnostics Trace Route Page Remote Code Execution Vulnerability in Comtech Stampede FX-1010 7.4.3 Devices Remote Code Execution Vulnerability in Comtech Stampede FX-1010 7.4.3 Devices Arbitrary Account Takeover via Username Collision in CTFd v2.0.0 - v2.2.2 Remote Code Execution (RCE) via Profile Photo Upload in qdPM 9.1 and Earlier Arbitrary Command Execution via OpenSMTPD SMTP Session Stack-based Buffer Overflow in libubox JSON Serialization Cross-Site Scripting (XSS) Vulnerability in SMC D3G0804W 3.5.2.5-LAT_GA WiFi Network Configuration Page Symbolic Link Manipulation Vulnerability in McAfee Endpoint Security (ENS) for Windows Improper Access Control Vulnerability in McAfee Endpoint Security Configuration Tool Unquoted Service Executable Path Vulnerability in McAfee DXL Broker Improper Access Control Vulnerability in McAfee Agent (MA) Allows Local Privileged Users to Disable Self-Protection Privilege Escalation Vulnerability in McAfee Advanced Threat Defense (ATD) Command Line Interface Privilege Escalation Vulnerability in McAfee Endpoint Security (ENS) for Windows Cross-Site Scripting Vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 Update 6 Timing-dependent privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to manipulate file permissions through symbolic link alteration during anti-virus scans. Cross-Site Scripting Vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 Update 6 Privilege Escalation Vulnerability in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update DLL Side Loading Vulnerability in McAfee Application and Change Control (MACC) Installer Buffer Overflow via Environment Variables in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update Improper Access Control Vulnerability in McAfee Advanced Threat Defense (ATD) Prior to 4.10.0 Insecure Access Control Vulnerability in McAfee Endpoint Security (ENS) Allows Unauthorized Configuration Alteration Privilege Escalation via Symbolic Link Manipulation in McAfee Endpoint Security Privilege Escalation via Symbolic Link Manipulation in McAfee Endpoint Security for Mac Privilege Escalation via Symbolic Link Manipulation in McAfee VirusScan Enterprise Privilege Escalation via Symbolic Link Manipulation in McAfee VirusScan Enterprise for Linux Path Traversal Vulnerability in McAfee Email Gateway (MEG) prior to 7.6.406 Sensitive Information Exposure in McAfee Advanced Threat Defense (ATD) Web Interface Sensitive Information Exposure in McAfee Advanced Threat Defense (ATD) Web Interface Autorun Key Manipulation Vulnerability in McAfee Endpoint Security (ENS) for Windows Privilege Escalation Vulnerability in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update Arbitrary Code Execution Vulnerability in McAfee Endpoint Security Uninstaller Authentication Bypass Vulnerability in MfeUpgradeTool: Unauthorized Access to Policy Settings in McAfee Endpoint Security (ENS) Protection Mechanism Failure in McAfee Endpoint Security (ENS) for Windows: Local Users Can Disable Processes, Compromising Protection Access Control Security Levels Misconfiguration Vulnerability in McAfee Endpoint Security (ENS) Firewall DLL Search Order Hijacking Vulnerability in McAfee Host IPS Installer Component Privilege Escalation through Symbolic Link Manipulation in McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 Privilege Escalation via Symbolic Link Manipulation in McAfee Total Protection Privilege Escalation via Symbolic Link Manipulation in McAfee Total Protection Privilege Escalation via Symbolic Link Manipulation in McAfee Total Protection Local Privilege Escalation in McAfee Network Security Management (NSM) prior to 10.1.7.7 Privilege Escalation Vulnerability in McAfee MVISION Endpoint (CVE-2021-24092) Privilege Escalation Vulnerability in McAfee EDR for Windows prior to 3.1.0 Hotfix 1 Privilege Escalation Vulnerability in McAfee EDR for Linux prior to 3.1.0 Hotfix 1 Privilege Escalation Vulnerability in McAfee EDR for Mac prior to 3.1.0 Hotfix 1 Privilege Escalation Vulnerability in McAfee Active Response (MAR) for Windows Privilege Escalation Vulnerability in McAfee Active Response (MAR) for Linux Privilege Escalation Vulnerability in McAfee Active Response (MAR) for Mac Ambiguous Redirect Response Vulnerability in McAfee Web Gateway (MWG) Privilege Escalation Vulnerability in McAfee Web Gateway (MWG) Prior to 9.2.1: Unauthorized Root Password Modification Privilege Escalation Vulnerability in McAfee Web Gateway (MWG) Allows Unauthorized File Deletion and Download Privilege Escalation Vulnerability in McAfee Web Gateway (MWG) Prior to 9.2.1: Unauthorized Log Data Deletion and Download Privilege Escalation Vulnerability in McAfee Web Gateway (MWG) Prior to 9.2.1 Improper Access Control in McAfee Web Gateway (MWG) User Interface Allows Privilege Escalation Local Privilege Escalation Vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 Cleartext Storage of Sensitive Information in Memory Vulnerability in McAfee True Key Improper Authorization Vulnerability in McAfee Data Loss Prevention (DLP) ePO Extension Prior to 11.5.3 Cross-Site Scripting Vulnerability in McAfee DLP ePO Extension Prior to 11.5.3 Unrestricted File Upload Vulnerability in McAfee Data Loss Prevention (DLP) ePO Extension Cross-Site Scripting Vulnerability in McAfee DLP ePO Extension (CVE-2021-12345) Cross-Site Request Forgery Vulnerability in McAfee Data Loss Prevention (DLP) ePO Extension Privilege Escalation Vulnerability in McAfee Data Loss Prevention (DLP) ePO Extension Prior to 11.5.3 Unprotected Storage of Credentials in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 Unprotected Storage of Credentials in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 Cleartext Transmission of Sensitive Information via DNS in McAfee Endpoint Security Arbitrary Code Injection Vulnerability in McAfee Application Control (MAC) ePO Extension Privilege Escalation Vulnerability in McAfee Total Protection Installer Privilege Escalation via Log File Manipulation in McAfee Agent Installer DLL Search Order Hijacking Vulnerability in McAfee Agent Installer: Arbitrary Code Execution and Privilege Escalation Privilege Escalation Vulnerability in McAfee Data Exchange Layer (DXL) Client for Mac DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6: Arbitrary Code Execution via Malicious DLL Placement Unquoted Service Path Vulnerability in McAfee FRP Prior to 5.3.0 Arbitrary Web Script Injection Vulnerability in McAfee ePolicy Orchestrator (ePO) Arbitrary Web Script Injection Vulnerability in McAfee ePolicy Orchestrator (ePO) Local Privilege Escalation via Symbolic Link Manipulation in McAfee Endpoint Security (ENS) for Windows Protection Mechanism Failure in McAfee Endpoint Security: Exploiting Microsoft Service Stoppage McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 September 2020 Update Information Disclosure Vulnerability McAfee Endpoint Security (ENS) for Windows Lock Screen Bypass Vulnerability Improper Access Control Vulnerability in McAfee MVISION Endpoint: Local Users Can Bypass Security Mechanisms and Deny Access to SYSTEM Folder McAfee MVISION Endpoint Local Privilege Escalation via Symbolic Link Manipulation Vulnerability in McAfee Active Response (MAR) Allows Local Administrators to Execute Malicious Code Vulnerability: Local Administrators Exploiting Inconsistent State in McAfee MVISION Endpoint Detection and Response Client External Entity Attack Vulnerability in McAfee MVISION Endpoint ePO Extension Server-side Request Forgery in McAfee MVISION Endpoint ePO Extension Privilege Escalation via Environment Variable Manipulation in McAfee Total Protection (MTP) Trial Unquoted Service Executable Path Vulnerability in McAfee Endpoint Security Arbitrary HTML Code Execution Vulnerability in McAfee Endpoint Security (ENS) Firewall ePO Extension Arbitrary Code Injection Vulnerability in McAfee Endpoint Security Firewall ePO Extension Privilege Escalation Vulnerability in McAfee Application and Change Control (MACC) Installer Privilege Escalation via Folder Junction Link in McAfee Total Protection Cross Site Request Forgery Vulnerability in McAfee Network Security Management (NSM) Vulnerability: Bypassing Local Security Protection in McAfee VirusScan Enterprise (VSE) SHA1 Signed Certificate Vulnerability in McAfee Database Security Server and Sensor Missing Authorization Vulnerability in McAfee Agent (MA) for Windows Prior to 5.7.1 Allows Local Users to Block Product Updates Privilege Escalation via DLL Loading in McAfee Data Loss Prevention (DLP) for Windows Command Injection in Rapid7 Metasploit Framework OS Command Injection Vulnerability in Fonality Trixbox Community Edition GOG Galaxy Privilege Escalation Vulnerability Cross-site Scripting (XSS) vulnerability in Rapid7 Metasploit Pro's 'host' field Cross-site Scripting (XSS) vulnerability in 'notes' field of Rapid7 Metasploit Pro Unauthenticated SQL Injection Vulnerability in CAYIN xPost Authenticated OS Semi-Blind Command Injection Vulnerability in Cayin CMS Arbitrary Code Execution Vulnerability in AppSpider Installer Uncontrolled Search Path Element Privilege Escalation in SmartControl OS Command Injection Vulnerability in EasyCorp ZenTao Pro Application Address Bar Spoofing Vulnerability in UCWeb's UC Browser Address Bar Spoofing Vulnerability in UCWeb's UC Browser Address Bar Misrepresentation Vulnerability in Yandex Browser Address Bar UI Misrepresentation Vulnerability in Bolt Browser Address Bar Spoofing Vulnerability in Yandex Browser and RITS Browser Remote Command Execution in vBulletin 5.5.4 through 5.6.2 via Crafted SubWidgets Data JPEG Image Buffer Overflow Vulnerability in Documalis Free PDF Editor and Scanner Relative Path Traversal Vulnerability in Metasploit Framework's enum_osx Module Relative Path Traversal Vulnerability in Metasploit Framework Module telpho10_credential_dump Unverified Password Change Vulnerability in CRIXP OpenCRX Arbitrary Code Execution Vulnerability in Rapid7 Nexpose Installer Unquoted Search Path Vulnerability in Rapid7 Nexpose Installer Unauthorized Access and Privilege Escalation Vulnerability in Rapid7 Nexpose APK File Command Execution Vulnerability Vulnerability: Metasploit Framework Remote Code Execution via drb_remote_codeexec Sage X3 Installation Pathname Disclosure Vulnerability Sage X3 Unauthenticated Remote Command Execution (RCE) in AdxDSrv.exe Sage X3 System CHAINE Variable Script Command Injection Vulnerability Stored XSS Vulnerability in User Profile Edit Page of Sage X3 Heap Buffer Overflow in URL Handling in libfetch TCP SYN-ACK and Challenge TCP-ACK Disclosure Vulnerability in FreeBSD 12.1 and 11.3 Vulnerability: Privilege Escalation and Arbitrary Code Execution in FreeBSD's epair Virtual Network Module Null Termination Check Vulnerability in FreeBSD Jail Configuration Option osrelease Out-of-Bounds Read/Write Vulnerability in FreeBSD libalias FTP Packet Length Calculation Vulnerability Invalid Memory Location Vulnerability in FreeBSD USB Processing Race condition vulnerability in FreeBSD versions 11.3-RELEASE, 11.4-RELEASE, and 12.1-RELEASE before p7/p1, allowing code execution Heap Overflow Vulnerability in FreeBSD's posix_spawnp Function USB Network Drivers Vulnerability: Buffer Overflow via Missing Length Validation Time-of-Check to Time-of-Use Vulnerability in sendmsg System Call on FreeBSD Heap Overflow Vulnerability in FreeBSD's dhclient(8) with Potential Remote Code Execution Kernel Panic Vulnerability Caused by Improper mbuf Handling in IPv6 Hop-by-Hop Options Use-after-free vulnerability in FreeBSD SCTP Socket Handling Vulnerability: Packet Injection Across VLANs in FreeBSD Realtek USB Ethernet Interfaces L2TP MPD Remote Code Execution and Denial of Service Vulnerability Buffer Overflow Vulnerability in MPD PPP Implementation Untrapped AMD Virtualization Instructions Vulnerability in FreeBSD Vulnerability: Privilege Escalation and File System Escape in FreeBSD FTP Server Use-after-free vulnerability in FreeBSD 12.2-STABLE and earlier versions Cross-Site Scripting (XSS) Vulnerability in Sonoff TH 10 and 16 Firmware 6.6.0.21 SQL Injection in Django StringAgg Delimiter Remote Code Execution in SugarCRM Installation Component Unauthenticated Access to Citrix ShareFile StorageZones Uncontrolled Search Path Element Vulnerability in ProSoft Configurator (v1.002 and prior) for PMEPXM0100 (H) Module EcoStruxure Control Expert, Unity Pro, Modicon M340, and Modicon M580 Vulnerability: Injection Attack Allows Transfer of Malicious Code to Controller ZigBee Installation Kit (Versions prior to 1.0.1) Untrusted Search Path Vulnerability Denial of Service Vulnerability in Quantum Ethernet Network Module and Processors IGSS Vulnerability: Remote File Read via Improper Pathname Limitation IGSS Vulnerability: Local User Privilege Escalation via Missing Authentication Andover Continuum: Code Injection Vulnerability Allows Unauthorized File Access Cross-site Scripting (XSS) Vulnerability in Andover Continuum Web Server Reflective Cross-site Scripting (XSS) Vulnerability in Andover Continuum Web Server Clear Text Password Vulnerability in TriStation 1131 Versions v4.9.1 and v4.10.1 Denial of Service Vulnerability in Former 'Password' Feature Legacy Support Account Vulnerability in TriStation Software Versions v4.9.0 and Earlier TCM Modules Reset Under High Network Load Vulnerability in TCM v10.4.x and System v10.3.x CWE-345: Insufficient Verification of Data Authenticity on Modicon M218, M241, M251, and M258 Controllers CWE-319: Cleartext Transmission of Sensitive Information in Modicon M218, M241, M251, and M258 Controllers DLL Substitution Vulnerability in EcoStruxure Machine Expert – Basic or SoMachine Basic Programming Software Arbitrary Code Execution Vulnerability in Vijeo Designer Basic and Vijeo Designer Legacy Debug Port Account Vulnerability in Tricon System Versions 10.2.0 - 10.5.3 Weak Password Requirements in GP-Pro EX V1.00 to V4.09.100: Unmasked Password Entry Vulnerability SQL Injection Vulnerability in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and Prior EcoStruxure Operator Terminal Expert 3.1 SP1 Path Traversal Vulnerability EcoStruxure Operator Terminal Expert 3.1 SP1 Path Traversal Vulnerability Unauthorized Write Access Vulnerability in EcoStruxure Operator Terminal Expert 3.1 SP1 and Earlier Arbitrary Application Execution Vulnerability in EcoStruxure Operator Terminal Expert 3.1 SP1 and Earlier Hard-coded Credentials Vulnerability in Unity Loader and OS Loader Software Unauthorized Access Vulnerability in U.motion Servers and Touch Panels SQL Injection Vulnerability in U.motion Servers and Touch Panels Vulnerability: Hard-coded Credentials in Vijeo Designer Basic and Vijeo Designer Modicon M218 Logic Controller Firmware 4.3 and Prior Out-of-bounds Write Vulnerability Easergy T300 Firmware 1.5.2 and Older: Cross-Site Request Forgery (CSRF) Vulnerability Easergy T300 Firmware Vulnerability: Webserver Service Disabling via Crafted Network Packets Easergy T300 Firmware Code Injection Vulnerability Easergy T300 Firmware V1.5.2 and Prior: Information Exposure via Archive Manipulation Multiple Login Denial of Service Vulnerability in Easergy T300 (Firmware version 1.5.2 and older) Easergy T300 Firmware CWE-307: Brute Force Authentication Vulnerability Easergy T300 Firmware Privilege Escalation and File Deletion Vulnerability Easergy T300 Firmware Vulnerability: Private Key Exposure Easergy T300 Firmware Vulnerability: Brute Force Password Acquisition via CWE-327 Platform-Dependent Third Party Components Vulnerability in Easergy T300 Firmware CWE-312: Cleartext Storage of Sensitive Information in Easergy T300 Firmware Easergy Builder Vulnerability: CWE-327 - Risky Cryptographic Algorithm Allows Unauthorized Access CWE-321: Cleartext Storage of Hard-Coded Cryptographic Key Vulnerability in Easergy Builder V1.4.7.2 and Earlier CWE-316: Cleartext Storage of Sensitive Information in Memory in Easergy Builder V1.4.7.2 and Prior CWE-312: Cleartext Storage of Sensitive Information in Easergy Builder (Version 1.4.7.2 and older) Easergy Builder CWE-20: Improper Input Validation Vulnerability CWE-521: Weak Password Requirements in Easergy Builder (Version 1.4.7.2 and older) Schneider Electric Software Update (SESU) Vulnerability: URL Redirection to Untrusted Site ('Open Redirect') Path Traversal Vulnerability in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) Path Traversal Vulnerability in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) Local Privilege Escalation Vulnerability in Schneider Electric Modbus Serial Driver Out-of-bounds Write Vulnerability in Modicon M218 Logic Controller (V5.0.0.7 and prior) Excessive Authentication Attempts Vulnerability in spaceLYnk and Wiser for KNX Remote Code Execution Vulnerability in PowerChute Business Edition Software Elevation of Privilege Vulnerability in SoMove (V2.8.1) and Prior Arbitrary Code Execution via SCADAPack 7x Remote Connect Deserialization Vulnerability SCADAPack 7x Remote Connect Path Transversal Vulnerability Improper Authorization Vulnerability in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) Remote Code Execution Vulnerability in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) Arbitrary Code Execution via Deserialization Vulnerability in SCADAPack x70 Security Administrator Unauthenticated Command Execution Vulnerability in Modicon M340, Modicon Quantum, and Modicon Premium Legacy Web Servers CWE-352: Cross-Site Request Forgery (CSRF) Vulnerability in Modicon M340 and Quantum/Premium CPUs and Ethernet Modules Path Traversal Vulnerability in Modicon M340, Modicon Quantum, and Modicon Premium Web Server Unreachable Device Vulnerability in Modicon M340 CPUs and Communication Ethernet Modules Denial of Service Vulnerability in Modicon Controllers via Specially Crafted Read Physical Memory Request Crash Vulnerability in PLC Simulator on EcoStruxure Control Expert Denial of Service Vulnerability in Modicon M340 Web Server Unauthenticated Command Execution Vulnerability in Modicon M340 and Legacy Controllers Vulnerability in Modicon M340 Web Server Allows for Forced Browsing and Sensitive Data Disclosure Denial of Service Vulnerability in Modicon Controllers via Specially Crafted Read Physical Memory Request Denial of Service Vulnerability in Modicon Controllers via Specially Crafted Read Physical Memory Request Privilege Escalation Vulnerability in EcoStruxureª Operator Terminal Expert Runtime Arbitrary Code Execution Vulnerability in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software CWE-79: Cross-Site Scripting (XSS) Vulnerability in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software Privilege Escalation Vulnerability in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software Insufficiently Random Values in Smartlink, PowerTag, and Wiser Series Gateways: Unauthorized Login Vulnerability Denial of Service Vulnerability in Modicon M340 Web Server Remote Code Execution Vulnerability in IGSS Definition (Def.exe) Version 14.0.0.20247 and Prior Remote Code Execution Vulnerability in IGSS Definition (Def.exe) v14.0.0.20247 via Malicious CGF File Import Remote Code Execution Vulnerability in IGSS Definition (Def.exe) v14.0.0.20247 via Malicious CGF File Import Remote Code Execution Vulnerability in IGSS Definition (Def.exe) v14.0.0.20247 via Malicious CGF File Import Remote Code Execution Vulnerability in IGSS Definition (Def.exe) v14.0.0.20247 via Malicious CGF File Import Remote Code Execution Vulnerability in IGSS Definition (Def.exe) v14.0.0.20247 via Malicious CGF File Import Remote Code Execution Vulnerability in IGSS Definition (Def.exe) v14.0.0.20247 via Malicious CGF File Import Remote Code Execution Vulnerability in IGSS Definition (Def.exe) v14.0.0.20247 via Malicious CGF File Import Remote Code Execution Vulnerability in IGSS Definition (Def.exe) v14.0.0.20247 via Malicious CGF File Import Buffer Overflow Vulnerability in PLC Simulator on EcoStruxure Control Expert Title: EcoStruxure™ Control Expert and Unity Pro Write-what-where Condition Vulnerability Title: Easergy T300 Firmware 2.7 and Older - Missing Authentication for Critical Function Vulnerability Buffer Overflow Vulnerability in Modicon M340, Modicon Quantum, and Modicon Premium Legacy Web Server Out-of-bounds Write Vulnerability in Modicon Controllers: File Upload Exploit Buffer Overflow Vulnerability in Modicon M340, Modicon Quantum, and Modicon Premium Legacy Web Server Weak Encryption Strength in Modicon M221 Controller: Exploiting Traffic Capture Vulnerability CWE-334: Small Space of Random Values Vulnerability in Modicon M221 CWE-311: Missing Encryption of Sensitive Data in Modicon M221 Controller Information Disclosure Vulnerability in Modicon M221 Controller Unrestricted File Upload and Remote Code Execution in EcoStruxure Building Operation WebReports V1.9 - V3.1 Cross-Site Scripting (Stored) Vulnerability in EcoStruxure Building Operation WebReports V1.9 - V3.1 Cross-Site Scripting Reflected Vulnerability in EcoStruxure Building Operation WebReports V1.9 - V3.1 EcoStruxure Building Operation WebReports V1.9 - V3.1 XML External Entity Reference Vulnerability Improper Access Control in EcoStruxure Building Operation WebReports V1.9 - V3.1 Persistent XSS Vulnerability in Climatix POL908 and POL909 (Versions < V11.32) Persistent XSS Vulnerability in Climatix POL908 and POL909 Stored Cross-Site Scripting (XSS) Vulnerability in Camstar Enterprise Platform and Opcenter Execution Core SQL Injection Vulnerability in Camstar Enterprise Platform and Opcenter Execution Core Unauthorized Access and Information Disclosure Vulnerability in Camstar Enterprise Platform and Opcenter Execution Core Cross-Site Scripting (XSS) Vulnerability in Spectrum Power™ 5 (All versions < v5.50 HF02) Privilege Escalation Vulnerability in Multiple Siemens Products Privilege Escalation Vulnerability in Siemens Opcenter and SIMATIC Software Privilege Escalation Vulnerability in Automation License Manager Denial-of-Service Vulnerability in SIMATIC S7-200 SMART CPU Family DLL Hijacking Vulnerability in Siemens Industrial Automation Software Buffer Overflow Vulnerability in Siemens Industrial Control Systems Title: Multiple Siemens Software Products Vulnerable to Remote Denial-of-Service and Information Leakage Title: Multiple Siemens Software Products Vulnerable to Remote Denial-of-Service Attack Unauthenticated Remote Access and Modification Vulnerability in LOGO! 8 BM Hard-coded Password Vulnerability in DCA Vantage Analyzer Allows Unauthorized Database Access SIPORT MP Authentication Bypass Vulnerability Unencrypted Communication Vulnerability in SIMATIC HMI Panels and WinCC Runtime Buffer Overflow Vulnerability in LOGO! 8 BM Web Server Arbitrary OS Command Execution in MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 Infinite Loop Vulnerability in xmlStringLenDecodeEntities in libxml2 2.9.10 Arbitrary Command Execution in Codecov npm Module (CVE-2021-23341) Arbitrary Command Execution in codecov-node npm module (CVE-2020-7596) Prototype Pollution in minimist before 1.2.2 Vulnerability: Insertion of Sensitive Information into Log File Prototype Pollution vulnerability in querymen prior to 2.1.4 allows modification of object properties Arbitrary Command Execution in gulp-scss-lint through 1.0.0 Arbitrary Command Execution in node-prompt-here (<=1.0.1) Arbitrary Command Execution in closure-compiler-stream 0.1.15 Arbitrary Command Execution in Pulverizr through 0.7.0 Arbitrary Command Execution Vulnerability in gulp-tape through 1.0.0 Arbitrary Command Execution in docker-compose-remote-api (<=0.1.4) Arbitrary Command Execution in gulp-styledocco (<= 0.0.3) Object Prototype Manipulation Vulnerability in yargs-parser Arbitrary Command Injection Vulnerability in node-rules (<=5.0.0) Deserialization of Untrusted Data in bson Package HTTP Request Header Injection Vulnerability in Micronaut HTTP Client Command Injection Vulnerability in clamscan through 1.2.0 Command Injection in npm-programmatic through 0.0.12 Command Injection Vulnerability in fsa 0.5.1 Prototype Pollution in express-mock-middleware 0.0.6 Prototype Pollution Vulnerability in ini-parser through 0.0.2 Prototype Pollution Vulnerability in sds through 3.2.0 Command Injection Vulnerability in get-git-data 1.3.1 Command Injection Vulnerability in pomelo-monitor through 0.3.7 Command Injection Vulnerability in strong-nginx-controller through 1.0.2 HTTP Response Splitting Vulnerability in io.jooby:jooby-netty Command Injection Vulnerability in jscover through 1.0.0 Command Injection Vulnerability in Effect through 1.0.4 Command Injection Vulnerability in op-browser through 1.0.6 Command Injection Vulnerability in Karma-Mojo 1.0.1: Arbitrary Command Execution via Config Argument Command Injection Vulnerability in node-key-sender through 1.0.11 Command Injection Vulnerability in umount 1.1.6: Unsanitized User-Controlled Device Argument Command Injection Vulnerability in install-package through 0.4.0 Command Injection Vulnerability in git-add-remote through 1.0.0 Command Injection Vulnerability in diskusage-ng 0.2.4 Command Injection Vulnerability in node-mpv through 1.4.3 Command Injection Vulnerability in apiconnect-cli-plugins through 6.0.1 Command Injection Vulnerability in heroku-addonpool through 0.1.15 Command Injection Vulnerability in compass-compile 0.0.1 Command Injection Vulnerability in adb-driver through 0.1.8 Prototype Pollution in class-transformer before 0.3.1 via classToPlainFromExist function Prototype Pollution Vulnerability in Confinit through 0.3.0 Prototype Pollution Vulnerability in eivindfjeldstad-dot below 1.0.3 Arbitrary Command Execution Vulnerability in Pixl-Class Prior to 1.0.3 Prototype Pollution Vulnerability in grunt-util-property Unsanitized Attributes in lazysizes Plugin Allow Execution of Malicious JavaScript Prototype Pollution in PayPal-Adaptive through 0.4.2: Exploiting JavaScript Object Manipulation Prototype Pollution Vulnerability in fun-map through 3.3.1 Arbitrary Command Execution Vulnerability in Chrome Launcher File Disclosure Vulnerability in curlrequest through 1.0.1 Directory Traversal Vulnerability in io.jooby:jooby and org.jooby:jooby Arbitrary File Read Vulnerability in snyk-broker Arbitrary File Read Vulnerability in snyk-broker before 4.73.0 Arbitrary File Read Vulnerability in snyk-broker Arbitrary File Read Vulnerability in snyk-broker Arbitrary File Read Vulnerability in snyk-broker Arbitrary File Read Vulnerability in snyk-broker Information Exposure in snyk-broker: Logging of Private Keys HTTP Request Smuggling Vulnerability in Netius Prior to 1.17.58 Cross-site Scripting (XSS) Vulnerability in jQuery's load Method HTTP Request Smuggling Vulnerability in Meinheld Prior to 1.0.2 Vulnerability: Request Smuggling in Reel 0.6.1 Arbitrary Code Injection in serialize-javascript (prior to 3.1.0) via deleteFunctions in index.js Vulnerability: Regular Expression Denial of Service in url-regex WebSocket-Extensions npm Module Prior to 0.1.4: Regex Backtracking DoS Vulnerability WebSocket-Extensions Ruby Module Prior to 0.1.5: Regex Backtracking DoS Vulnerability Insecure File Path Handling in github.com/unknwon/cae/zip's ExtractTo Function Path Traversal Vulnerability in uzip Package Vulnerability: Path Traversal Attacks in cpio File Extraction CPIO Extraction Path Traversal Vulnerability in go-rpmutils/cpio Insecure File Path Handling in github.com/unknwon/cae/tz Package Path Traversal Vulnerability in github.com/u-root/u-root/pkg/tarutil Vulnerability: HTTP Request Smuggling in Agoo Proxy Goliath 1.0.6 Vulnerable to HTTP Request Smuggling Attacks Arbitrary Code Execution in mosc through 1.0.0 via `eval` Function Arbitrary Code Execution in node-extend through 0.2.0 Arbitrary Code Execution Vulnerability in Access-Policy 3.1.0 Arbitrary Code Execution Vulnerability in cd-messenger through 2.7.26 Cross-Site Scripting (XSS) Vulnerability in Angular.js Prior to 1.8.0 Unsanitized User-Controlled Input in thenify Package (before 3.3.1) Leads to Code Injection Vulnerability Unsanitized User-Controlled Input in node-import Package's eval Function Prototype Pollution Vulnerability in casperjs' mergeObjects Utility Function Cross-site Scripting (XSS) Vulnerability in Docsify.js prior to 4.11.4 Lack of Path Sanitization in marscode Package's fs.readFile in index.js Lack of Path Sanitization in fs.readFile of marked-tree Package Lack of Path Sanitization in rollup-plugin-server's readFileFromContentBase Function Lack of Path Sanitization in rollup-plugin-serve's readFile Operation Arbitrary File Upload Vulnerability in UmbracoForms Lack of Path Sanitization in rollup-plugin-dev-server's readFileFromContentBase Function Path Sanitization Vulnerability in fast-http Package Unsanitized tagName Input Execution Vulnerability Truncation Vulnerability: Incorrect Handling of Data Length Greater than 255 Bytes Cross-site Scripting (XSS) Vulnerability in jspdf Package (Versions <2.0.0) via html Method Injection Potential Cross-Site Scripting (XSS) Vulnerability in jspdf Package Insecure PKCE Implementation in com.google.oauth-client:google-oauth-client (before 1.31.0) WebSocket Upgrade Header Vulnerability in SockJS (CVE-XXXX-XXXX) ASNI Escape Sequence Injection in Uvicorn Request Logger HTTP Response Splitting Vulnerability in Uvicorn before 0.11.7 Header Injection Vulnerability in react-native-fast-image Command Injection Vulnerability in mock2easy Package Unsanitized Input in Gerapy's Popen Function in project_configure Endpoint Arbitrary Code Execution and Denial of Service Vulnerability in express-fileupload (<=1.1.8) with parseNested Option Prototype Pollution Vulnerability in phpjs via parse_str Prototype Pollution in madlib-object-utils before 0.1.7 via setValue Vulnerability Prototype Pollution vulnerability in templ8 package's parse function Prototype Pollution in nis-utils via setValue function Prototype Pollution Vulnerability in linux-cmdline Package (Versions before 1.0.1) Malicious Tracking and Advertisement Attribution Fraud in MintegralAdSDK Prototype Pollution Vulnerability in connie-lang Package Prototype Pollution Vulnerability in property-expr before 2.0.3 via Setter Function Prototype Pollution in irrelon-path and @irrelon/path (before 4.7.0) via set, unSet, pushVal, and pullVal functions Multiple Object Reference Vulnerability in json-pointer before 0.6.1 Arbitrary Command Execution Vulnerability in safe-eval Package Nil-Pointer Dereference Vulnerability in goxmldsig Package Arbitrary Command Injection in JSON Package (before 10.0.0) Prototype Pollution in arr-flatten-unflatten Package Constructor Prototype Pollution Vulnerability in Package Confucious via the set Function Prototype Pollution vulnerability in deep-get-set package Prototype Pollution in deeps package via set function Prototype Pollution vulnerability in dot-notes package via the create function Prototype Pollution in gammautils Package via deepSet and deepMerge Functions Prototype Pollution in locutus before 2.0.12 via php.strings.parse_str function Prototype Pollution in node-forge's util.setPath function Prototype Pollution in node-oojs package via setPath function Prototype Pollution vulnerability in deepSet function of nodee-utils package Prototype Pollution vulnerability in promisehelpers package via insert function Prototype Pollution in tiny-conf package via set function Prototype Pollution Vulnerability in worksmith's setValue Function Prototype Pollution vulnerability in safe-object2 package via setter function Prototype Pollution Vulnerability in gedi Package via set Function Arbitrary Code Execution Vulnerability in grunt before 1.3.0 Command Injection Vulnerability in bestzip Package (Versions prior to 2.1.7) Nil-Pointer Dereference Vulnerability in gosaml2 Package Regular Expression Denial of Service (ReDoS) vulnerability in ua-parser-js before 0.7.22 Cross-site Scripting (XSS) Vulnerability in Cabot Package's Endpoint Column Command Injection Vulnerability in ng-packagr (before 10.1.1) via styleIncludePaths Option Prototype Pollution Vulnerability in bmoor before 0.8.12 via set function Prototype Pollution Vulnerability in Package Safetydance Arbitrary Code Execution Vulnerability in shiba Package SSRF Vulnerability in PhantomJS-SEO Package SSRF Vulnerability in node-pdf-generator Package Unsanitized URL Parameter Allows XSS Attack in hellojs Package Critical Security Vulnerability in simpl-schema < 1.10.2 Prototype Pollution in mathjs before 7.5.1 via deepExtend function Malicious Tracking Vulnerability in com.mintegral.msdk:alphab Android SDK Backdoor Vulnerability in MintegralAdSDK Allows Remote Code Execution Prototype Pollution in chart.js before 2.9.4 Session Controller Vulnerability in lightning-server Package Prototype Pollution in @tsed/core before 5.65.7 Unsanitized User Input in osm-static-maps Package Allows for XSS, SSRF, and Local File Read Vulnerabilities Arbitrary DOM Injection Vulnerability in scratch-svg-renderer Prototype Pollution Vulnerability in pathval before version 1.1.1 Command Injection Vulnerability in systeminformation Package (<=4.27.11) Allows Remote Code Execution Regular Expression Denial of Service (ReDoS) Vulnerability in trim() Function of Package Trim Exponential Processing Time Vulnerability in npm-user-validate Vulnerability: Regular Expression Denial of Service (ReDoS) in dat.gui package Directory Traversal Vulnerability in Droppy Package Arbitrary File Fetch Vulnerability in browserless-chrome SQL Injection in data classification functionality in Pimcore ReDOS vulnerability in CodeMirror's JavaScript mode regex Denial of Service Vulnerability in @absolunet/kafe before 3.2.10 jsreport-chrome-pdf Vulnerability: Pre-1.10.0 Package Exploit Critical Security Vulnerability in phantom-html-to-pdf Package (<=0.6.1) Denial of Service Vulnerability in find-my-way Package Prototype Pollution in @firebase/util before 0.3.4 Prototype Pollution in json-ptr Package's set Operation Regular Expression Denial of Service (ReDoS) Vulnerability in express-validators Package Prototype Pollution via loadPackageDefinition in gRPC and @grpc/grpc-js packages (versions before 1.24.4 and 1.1.8 respectively) Arbitrary Command Flag Injection in Nodemailer's Sendmail Transport Prototype Pollution in json8 before 1.0.3 Prototype Pollution Vulnerability in asciitable.js (before 1.0.3) via main function Critical Security Vulnerability in doc-path Package (Version < 2.1.2) Cross-Site Scripting (XSS) vulnerability in markdown-it-highlightjs before 3.3.1 Prototype Pollution Vulnerability in y18n Package Improper Argument Neutralization in freediskspace.js Leads to Vulnerability XSS Vulnerability in phpoffice/phpspreadsheet HTML Writer Arbitrary Code Execution via Untrusted Schema Files in jsen Package Object Property Overwrite Vulnerability in systeminformation Package Regular Expression Denial of Service (ReDoS) Vulnerability in djvalidator Package Bypassing CSRF Protection in com.softwaremill.akka-http-session Remote Code Injection in connection-tester before 0.2.1 Injection vulnerability in spritesheet-js package via platform-command dependency Arbitrary Code Injection in ts-process-promises Package Critical Injection Vulnerability in node-ps Package (All Versions) Critical Injection Vulnerability in macfromip Package (All Versions) Insecure Nonce and Session Validation in react-adal Package Prototype Pollution in ini package before 1.3.6 Arbitrary Command Execution Vulnerability in node-notifier (before 9.0.0) Arbitrary File Inclusion Vulnerability in spatie/browsershot Insufficient Handling of Erroneous Language Tags in i18n Package (CVE-XXXX-XXXX) Prototype Pollution in mout's deepFillIn and deepMixIn functions Regular Expression Denial of Service (ReDoS) Vulnerability in ua-parser-js Package Critical Remote Code Injection Vulnerability in Buns Package (All Versions) Command Injection Vulnerability in get-npm-package-version (<=1.0.7) via main function in index.js SSRF Vulnerability in Zimbra Collaboration Suite (ZCS) with WebEx Zimlet and enabled JSP Arbitrary Command Execution via FusionAuth Email Templates and Themes Title: Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70 Firmware Versions 5.0 and Prior Improper Check for Unusual or Exceptional Conditions Vulnerability Exposure of Sensitive Information via SNMP in Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70 (CWE-200) Incorrect Default Permissions Vulnerability in Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70 Firmware Versions 5.0 and Prior ZInsX.ocx ActiveX Control File Download Vulnerability in IMGTech Co,Ltd Zoneplayer Arbitrary Command Execution Vulnerability in Handy Groupware 1.7.3.1 Command Injection Vulnerability in KT Slim egg IML500 and IML520 WiFi Devices Arbitrary Code Execution Vulnerability in Tobesoft Xplatform ActiveX Control DLL Hijacking Vulnerability in LG Electronics Installation Components (LGPCSuite_Setup, IPSFULLHD, LG_ULTRAWIDE, ULTRA_HD_Driver Setup) Unauthenticated Remote Code Execution in RAONWIZ K Upload v2018.0.2.51 and prior ALSong 3.46 and Earlier Version DOM-based Cross-Site Scripting Vulnerability Remote Code Execution Vulnerability in hslogin2.dll ActiveX Control Privilege Escalation Vulnerability in Samsung Update 3.0.2.0 ~ 3.0.32.0 Arbitrary File Download and Code Execution Vulnerability in Ezhttptrans.ocx ActiveX Control Arbitrary File Download and Execution Vulnerability in Ezhttptrans.ocx ActiveX Control File download & execution vulnerability in RAONWIZ RAON KUpload allows remote code execution File download vulnerability in TOBESOFT XPLATFORM allows remote attackers to execute arbitrary code. JPEG Image Parsing Module Stack Overflow Vulnerability in DaView Indy, DaVa+, DaOffice Software Arbitrary File Download Vulnerability in MyBrowserPlus Heap-based Overflow Vulnerability in DaviewIndy 8.98.9 and Earlier nTracker USB Enterprise: Critical SQL-Injection Vulnerability Exposes User Credentials and Session Data Arbitrary Code Execution Vulnerability in Nexacro14/17 ExtCommonApiV13 Library (2019.9.6) Arbitrary Code Execution via Registry Path Modification in Nexacro14/17 ExtCommonApiV13 Library (2019.9.6) Heap-based Overflow Vulnerability in DaviewIndy Memory Corruption Vulnerability in DaviewIndy Insecure Session Cookie Handling Vulnerability in iPECS Web Management Interface Arbitrary Remote Command Execution Vulnerability in MiPlatform 2019.05.16 and Earlier Remote Code Execution Vulnerability in EyeSurfer BflyInstallerX.ocx Use-After-Free Vulnerability in DaviewIndy 8.98.7 and Earlier Versions Heap-based Overflow Vulnerability in DaviewIndy 8.98.4 and Earlier Versions Heap-based Overflow Vulnerability in DaviewIndy 8.98.4 and Earlier Versions Remote File Download Vulnerability in RAONWIZ KUpload Agent Directory Traversal Vulnerability in Ebiz4u Contract Management Service Interface Arbitrary File Download and Execution Vulnerability in DEXT5 Upload Solution (CVE-2020-7832) Stack-Based Buffer Overflow Vulnerability in VOICEYE WSActiveBridgeES Stack-based Buffer Overflow in ML Report Program Arbitrary Code Execution Vulnerability in Smilegate STOVE Client 0.0.4.72 Command Injection Vulnerability in MaEPSBroker 2.5.0.31 and Prior Versions Arbitrary .hta File Execution Vulnerability in TOBESOFT XPLATFORM Arbitrary Command Injection Vulnerability in Netis Korea D'live AP (WF2429TB) v1.1.10 Stack-based Buffer Overflow in Spamsniper 5.0 ~ 5.2.7: Remote Code Execution Vulnerability Hardcoded Cryptographic Key Vulnerability in Helpcom before v10.0 Arbitrary File Upload Vulnerability in ipTIME NAS 1.4.36 Manage Bulletins/Upload Feature Command Injection Vulnerability in EFM ipTIME C200 IP Camera's /login.cgi?logout=1 Script Arbitrary Code Execution Vulnerability in uPrism.io CURIX Video Conferencing Solution Remote Code Execution Vulnerability in NBBDownloader.ocx ActiveX Control Remote Code Execution Vulnerability in Innorix Web-Based File Transfer Solution Heap-based Overflow Vulnerability in DaviewIndy Out-of-Range Data Read/Write Vulnerability in XPLATFORM Allows Arbitrary Code Execution Arbitrary Command Execution Vulnerability in Helpcom Arbitrary Command Execution Vulnerability in Tobesoft XPlatform Directory Traversal Vulnerability in AquaNPlayer 2.0.0.92 Download Page URL Integer Overflow Vulnerability in Estsoft UnEGG v0.5 and Earlier Versions Arbitrary File Execution Vulnerability in AnySupport (Remote Support Solution) Arbitrary Command Execution Vulnerability in HelpU Remote Control Solution Arbitrary Command Execution Vulnerability in Raonwiz File Transfer Solution Authentication Bypass and Remote Code Execution through Parameter Manipulation in Raonwiz DEXT5Editor Arbitrary File Download and Execution Vulnerability in ExECM CoreB2B Solution Arbitrary Command Execution Vulnerability in XPLATFORM 9.2.2.270 and Earlier Versions ActiveX Component Arbitrary File Creation and Execution Vulnerability in Helpu Solution Remote Code Execution Vulnerability in helpUS Remote Administration Tool Arbitrary File Creation Vulnerability in ZOOK Software's Remote Administration Tool Memory Corruption Vulnerability in ezPDF Arbitrary Command Execution Vulnerability in Cnesty Helpcom 10.0 Integer Overflow Vulnerability in DaviewIndy v8.98.7.0 and Earlier Versions ActiveX Control Code Download Vulnerability in Younglimwon Co., Ltd: Arbitrary File Download and Execution Arbitrary File Download and Execution Vulnerability in NEXACRO14 Runtime ActiveX Control Remote Code Execution Vulnerability in DEXT5 Upload 5.0.0.117 and Earlier Versions Remote Code Execution Vulnerability in ZOOK Solution's ConnectMe Command Title: Arbitrary File Download and Execution Vulnerability in VideoOffice X2.9 and Earlier Versions (CVE-2020-7878) Remote Command Execution Vulnerability in ipTIME C200 IP Camera Remote Code Execution Vulnerability in ActiveX Module of NeoRS Remote Support Program Stack-based Buffer Overflow in AfreecaTV Streamer Service Path Traversal Vulnerability in getPFXFolderList Function Remote Code Execution Vulnerability in Printchaser v2.2021.804.1 and Earlier Versions Insecure Maven Repository Access in JetBrains IntelliJ IDEA Network Exposure of JetBrains IntelliJ IDEA Ports Unsigned Binaries Vulnerability in JetBrains Rider 2019.3 EAP2-2019.3 EAP7 Unencrypted Connection Vulnerability in JetBrains Scala Plugin Reverse Tabnabbing Vulnerability in JetBrains TeamCity Server-Stored Password Disclosure in JetBrains TeamCity Web UI Stored XSS Vulnerability in JetBrains TeamCity (pre-2019.2) Allows Attack by Developer Role User XSS Vulnerability in JetBrains TeamCity User-Level Pages Accessing SMTP/Jabber Settings via Backups in JetBrains YouTrack (CVE-2019-59309) XSS Vulnerability in JetBrains YouTrack 2019.2 before 2019.2.59309 via Issue Description Arbitrary File Read Vulnerability in JetBrains IntelliJ IDEA 2019.2 XSLT Debugger Plugin XSS Vulnerability in Eaton 5P 850 Devices: Ubicacion SAI Field Unauthenticated User Role Manipulation in LearnPress Plugin for WordPress Insecure Direct Object Reference Vulnerability in Totemo TotemoMail 7.0.0 Webmail X.509 Certificate Parsing Vulnerability in Go (CVE-2020-28362) Unauthenticated Denial of Service in PMM-Server Authorization Bypass Vulnerability in MongoDB Server Improper Access to MongoDB Instances via MongoDB Enterprise Kubernetes Operator X.509 Certificates Denial of Service Vulnerability in MongoDB Server's GeoNear Query Subsystem MongoDB Tools Command Line Parameter Vulnerability Uninitialized Memory Use in Role Name Parser Allows Denial of Service Denial of Service Vulnerability in MongoDB Server v4.4.1 Privilege Escalation via Specially Crafted API Calls in MongoDB Ops Manager Arbitrary Memory Access Vulnerability in MongoDB Server MongoDB Server Denial of Service Vulnerability Remote Code Execution via Insecure FreeMarker Template Processing in JFrog Artifactory Sensitive Data Exposure via URL Query Parameters Persistent XSS Vulnerability in LifeRay Portal CE 7.1.0 through 7.2.1 GA2 Unrestricted File Upload Vulnerability in Artica Pandora FMS 7.42 Open Redirect Vulnerability in Plone 4.0 through 5.2.1 Plone 5.0-5.2.1 XSS Vulnerability: Privileged Users Can Execute JavaScript via Title Field Privilege Escalation Vulnerability in Plone REST API (Plone 5.2.0 - 5.2.1) SQL Injection in DTML or Connection Objects in Plone 4.0 through 5.2.1: Unwanted SQL Query Execution Vulnerability Weak Password Vulnerability in Plone 4.3 through 5.2.0 Privilege Escalation Vulnerability in plone.app.contenttypes in Plone 4.3 through 5.2.1 Vulnerability: Catalog Retrieval by Modifying Facts in Puppet Information Disclosure Vulnerability in Puppet Server and PuppetDB Metrics API Sensitive Parameters Leakage in Continuous Delivery for Puppet Enterprise (CD4PE) Insecure Storage of Local Registry Credentials in CD4PE Deployment Definition CSV Injection Vulnerability in Login by Auth0 Plugin for WordPress Insecure Direct Object Reference in Login by Auth0 Plugin for WordPress Remote Code Execution and Denial of Service Vulnerability in Valve Dota 2 (CVE-2020-XXXX) Remote Code Execution and Denial of Service Vulnerability in Valve Dota 2 (CVE-2020-XXXX) Memory Corruption Vulnerability in Valve Dota 2 (meshsystem.dll) Allows Remote Code Execution or Denial of Service Memory Corruption Vulnerability in Valve Dota 2 (rendersystemdx9.dll) Allows Remote Code Execution or Denial of Service Unauthenticated File Read Vulnerability in OpServices OpMon 9.3.2 Privilege Escalation via Misconfigured Sudoers File in OpServices OpMon 9.3.2 Inconsistent ACL Enforcement in HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Privilege Escalation via TLS Certificate Validation in HashiCorp Nomad Denial of Service Vulnerability in Dovecot 2.3.9 Vulnerability: Leftover Debug Code Allows Unauthorized Access to Fingerprint Images on OnePlus 7 Pro Database Name Enumeration Vulnerability in LabVantage LIMS 8.3 Arbitrary Code Execution via JSONWS in Liferay Portal prior to 7.2.1 CE GA2 User Answer Enumeration in One Identity Password Manager 5.8 Improper Access Control in Mirumee Saleor 2.x Allows Unauthorized Checkout Attachments and User Data Leakage CSRF Vulnerability in Webargs 5.x through 5.5.2 Directory Traversal Vulnerability in GitLab EE 11.11 through 12.7.2 Insecure Permissions in GitLab EE 8.0 through 12.7.2 Incorrect Access Control in GitLab EE 8.0 through 12.7.2 Information Disclosure Vulnerability in GitLab EE 8.0 - 12.7.2 Cross-Site Scripting (XSS) Vulnerability in GitLab EE 11.0 and later through 12.7.2 Insecure Permissions Vulnerability in GitLab EE 12.2 Cross-Site Scripting (XSS) Vulnerability in GitLab 12.7.2 GitLab EE 10.1 through 12.7.2 Information Disclosure Vulnerability Incorrect Access Control in GitLab EE 12.4 through 12.7.2 Insecure Permissions in GitLab EE 8.8 and later through 12.7.2 GitLab EE 12.6 - 12.7.2 Denial of Service Vulnerability Insecure Permission Vulnerability in GitLab EE 8.9 and later through 12.7.2 Remote Command Execution in Intellian Aptus Web 1.24 via libagent.cgi Boolean-based SQL Injection in Geocoder's sql.rb Arbitrary Package Payload Injection Vulnerability in OpenWrt and LEDE CSRF Vulnerability in Ruckus R500 3.4.2.0.384 Login.asp SolarWinds N-central Cleartext Domain Admin Credentials Retrieval Vulnerability CSRF Vulnerability in phpIPAM 1.4 Allows Unauthorized Password Changes XSS Vulnerability in Adive Framework 2.0.8: Admin/User/Add UserUsername Adive Framework 2.0.8 Vulnerability: Admin/User/Add UserName XSS CSRF Vulnerability in Adive Framework 2.0.8 Allows Unauthorized Password Change Ticket Creation Vulnerability in Prototype 1.6.0.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Dolibarr 10.0.6 Unlimited Rate of Failed Authentication Attempts in Dolibarr 10.0.6 Login Page XSS Vulnerability in Dolibarr 10.0.6 via Referer HTTP Header in passwordforgotten.php Cross-Site Scripting (XSS) Vulnerability in ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 Parental Control Feature Arbitrary File Upload Vulnerability in Super File Explorer App 1.0.1 for iOS Hardcoded API Key Vulnerability in Intellian Aptus Application 1.0.2 for Android Hardcoded Password Vulnerability in Intellian Aptus Web 1.24 Hardcoded Password Vulnerability in Intellian Aptus Application 1.0.2 for Android NULL Pointer Dereference Vulnerability in virglrenderer Double-Free Vulnerability in vrend_renderer.c Allows Denial of Service Critical Security Vulnerability: Incorrect Access Control in STMicroelectronics STM32F1 Devices Directory Traversal Vulnerability in AVB MOTU Devices (2020-01-22) Allows Unauthorized Access to /etc/passwd File Improper ACL Handling Vulnerability in CA Unified Infrastructure Management (Nimsoft/UIM) Robot Component Null Pointer Dereference Vulnerability in CA Unified Infrastructure Management (Nimsoft/UIM) Robot Controller Component Buffer Overflow Vulnerability in CA Unified Infrastructure Management (Nimsoft/UIM) Robot Component UNIX Symbolic Link (Symlink) Following Vulnerability in chkstat of SUSE Linux Enterprise Server Privilege Escalation Vulnerability in kopano-spamd Package of openSUSE Leap 15.1 and Tumbleweed Local Privilege Escalation Vulnerability in openSUSE Factory exim Package Race Condition Vulnerability in texlive-filesystem Packaging of SUSE Linux Enterprise and openSUSE Leap Race Condition Vulnerability in texlive-filesystem Cron Job Allows Arbitrary File Deletion Privilege Escalation Vulnerability in SUSE Linux Enterprise Server 15 SP1 Privilege Escalation via Symbolic Link (Symlink) Following in syslog-ng Improper Neutralization of Input During Web Page Generation in open-build-service Allows Remote XSS Improper Access Control in Open Build Service Allows Unauthorized File Reading Incorrect Default Permissions Vulnerability in Tomcat Packaging on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 Privilege Escalation Vulnerability in openldap2 of SUSE and openSUSE Systems Incorrect Default Permissions Vulnerability in hylafax+ Packaging of openSUSE Leap 15.2, openSUSE Leap 15.1, and openSUSE Factory Incorrect Execution-Assigned Permissions Vulnerability in SUSE Linux Enterprise Server and openSUSE Privilege Escalation Vulnerability in inn Packaging in openSUSE Leap 15.2, Tumbleweed, and Leap 15.1 Insecure Temporary File Vulnerability in openldap2 Improper Access Control Vulnerability in SUSE Manager Server and Proxy Incorrect Permission Assignment in skuba of SUSE CaaS Platform 4.5 Allows Unauthorized Access to Kublet Key Insecure Temporary File Vulnerability in skuba of SUSE CaaS Platform 4.5 Cross-site Scripting (XSS) Vulnerability in Open Build Service Markdown Rendering Insecure Temporary File Vulnerability in openSUSE Factory's cyrus-sasl Packaging Cross-Site Scripting (XSS) Vulnerability in Ruckus R500 3.4.2.0.384 Devices via index.asp Device Name Field Reflected Cross-Site Scripting (XSS) Vulnerability in Gollem before 3.0.13 Stored XSS Vulnerability in Horde Groupware Webmail Edition 5.2.22 via SVG Image Upload Unsafe Usage of tok2strbuf() Function in tcpdump 4.10.0-PRE-GIT's SOME/IP Dissector Memory Allocation Vulnerability in tcpdump 4.9.3's ppp Decapsulator Incomplete Verification of XMPP Address in mod_auth_ldap and mod_auth_ldap2 Community Modules for Prosody Remote Command Execution Vulnerability in SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA Devices via Parameter Pollution Type Juggling Vulnerability in UseBB 1.0.12 Allows Login Bypass Stored XSS Vulnerability in Piwigo 2.10.1 via Group Name Field on group_list Page Stored XSS Vulnerability in A1 WLAN Box ADB VV2220v2 Devices Cross-Site Scripting (XSS) Vulnerability in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 via svg.swf Privilege Escalation Vulnerability in BDLDaemon in Bitdefender Antivirus for Mac AntivirusforMac Binary Vulnerability: Exploiting DYLD Environment Variable for Code Execution Junction Handling Vulnerability in Bitdefender Total Security 2020 Untrusted Search Path Vulnerability in Bitdefender High-Level Antimalware SDK for Windows Privilege Escalation and Security Settings Tampering Vulnerability in Bitdefender Endpoint Security Tools and SDK Improper Handling of Junctions in Bitdefender Antivirus Free Allows File Substitution and Privileged Location Restoration Denial of Service Vulnerability in Bitdefender Engines Prior to 7.84063 Command Injection Vulnerability in ADT LifeShield DIY HD Video Doorbell Remote Code Execution Vulnerability in Bitdefender Total Security 2020 Safepay Browser Component Symbolic Link Vulnerability in Bitdefender Antivirus Free Allows Unauthorized File Restoration Abode iota All-In-One Security Kit OS Command Injection Vulnerability Process Control Vulnerability in Bitdefender Antivirus Plus, Internet Security, and Total Security Authentication Bypass Vulnerability in Bitdefender Endpoint Security for Mac Buffer Overflow Vulnerability in ace.xmd Parser in Bitdefender Engines Uninitialized Memory Pointer Vulnerability in Bitdefender Engines Heap-based Buffer Overflow in opj_t1_clbl_decode_processor in OpenJPEG 2.3.1 through 2020-01-28 Incorrect Access Control in GitLab 10.7 and later through 12.7.2 Insecure Permission Vulnerability in GitLab EE 8.9 and later through 12.7.2 Reflected XSS Vulnerability in Revive Adserver <= 5.0.3: Potential Session Theft and Arbitrary Code Execution Prototype Pollution Vulnerability in dot-prop npm Package Information Leakage in Nextcloud Server 14.0.3: Event Details Exposed when Sharing Non-Public Events Authenticated Server-Side Request Forgery in Nextcloud Server 16.0.1: Calendar Subscription Service Detection Vulnerability File-Drop Share Link Vulnerability in Nextcloud Server 17.0.0: Unauthorized Access to Previews and Files via Gallery App Reflected Cross-Site Scripting Vulnerability in Nextcloud Server 16.0.1 SVG Generation Data Exposure Vulnerability in Nextcloud Server 14.0.4 Exploitable Vulnerability in Nextcloud Server 14.0.3 Allows Share Expiration Date Extension Arbitrary Restart Vulnerability in Strapi v3.0.0-beta.18.3 and Earlier Bypassing Security Checks through Insufficient Validation and Sanitization in url-parse npm Package Prototype Pollution Vulnerability in klona npm Package (Versions 1.1.0 and Earlier) Privilege Escalation Vulnerability in EdgeSwitch: Unsanitized User Input Allows Local Command Execution Cross-Site Scripting (XSS) Vulnerability in reveal.js version 3.9.1 and earlier Unintended Require and Server-Side Request Forgery Vulnerabilities in jsreport v2.5.0 and Earlier: Arbitrary Code Execution Arbitrary Code Execution Vulnerability in script-manager npm Package (<=0.8.6) OS Command Injection Vulnerability in Ruby Rake < 12.3.3: Exploiting Rake::FileList with Pipe Character Filename Arbitrary Filesystem Write Vulnerability in Yarn: Potential for Arbitrary Code Execution Arbitrary Code Execution Vulnerability in pdf-image npm Package (<= 2.0.0) Passphrase Generation Vulnerability in Nextcloud Server 19.0.1 Ghost CMS < 3.10.0 SSRF Vulnerability: Unauthorized Network Scanning and Internal System Interaction Uppy npm Package < 1.9.3 SSRF Vulnerability: Unauthorized Network Scanning and System Interaction Prototype Pollution Vulnerability in fastify-multipart < 1.0.5 Remote Code Execution Vulnerability in Blamer 1.0.0 and Earlier Server-Side Request Forgery (SSRF) Vulnerability in Nextcloud Server < 17.0.1, < 16.0.7, and < 15.0.14 via Malicious Calendar Subscription Vulnerability: Insecure Hide-Download Shares in Nextcloud Server Arbitrary Code Execution Vulnerability in Nextcloud Desktop Client 2.6.2 for macOS Template Injection Vulnerability in dot package v1.1.2 Vulnerability: Security Restriction Bypass in Revive Adserver Open Redirect Vulnerability in Revive Adserver < 5.0.5 Firmware Update Directory Traversal Vulnerability in UniFi Video Server v3.9.3 and prior Privilege Escalation Vulnerability in UniFi Video Server (Windows) Web Interface Local Privileges Escalation to SYSTEM via File Deletion and DLL Hijack in UniFi Video v3.10.1 Prototype Pollution Vulnerability in utils-extend npm package (versions 1.0.8 and earlier) allows for Remote Code Execution or Denial of Service Vulnerability: Unauthorized Hostname Change in UniFi Cloud Key Firmware < 1.1.6 Arbitrary Shell Command Execution Vulnerability in logkitty npm Package (<=0.7.1) Downgrade Attack Vulnerability in Nextcloud Server 19.0.1 Active Resource <v5.1.1 Information Disclosure Vulnerability Server-Side Encryption Key Replacement Vulnerability in Nextcloud Server 19.0.1 Improper Access Control in Groupfolders App 4.0.3 Allows Deletion of Hidden Directories via Renaming Vulnerability Remote Wipe Vulnerability in Nextcloud Server 18.0.2 Cross-site scripting vulnerability in Files PDF viewer of Nextcloud Server 18.0.2 due to outdated 3rd party library TLS Host Verification Bypass in Nextcloud Mail 1.1.3: Enabling Man-in-the-Middle Attacks Unrestricted Root Access Vulnerability in UniFi Cloud Key Firmware Prototype Pollution Vulnerability in TypeORM Package < 0.2.25: Exploiting Object Property Modification for Denial of Service and SQL Injection Attacks Arbitrary File Write Vulnerability in actionpack_page-caching gem < v1.2.1 Cross-Site Scripting (XSS) Vulnerability in MendixSSO <= 2.1.1 via OpenID Handler Rack Directory Traversal Vulnerability Content-Length Manipulation Vulnerability in Rails ActiveStorage's S3 Adapter Remote Code Execution Vulnerability in Rails Versions Prior to 5.0.1 via Code Injection in `render` Call Deserialization Vulnerability in Rails < 5.2.4.3, Rails < 6.0.3.1: Information Leakage via Strong Parameters Deserialization of Untrusted Data Vulnerability in Rails < 5.2.4.3, Rails < 6.0.3.1: Remote Code Execution (RCE) Risk CSRF Forgery Vulnerability in Rails Versions < 5.2.5 and < 6.0.4 CSRF Vulnerability in Rails-UJS Module: Cross-Domain Token Leakage AirMax AirOS Firmware v6.2.0 and Prior Multiple CSRF Vulnerabilities Curl 7.62.0 - 7.70.0 Information Disclosure Vulnerability: Partial Password Leakage AirMax AirOS Firmware v6.2.0 and Prior XSS Vulnerability Fix Command Injection Vulnerability in AirMax AirOS Firmware v6.2.0 and Prior Vulnerability: TLS Session Reuse Allows Host Certificate Verification Bypass in Node.js < 12.18.0 and < 14.4.0 Insufficient Random Character Set in Nextcloud Server 18.0.4 Encryption Vulnerability Memory Corruption Vulnerability in napi_get_value_string_*() in Node.js Versions < 10.21.0, 12.18.0, and < 14.4.0 Denial of Service Vulnerability in jpeg-js before 0.4.0 Cross-Site Scripting (XSS) Vulnerability in koa-shopify-auth v3.1.61-v3.1.62 Curl -J Flag Local File Overwrite Vulnerability OS Command Injection Vulnerability in npm package `jison` <= 0.4.18 Improper Access Control in Nextcloud Deck 1.0.0: Task Injection Vulnerability Code Injection Vulnerability in Nextcloud Talk 6.0.4, 7.0.2, and 8.0.7 Arbitrary File Upload Vulnerability in Nextcloud Contacts 3.2.0 Improper Access Control in Nextcloud Deck 0.8.0: Unauthorized Resharing of Boards with Elevated Permissions Plaintext Storage of Share Password in Nextcloud Server 19.0.0 Cookie Forgery Vulnerability in Rack Untrusted User Exploitation: Denial of Service Vulnerability in Rails <6.0.3.2 Allows Unauthorized Execution of Pending Migrations Remote Code Execution Vulnerability in devcert Module via Command Injection Denial of Service Vulnerability in Citrix ADC and Citrix Gateway Privilege Escalation Vulnerability in UniFi Protect Firmware Cross-Site Scripting Vulnerability in Nextcloud Desktop Client 2.6.4 Privilege Escalation via Incorrect File Permissions in Citrix ADC and Citrix Gateway Reflected Cross Site Scripting (XSS) Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SDWAN WAN-OP Fastify Denial of Service Vulnerability with Specially Crafted Schemas Unauthenticated Access Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SDWAN WAN-OP Reflected Code Injection Vulnerability in Citrix ADC and Citrix Gateway Information Disclosure Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SDWAN WAN-OP Improper Access Control Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SDWAN WAN-OP Command Execution Privilege Escalation Vulnerability in Citrix ADC and Citrix Gateway Stored Cross-Site Scripting (XSS) Vulnerability in Citrix ADC, Citrix Gateway, and Citrix SDWAN WAN-OP Local Privilege Escalation in Citrix ADC Gateway Linux Client Versions Arbitrary File Read Vulnerability in Citrix StoreFront Server < 1912.0.1000 HTTP Desync Vulnerability in Node.js Versions < 12.18.4 and < 14.11: Exploiting Carrier-Return Symbols in HTTP Header Names Denial of Service Vulnerability in Nextcloud Preferred Providers App v1.6.0 Prototype Pollution Vulnerability in lodash's _.zipObjectDeep (<=4.17.20) Cross Site Scripting (XSS) Vulnerability in Pulse Connect Secure <9.1R5 on PSAL Page Server-Side Request Forgery (SSRF) vulnerability in uppy npm package < 1.13.2 and < 2.0.0-alpha.5 Improper Authentication Vulnerability in Pulse Connect Secure <9.1RB Allows Bypass of Google TOTP Privilege Escalation and Code Execution Vulnerability in Citrix Workspace App for Windows Cross-Site Scripting (XSS) Vulnerability in Citrix XenMobile Server Arbitrary File Read Vulnerability in Citrix XenMobile Server Credential Disclosure in Citrix XenMobile Server SQL Injection Vulnerability in Citrix XenMobile Server Privilege Escalation Vulnerability in Citrix XenMobile Server UniFi Protect Information Exposure Vulnerability Arbitrary File Read Vulnerability in Survey Version < 3 Buffer Overflow Vulnerability in Canvas Version <= 1.6.9: Potential DoS and Arbitrary Code Execution Meeting Details Information Disclosure Vulnerability in Pulse Connect Secure <9.1R8 Exploitable Cross Site Scripting (XSS) Vulnerability in Pulse Connect Secure <9.1R8 via Citrix ICA URL Arbitrary Code Execution Vulnerability in Pulse Connect Secure <9.1R8 via Admin Web Interface Insufficient Permission Check Vulnerability in Pulse Connect Secure <9.1R8 Allows Password Change for Full Administrator Command Injection Vulnerability in Pulse Connect Secure <9.1R8 Allows for Denial of Service Arbitrary File Read Vulnerability in Pulse Connect Secure <9.1R8 Arbitrary File Reading Vulnerability in Pulse Connect Secure <9.1R8 through Meeting Privilege Escalation Vulnerability in Nextcloud Server 19.0.0 Arbitrary Code Execution Vulnerability in Nextcloud Desktop Client 2.6.4 via Malicious OpenSSL Config Cleartext Storage of Proxy Authentication Credentials in Nextcloud Desktop Client 2.6.4 Remote Image Dimensions Check SSRF Vulnerability in phpBB Server Response Sanitization Vulnerability in Nextcloud Desktop Client 2.6.4 for Linux Unrestricted Password Setting Vulnerability in Preferred Providers App 1.7.0 Memory Leak Vulnerability in Nextcloud Desktop Client 2.6.4: Exploiting OCUtil.dll for Denial of Service Memory Corruption Vulnerability in NextCloud Desktop Client v2.6.4: Exploiting ASLR and DEP Weaknesses Dangling Pointer Vulnerability in libcurl 7.29.0 through 7.71.1 Information Disclosure Vulnerability in EdgeMax EdgeSwitch Firmware v1.9.0: Unauthorized Access via SNMP Community Pages Command Injection Vulnerability in EdgeSwitch Firmware <v1.9.0 Allows Privilege Escalation EdgeMax EdgeSwitch Firmware <v1.9.1: Command Injection via SIDSSL Cookie Insecure Direct Object Reference in Nextcloud Deck 1.0.4 Allows Unauthorized Access to Attachments Insecure Two-Factor Verification Implementation in Nextcloud Server 19.0.1 Prototype Pollution in json-bigint npm Package < 1.0.0: Denial-of-Service (DoS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 Pulse Secure Desktop Client < 9.1R9 Vulnerability: Client Registry Privilege Escalation Privilege Escalation in Pulse Secure Desktop Client with Embedded Browser Credential Provider Pulse Secure Desktop Client < 9.1R9 Vulnerability: MITM Attack via Malicious Server SQL Injection Vulnerability in ExpressionEngine <= 5.4.0 Control Panel Member Creation Arbitrary Code Execution via Custom Template Upload in Pulse Connect Secure Admin Web Interface Buffer Over-read Vulnerability in bl Library HTML Injection Vulnerability in Citrix ADC and Citrix Gateway Denial of Service Vulnerability in Citrix ADC and Gateway Privilege Escalation Vulnerability in Citrix ADC and Gateway Privilege Escalation Vulnerability in Pulse Secure Desktop Client (Linux) < 9.1R9 Buffer Overflow Vulnerability in Pulse Secure Desktop Client (Linux) < 9.1R9 Privilege Escalation Vulnerability in Pulse Secure Desktop Client (Linux) < 9.1R9 Node.js < 14.11.0 Vulnerability: HTTP Denial of Service (DoS) via Delayed Requests Buffer Overflow Vulnerability in realpath Implementation in libuv Authentication Bypass Vulnerability in Citrix XenMobile Server Remote Code Execution (RCE) Vulnerability in Pulse Secure Desktop Client < 9.1R9 on Windows PDC Arbitrary File Reading Vulnerability in Pulse Connect Secure < 9.1R9 Admin Web Interface Pulse Connect Secure Admin Web Interface XXE Vulnerability Privilege Escalation Vulnerability in Citrix Gateway Plug-in for Windows Arbitrary File Modification Vulnerability in Citrix Gateway Plug-in for Windows Server-Side Encryption Key Replacement Vulnerability in Nextcloud Server 19.0.1 Arbitrary Code Execution via Uncontrolled Gzip Extraction in Pulse Connect Secure < 9.1R9 Admin Web Interface Arbitrary Cookie Injection Vulnerability in Pulse Connect Secure / Pulse Policy Secure < 9.1R9 Pulse Connect Secure / Pulse Policy Secure Vulnerability: Cross-Site Scripting (XSS) and Open Redirection Cross-Site Scripting (XSS) Vulnerability in Pulse Connect Secure < 9.1R9 Authenticated User Web Interface XSS Vulnerability in Actionable Exceptions Middleware of Actionpack Gem >= 6.0.0 Use-after-free vulnerability in Node.js TLS Implementation Improper Authentication in UniFi Protect Controller API Prototype Pollution Vulnerability in json8-merge-patch npm Package < 1.0.3 Arbitrary Command Execution Vulnerability in Citrix Virtual Apps and Desktops (CVAD) Versions Before 2009, 1912 LTSR CU1, 7.15 LTSR CU6, and 7.6 LTSR CU9 Arbitrary Command Execution Vulnerability in Citrix Virtual Apps and Desktops (CVAD) Versions Before 2009, 1912 LTSR CU1, and 7.15 LTSR CU6 Critical Vulnerability: Unauthenticated Remote Code Execution in Citrix SD-WAN Center Authentication Bypass Vulnerability in Citrix SD-WAN Center Root Privilege Escalation Vulnerability in Citrix SD-WAN Center Code Injection Vulnerability in Citrix Secure Mail for Android Improper Access Control in Citrix Secure Mail for Android Allows Unauthenticated Calendar Data Access Brave Desktop's Privacy-Preserving Analytics System (P3A) Logs Incorrect Timestamps for Incognito and Tor Windows DNS Request Amplification Denial of Service Vulnerability in Node.js Improper Access Control in Nextcloud Social App v0.3.1: Unauthorized Reading of User Posts Server Certificate Validation Bypass in Nextcloud Social < 0.4.0: Enabling Man-in-the-Middle Attacks File Type Check Bypass Vulnerability in Nextcloud Contacts 3.4.0 Cross-Site Scripting (XSS) Vulnerability in Nextcloud Contacts 3.3.0 Unprotected CSRF Vulnerability in EdgePower 24V/54V Firmware v1.7.0 and Earlier Allows Remote Code Execution Arbitrary Command Execution Vulnerability in Citrix Universal Print Server on Windows Hosts FTP PASV Response IP Address Disclosure Vulnerability FTP Wildcard Match Parsing Stack Overflow Vulnerability Improper Certificate Revocation Check in cURL 7.41.0 - 7.73.0 HTTP Request Smuggling Vulnerability in Node.js Cross-Site Scripting (XSS) Vulnerability in Rocket.Chat Server's `specializedRendering` Function Improper Certificate Validation in Backblaze Client Update Functionality Improper Privilege Management in Backblaze for Windows and macOS: Local Privilege Escalation via Rogue Client Update Binary Rocket.Chat Link Preview Rendering XSS Vulnerability Cross-Site Scripting (XSS) Vulnerability in Rocket.Chat Server via Drag & Drop Functionality Unlimited Data Storage Vulnerability in Nextcloud Server Stored XSS Vulnerability in Nextcloud Server Allows Execution of JavaScript via Internet Explorer Denial of Service Vulnerability in Nextcloud Server 19 and Prior: Password Reset DoS Attack Insecure Password Storage in Nextcloud Server Insecure Direct Object Reference (IDOR) Vulnerability in Nextcloud Deck Command Injection Vulnerability in fs-path Node Module (Versions before 0.0.25) Uncontrolled Resource Consumption Vulnerability in Citrix ADC and Citrix/NetScaler Gateway SAML Authentication Hijacking Vulnerability in Citrix ADC and Citrix/NetScaler Gateway Insecure Dependency Load Vulnerability in Python on Windows 7 File Read Vulnerability in Lenovo Vantage Prior to Version 10.2003.10.0 DLL Search Path Vulnerability in Lenovo Drivers Management Privilege Escalation Vulnerability in LenovoSystemUpdatePlugin Privilege Escalation Vulnerability in Lenovo System Interface Foundation ThinkPad BIOS Vulnerability: Internal Shell Enables Privilege Escalation Arbitrary Code Execution Vulnerability in Lenovo Notebook and ThinkStation SMI Callback Function Arbitrary Code Execution Vulnerability in Lenovo Notebook and ThinkStation Legacy USB Driver Arbitrary Code Execution Vulnerability in Lenovo ThinkPad, ThinkStation, and Lenovo Notebook Models Unsigned DLL Execution Vulnerability in LenovoAppScenarioPluginSystem Unquoted Service Path Vulnerability in Lenovo Drivers Management Privilege Escalation Vulnerability in LenovoBatteryGaugePackage for Lenovo Vantage Denial of Service Vulnerability in Lenovo Printer LJ4010DN Firmware Denial of Service Vulnerability in Lenovo Printer LJ4010DN Firmware Arbitrary Code Execution Vulnerability in Legacy BIOS Mode USB Drivers on Lenovo and IBM System x Servers Arbitrary Code Execution Vulnerability in Lenovo Desktops and ThinkStation Models' EEPROM Driver Untriggered BIOS Tamper Detection in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275: Potential Unauthorized Access Vulnerability Untriggered BIOS Tamper Detection in Lenovo ThinkPad A285, A485, T495, T495s/X395 Lenovo ThinkPad Models Vulnerable to Intel CSME Anti-rollback ARB Bypass Unquoted Search Path Vulnerability in Synaptics Smart Audio UWP App Lenovo Diagnostics DLL Search Path Vulnerability Cross-Site Scripting Inclusion (XSSI) Vulnerability in IBM BladeCenter Advanced Management Module (AMM) Web Interface Legacy IBM and Lenovo System x IMM2 XSS Vulnerability Lenovo ThinkPad BIOS Vulnerability: PRx Misconfiguration After S3 Sleep Mode Race Condition Vulnerability in Lenovo System Update Prior to Version 5.07.0106 Allows Privilege Escalation DLL Search Path Vulnerability in Lenovo HardwareScan Plugin for Lenovo Vantage Denial of Service Vulnerability in Lenovo Vantage Component Lenovo Enterprise Network Disk XSS Vulnerability DOM-based Cross-Site Scripting (XSS) Vulnerability in Lenovo Enterprise Network Disk Unauthenticated Remote Code Execution Vulnerability in CNOS REST API Management Interface Lenovo ThinkPad Stack Wireless Router Firmware Authentication Bypass Vulnerability Privilege Escalation Vulnerability in Lenovo PCManager (CVE-2021-XXXX) Lenovo Desktop Models Vulnerable to Undetected SATA Configuration Changes Lenovo Desktop and Workstation Systems Vulnerable to Unauthorized Intel AMT Configuration SMI Callback Function Vulnerability in Lenovo Notebook Models Windows OS Credentials Leakage in Lenovo XClarity Administrator (LXCA) during Driver Updates Clear Text Storage of Optional Passwords in LXCO Log Files Lenovo PCManager Denial of Service Vulnerability Denial of Service Vulnerability in BearFTP before 0.2.0 CSRF Vulnerability in Code Snippets Plugin for WordPress CSRF Vulnerabilities in Joomla! Components CSRF Vulnerability in Joomla! com_templates LESS Compiler Cross-Site Scripting (XSS) Vulnerability in Joomla! com_actionlogs Authorization Bypass in Zoho ManageEngine Remote Access Plus Buffer Overflow Vulnerability in TP-Link TL-WR841N V10 (Firmware Version 3.16.9) Allows Remote Code Execution CSRF Vulnerability in Cups Easy (Purchase & Inventory) 1.0 Allows Admin Account Takeover CSRF Vulnerability in Cups Easy (Purchase & Inventory) 1.0 Allows Admin Account Deletion Reflected XSS Vulnerability in Elementor Plugin for WordPress (CVE-2020-XXXX) Authentication Bypass via SQL Injection in Unitrends Backup before 10.4.1 Use-after-free vulnerability in fs/namei.c allows for denial of service and information leakage Remote Code Execution Vulnerability in Kinetica 7.0.9.2.20191118151947 Admin Web Application Open Redirect Vulnerability in Stormshield Network Security 310 3.7.10 Captive Portal Double Free Vulnerability in cmd/gpt.c do_rename_gpt_parts() Function Jenzabar JICS Session Cookie Vulnerability SQL Injection in RegistrationMagic Plugin 4.6.0.0 for WordPress Cross-Site Scripting (XSS) Vulnerability in RegistrationMagic Plugin 4.6.0.0 for WordPress Bencoding Parser Denial of Service Vulnerability in BitTorrent uTorrent Arbitrary OS Command Execution in Ruckus ZoneFlex R500 104.0.0.0.1347 Devices Arbitrary User Account Takeover in Monstra CMS 3.0.4 Unauthenticated Remote Code Execution in Simplejobscript.com SJS through 1.66 via Resume Upload Remote Code Execution Vulnerability in JYaml 1.3 Heap-based Buffer Overflow in OSSEC-HIDS Log Analysis Server Component Heap-based Buffer Overflow in OSSEC-HIDS Log Analysis Component Use-after-free vulnerability in OSSEC-HIDS log analysis server component Unauthenticated Remote Attack via Log Injection and Terminal Control Characters in OSSEC-HIDS Path Traversal Vulnerability in OSSEC-HIDS Log Analysis Component Use-after-free vulnerability in OSSEC-HIDS log analysis server component Denial of Service Vulnerability in OSSEC-HIDS Log Analysis Component Squid HTTP Request Parsing Vulnerability Buffer Overflow Vulnerability in Squid Reverse Proxy CSRF Protection Bypass Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Cross-Site Scripting (XSS) Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Allows Web Interface Tampering Bypassing Global Authorization Check in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Localhost Spoofing Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Allows Remote Code Execution as Root Command Injection Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 Remote Code Execution Vulnerability in Trend Micro Apex One and OfficeScan XG Content Validation Escape Vulnerability in Trend Micro Apex One, OfficeScan XG, and Worry-Free Business Security Agents DLL Hijacking Vulnerability in Trend Micro Password Manager for Windows Version 5.0 Unauthenticated Remote File Deletion Vulnerability in Trend Micro Apex One, OfficeScan XG, and Worry-Free Business Security Servers Weak File Permissions Vulnerability in ABB Central Licensing Server Component Insufficient Folder Permissions in ABB System 800xA Products: Privilege Escalation and File Corruption Vulnerability Insufficient Folder Permissions in ABB System 800xA Base: Privilege Escalation and File Corruption Vulnerability Registry Permissions Vulnerability in ABB System 800xA Base Allows Unauthorized Control System Manipulation Vulnerability: Input Validation Weakness in ABB Central Licensing Server Vulnerability: License Manipulation via Weak Input Validation in ABB Central Licensing Server Vulnerability: XSS-like Attack in ABB System 800xA Information Manager Vulnerability: Data Injection in ABB System 800xA Products XML External Entity Injection Vulnerability in ABB Central Licensing Server Component Unprotected File Write Vulnerability in ABB Products Insecure Storage of Sensitive Information in ABB Device Library Wizard Versions 6.0.X, 6.0.3.1, and 6.0.3.2 Vulnerability: Insufficient Protection of Inter-Process Communication in ABB System 800xA for DCI Vulnerability: Insufficient Protection of Inter-Process Communication in ABB System 800xA for MOD 300 Inter-Process Communication Vulnerability in ABB System 800xA RNRP Allows Data Injection and Node Redundancy Manipulation Inter-Process Communication Vulnerability in ABB System 800xA Base Allows Data Injection and Node Redundancy Manipulation Vulnerability: Insufficient Protection of Inter-Process Communication in ABB System 800xA Batch Management Inter-Process Communication Vulnerability in ABB System 800xA Information Management Catastrophic Backtracking in urllib.request.AbstractBasicAuthHandler Stored XSS Vulnerability in Kronos Web Time and Attendance (webTA) via Authenticated Administrator Privilege Escalation in Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0 Unauthenticated Administrative Privilege Escalation in Kronos WebTA Stored XSS Vulnerability in Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0 Unauthenticated Access to Chat History in Artica Pandora FMS (CVE-2021-XXXX) Arbitrary JavaScript Code Execution via XSS in GistPress Plugin Arbitrary Code Execution via Uploader in Artica Pandora FMS 7.42 Insecure Direct Object Reference (IDOR) Vulnerability in Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 CSRF Vulnerability in School Management Software PHP/mySQL Allows Unauthorized Addition of Administrative User CSRF Vulnerability in School Management Software PHP/mySQL Unencrypted Analytics in Global TV App: A Security Vulnerability Unencrypted Analytics in Citytv Video App for Android and iOS Arbitrary Kernel Function Call Vulnerability in Norman Malware Cleaner 2.08.08 Unauthenticated Access to PDFGenerationServlet in Zoho ManageEngine Desktop Central before 10.0.483 Leads to Sensitive Information Disclosure Cookie-based Authentication Bypass in phpABook 0.9 Intermediate Arbitrary Code Execution via File Repository Upload in Artica Pandora FMS XSS Vulnerability in IceWarp Webmail Server through 11.4.4.1 Rumpus 8.2.10 on macOS Directory Name JavaScript Injection Vulnerability Remote Code Execution Vulnerability in DrayTek Vigor Routers Unverified Rendezvous Node Connection Vulnerability in Tor NTLM Authentication Credentials Parser Memory Corruption Vulnerability Remote Code Execution Vulnerability in Horde Groupware Webmail Edition 5.2.22 via CSV Injection SQL Injection Vulnerability in Records.php of phpzag Live Add Edit Delete Data Tables Records with Ajax PHP MySQL SQL Injection Vulnerability in Order and Column Parameters in Records.php SQL Injection Vulnerability in Records.php for PHPZag Live Add Edit Delete Data Tables Records with Ajax PHP MySQL Kia Motors Head Unit Software Vulnerability: Unauthorized Command Injection and CAN Bus Manipulation XML External Entity (XXE) Vulnerability in Zoho ManageEngine Desktop Central Allows Remote File Read and SSRF Attacks XXE Vulnerability in OX App Suite through 7.10.3 Cross-Site Scripting (XSS) Vulnerability in OX App Suite through 7.10.3 Improper Input Validation in OX App Suite through 7.10.3 SSRF Vulnerability in OX App Suite through 7.10.3 Path Traversal Vulnerability in Global.py of AIL Framework 2.8 Admin Login Bypass Vulnerability in phpList 3.5.0 due to Type Juggling XSS Vulnerability in massCode 1.0.0-alpha.6 Allows Remote Code Execution Stored XSS in Strong Testimonials Plugin for WordPress (before version 2.40.1) allows session token theft and other malicious actions. Kubelet Denial of Service Vulnerability via API Kubernetes API Server Denial of Service Vulnerability Insecure Password File Overwrite in Kubernetes Ingress-Nginx Kubernetes API Server Vulnerability: Traffic Interception via ClusterIP and LoadBalancer Services Kubernetes kube-controller-manager SSRF Vulnerability Kubernetes kubelet Disk Usage Vulnerability Vulnerability: Unauthorized Access to Local Services in Kubernetes Unvalidated Redirect Vulnerability in Kubernetes kube-apiserver Kubernetes Vulnerability: Unauthorized Access to Private Networks via Webhook Configuration Bypassing Proxy IP Restriction in Kubernetes VSphere Cloud Credentials Leakage in Kubernetes Clusters Kubernetes Vulnerability: Docker Config File Leakage in Logging Level 4 Sensitive Information Leakage in Kubernetes Logging Ceph RBD Admin Secrets Leakage in Kubernetes Clusters Arbitrary File Write Vulnerability in Kubernetes Secrets Store CSI Driver Vault Plugin, Azure Plugin, and GCP Plugin Kubernetes Secrets Store CSI Driver Vulnerability: Unauthorized File Write and Sync Kubernetes CSI snapshot-controller Crashloop Vulnerability Arbitrary File Overwrite Vulnerability in Kubernetes Java Client Libraries Unauthenticated Remote DoS Vulnerability in StorageGRID Sensitive Information Disclosure Vulnerability in Element OS and Element HealthTools Default Account Password Reset Vulnerability in NetApp HCI H610C, H615C, and H610S BMC Active IQ Unified Manager for Linux: Unauthorized Code Execution via JMX RMI Service Active IQ Unified Manager for VMware vSphere and Windows: Denial of Service (DoS) Vulnerability Vulnerability in Clustered Data ONTAP versions prior to 9.7: Data Manipulation and Information Disclosure Vulnerability in SANtricity OS Controller Software Allows Information Disclosure via HTTPS Interception Clustered Data ONTAP Vulnerability: Node Name Discovery via AutoSupport Bundles Clustered Data ONTAP 9.7 through 9.7P7 Vulnerability: Intercluster LIF DoS Denial of Service (DoS) Vulnerability in SANtricity OS Controller Software versions 11.30 and higher Arbitrary Data Overwrite Vulnerability in Clustered Data ONTAP with VMware vStorage Support Sensitive Information Exposure Vulnerability in Element Software and HCI Sensitive Information Disclosure Vulnerability in Element Software and HCI Versions Unauthenticated Remote Code Execution Vulnerability in Element OS Versions Prior to 1.8P1 and 12.2 Information Disclosure Vulnerability in OnCommand Unified Manager Core Package Cache Poisoning Vulnerability in OnCommand System Manager Unauthorized Tenant Users Data Discovery Vulnerability in Clustered Data ONTAP Unauthorized Tenant Users Can Discover SVM Names and Filenames in Clustered Data ONTAP Versions Prior to 9.3P20 and 9.5P15 Clustered Data ONTAP Vulnerability: Node Name Discovery via AutoSupport Bundles Authentication Bypass Vulnerability in eG Manager 7.1.2 SQL Injection Vulnerability in eG Manager 7.1.2's Forgot Password Feature Multiple Stored XSS Vulnerabilities in Ninja Forms Plugin 3.4.22 for WordPress Authentication Bypass in Istio Versions 1.2.10 (End of Life) and Prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 Time-Based SQL Injection Vulnerability in Participants Database Plugin for WordPress Buffer Overflow Vulnerability in eap.c of pppd in ppp 2.4.2 through 2.4.8 Remote Code Execution Vulnerability in Trend Micro Apex One, OfficeScan XG, and Worry-Free Business Security Servers Arbitrary Data Write and ROOT Login Bypass Vulnerability in Trend Micro Apex One and OfficeScan XG Server Directory Traversal Vulnerability in Trend Micro Worry-Free Business Security DLL Hijacking Vulnerability in Trend Micro Vulnerability Protection 2.0 Authenticated Bypass of File Integrity Checks in Trend Micro Deep Security and Vulnerability Protection Cross-Site Scripting (XSS) Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 Remote Information Disclosure Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 Remote Code Execution Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 Authentication Bypass Vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 Rootkit Protection Driver Vulnerability in Trend Micro Products Buffer Overflow Vulnerability in libslirp 4.1.0 Multiple SQL Injection Vulnerabilities in MOVEit Transfer REST API Unsanitized Input in MOVEit Transfer REST API Endpoint Allows XSS Attacks Remote Code Execution (RCE) Vulnerability in Askey AP4000W TDC_V1.01.003 Devices CSRF Vulnerability in Tutor LMS Plugin Allows Unauthorized Instructor Approval and Malicious Actions Referral Amplification: Exploiting Unlimited Fetches for Reflection Attacks BIND Server Inconsistent State Vulnerability Zone Transfer Vulnerability: Assertion Failure Denial of Service Denial of Service Vulnerability in ISC BIND9 BIND TCP Connection Assertion Failure Vulnerability BIND Server QNAME Minimization and 'Forward First' Vulnerability BIND 9 Truncated Response Vulnerability BIND Vulnerability: Crash Triggered by Specially Crafted Query Packet Zone Content Privilege Escalation Vulnerability in BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, and Supported Preview Edition BIND Servers Vulnerable to GSS-TSIG Configuration Exploit Predictable Passwords Generated by cloud-init's Mersenne Twister Vulnerability Weak Default Password Length in cloud-init's rand_user_password Zimbra Collaboration Suite (ZCS) Calendar Revocation Vulnerability Insecure File Permissions in Wing FTP Server v6.2.3 for Linux, macOS, and Solaris Insecure Permissions in Wing FTP Server v6.2.3 for Linux, macOS, and Solaris Remote Code Execution Vulnerability in OpServices OpMon 9.3.2 SQL Injection Vulnerability in TestLink 1.9.20 via node_id Parameter in dragdroptreenodes.php SQL Injection Vulnerability in TestLink 1.9.20: Arbitrary SQL Command Execution via urgency Parameter in planUrgency.php Unrestricted File Upload Vulnerability in TestLink 1.9.20 Authenticated Local File Inclusion Vulnerability in Lotus Core CMS 1.0.1 via Directory Traversal Unsanitized Input Vulnerability in PlaySMS before 1.4.3 Unauthenticated SQL Injection in Simplejobscript.com SJS 1.66 via Job Applications Search Function Linux Kernel Use-After-Free Vulnerability in vc_do_resize Function Use-After-Free Vulnerability in Linux Kernel's n_tty_receive_buf_common Function Use-After-Free Vulnerability in Linux Kernel's vgacon_invert_region Function Arbitrary OS Command Execution in EyesOfNetwork 5.3 via AutoDiscovery Module Privilege Escalation Vulnerability in EyesOfNetwork 5.3: Apache User Arbitrary Command Execution SQL Injection Vulnerability in EyesOfNetwork API 2.4.2 Default API Key Vulnerability in EyesOfNetwork 5.3 CSRF Vulnerability in BestWebSoft Htaccess Plugin for WordPress Memory Consumption Vulnerability in CNCF Envoy Proxy TLS Inspector Bypass in CNCF Envoy 1.13.0 Excessive Memory Consumption Vulnerability in CNCF Envoy (through 1.13.0) File Descriptor and Memory Exhaustion Vulnerability in Envoy Versions 1.14.2, 1.13.2, 1.12.4, and Earlier Incorrect Access Control in CNCF Envoy with SDS and Combined Validation Context Information Disclosure Vulnerability in Intel(R) Data Center Manager Console Race Condition Vulnerability in Intel(R) Processor Firmware Allows Privilege Escalation via Local Access BIOS Firmware Vulnerability: Information Disclosure via Local Access Vulnerability in BIOS Firmware for 8th, 9th Generation Intel Processors Enables Elevation of Privilege or Denial of Service DHCPv6 Subsystem Out-of-Bounds Read Vulnerability in Intel(R) AMT and Intel(R) ISM Escalation of Privilege Vulnerability in Intel(R) Innovation Engine Firmware Build and Signing Tool Privilege Escalation Vulnerability in Intel(R) Visual Compute Accelerator 2 Denial of Service Vulnerability in Intel(R) Visual Compute Accelerator 2 Improper Access Control in Intel Graphics Drivers: Local Privilege Escalation Vulnerability Denial of Service Vulnerability in Intel(R) Graphics Drivers Race Condition Vulnerability in Intel Graphics Drivers Escalation of Privilege Vulnerability in Intel Graphics Drivers Denial of Service Vulnerability in Intel Graphics Drivers Buffer Overflow Vulnerability in Intel(R) Graphics Drivers Privilege Escalation Vulnerability in Intel(R) PAC with Arria(R) 10 GX FPGA Firmware Authentication Bypass Vulnerability in Intel (R) LED Manager for NUC Uncontrolled Search Path Vulnerability in Intel(R) RSTe Software RAID Driver Denial of Service Vulnerability in Intel(R) RAID Web Console 3 for Windows* Buffer Overflow Vulnerability in Intel(R) Wireless for Open Source Vulnerability in Intel(R) Ethernet 700 Series Controllers Allows Privilege Escalation and Denial of Service Firmware Logic Issue in Intel Ethernet 700 Series Controllers: Privilege Escalation and Denial of Service Vulnerability Firmware Vulnerability in Intel(R) Ethernet 700 Series Controllers: Insufficient Access Control Buffer Overflow Vulnerability in Intel(R) Ethernet 700 Series Controllers Firmware Insufficient Access Control in Linux Kernel Driver for Intel Processors: Potential Information Disclosure Vulnerability RAPL Interface Vulnerability: Privileged User Information Disclosure via Local Access Intel(R) Processors Vulnerability: Unauthorized Information Disclosure via Improper Data Removal Intel(R) Processors Vulnerability: Local Access Information Disclosure Firmware Vulnerability in Intel(R) Processors Allows Privilege Escalation via Local Access Privilege Escalation Vulnerability in Intel(R) SSD Toolbox Installer Uncontrolled Search Path Element Vulnerability in Intel(R) Processor Diagnostic Tool Buffer Overflow Vulnerability in Intel(R) CSME Subsystem Race condition vulnerability in Intel(R) LMS versions before 2039.1.0.0 allows local privileged user privilege escalation. Insecure Default Initialization of Resource in Intel Boot Guard Buffer Overflow Vulnerability in Intel(R) Server Boards, Server Systems, and Compute Modules Prior to Version 1.59 Buffer Overflow Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Prior to Version 1.59 Improper Authentication Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Improper Authentication in Socket Services for Intel Server Boards, Server Systems, and Compute Modules: Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Intel Server Boards, Systems, and Compute Modules (Version 2.45 and earlier) Allows Privilege Escalation via Local Access Vulnerability: Privilege Escalation via Improper Access Control in Intel Server Boards, Server Systems, and Compute Modules Buffer Overflow Vulnerability in Intel(R) Server Boards, Server Systems, and Compute Modules (Version 2.45 and below) Allows Privilege Escalation via Local Access Improper Authentication Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Authentication Bypass Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Denial of Service Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Improper Access Control Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Denial of Service Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Buffer Overflow Vulnerability in Intel Server Boards, Server Systems, and Compute Modules (Version 1.59 and earlier) Allows Privilege Escalation via Local Access Buffer Overflow Vulnerability in Intel Server Boards, Server Systems, and Compute Modules (Version 1.59 and earlier) Allows Local Privilege Escalation Buffer Overflow Vulnerability in Intel Server Boards, Server Systems, and Compute Modules (Version 1.59 and earlier) Allows for Local Denial of Service Privilege Escalation Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Buffer Overflow Vulnerability in Intel Server Boards, Server Systems, and Compute Modules (Version 1.59 and earlier) Allows Local Privilege Escalation Cross-Site Scripting Vulnerability in Intel Server Boards, Server Systems, and Compute Modules (Before Version 1.59) Buffer Overflow Vulnerability in Intel Server Boards, Server Systems, and Compute Modules (Version 1.59 and below) Allows Privilege Escalation via Local Access Heap-based Overflow Vulnerability in Intel Server Boards, Server Systems, and Compute Modules (CVE-2021-0123) Privilege Escalation Vulnerability in Intel Server Boards, Server Systems, and Compute Modules Heap-based Buffer Overflow in Intel Server Boards, Server Systems, and Compute Modules Firmware: Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Intel(R) Server Board M10JNP2SB Firmware Privilege Escalation Vulnerability in Intel(R) Server Board M10JNP2SB Firmware Improper Access Control in Intel(R) Computing Improvement Program Subsystem: Local Privilege Escalation Vulnerability Buffer Overflow Vulnerability in Intel(R) Stratix(R) 10 FPGA Firmware Privilege Escalation Vulnerability in Intel BIOS Platform Sample Code for Certain Processors Potential Privilege Escalation Vulnerability in Intel BIOS Platform Sample Code for Certain Intel(R) Processors Escalation of Privilege Vulnerability in Intel BIOS Platform Sample Code for Certain Intel Processors Privilege Escalation Vulnerability in Intel Thunderbolt Installer for Windows Privilege Escalation Vulnerability in Intel(R) NUC Firmware Privilege Escalation Vulnerability in Intel(R) Mailbox Interface Driver Installer Privilege Escalation Vulnerability in Intel Subsystems Insufficient Control Flow Management Vulnerability in Intel(R) CSME and TXE Subsystems Integer Overflow Vulnerability in Intel(R) AMT Subsystem Intel(R) AMT Subsystem Out-of-Bounds Read Vulnerability Unauthenticated Privilege Escalation via Out-of-Bounds Read in Intel(R) AMT Subsystem Kernel Mode Driver Use After Free Vulnerability in Intel(R) TXE Insufficient Control Flow Management in Intel(R) CSME and Intel(R) TXE Subsystems: Potential Information Disclosure via Physical Access IPv6 Subsystem Out-of-Bounds Write Vulnerability in Intel(R) AMT and Intel(R) ISM DHCP Subsystem Out-of-Bounds Read Vulnerability in Intel(R) AMT and Intel(R) ISM Intel AMT and ISM Out-of-Bounds Read Vulnerability Race condition vulnerability in Intel(R) CSME and SPS subsystems allows unauthenticated privilege escalation via physical access Privilege Escalation Vulnerability in Intel(R) CSME Subsystem Privilege Escalation Vulnerability in Intel(R) AMT Subsystem Buffer Overflow Vulnerability in Intel(R) AMT and Intel(R) ISM Versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68, and 14.0.39 Privilege Escalation Vulnerability in Intel(R) SSD DCT Installer Integer Overflow Vulnerability in Intel(R) AMT Subsystem Weak Encryption Vulnerability in Intel(R) CSME Subsystem Privilege Escalation Vulnerability in Intel(R) RealSense(TM) D400 Series UWP Driver Installer BIOS Firmware Vulnerability: Local Privilege Escalation via Improper Access Control in Intel(R) Processors Privilege Escalation Vulnerability in Intel(R) RealSense(TM) DCM Installer Denial of Service Vulnerability in Intel(R) SGX DCAP Software Denial of Service Vulnerability in Intel(R) 50GbE IP Core for Intel(R) Quartus Prime Insecure Configuration Access on Phoenix Contact Emalytics Controller ILC 2050 BI and BI-L Devices Authentication Bypass Vulnerability in Time Capsule Plugin for WordPress Unauthenticated Administrator Login Vulnerability in InfiniteWP Client Plugin Stored Cross-Site Scripting (XSS) Vulnerability in Pega Platform Richtext Editor Reflected Cross-Site Scripting Vulnerability in Pega Platform's ActionStringID Function Stored Cross-Site Scripting (XSS) Vulnerability in Pega Platform Comment Tags Cross-Site Scripting (XSS) Vulnerability in Alfresco Enterprise and Community XSS Vulnerability in Alfresco Enterprise and Community: User Profile Photo SVG Injection Cross-Site Scripting (XSS) Vulnerability in Alfresco Enterprise and Community Root Privilege Escalation Vulnerability in ALEOS 4.11 and Later: Lack of Input Sanitization in UpdateRebootMgr Service Unauthenticated Remote Code Execution in ALEOS RPC Server SQL Injection Vulnerability in SuiteCRM 7.10.x and 7.11.x (Issue 1 of 4) SQL Injection Vulnerability in SuiteCRM 7.10.x and 7.11.x (Issue 2 of 4) SQL Injection Vulnerability in SuiteCRM 7.10.x and 7.11.x (Issue 3 of 4) SQL Injection Vulnerability in SuiteCRM 7.10.x and 7.11.x Invalid Bean ID Submission Vulnerability in SuiteCRM Cross-Site Scripting (XSS) Vulnerability in Synaptive Medical ClearCanvas ImageServer 3.0 Alpha Persistent XSS Vulnerability in Composr 10.0.30 via Usergroup Name in Security Configuration Weak Password Requirements and Excessive Authentication Attempts Vulnerability in OKLOK Mobile Companion App for Fingerprint Bluetooth Padlock FB50 IDOR Vulnerability in OKLOK Mobile Companion App for Fingerprint Bluetooth Padlock FB50 (Version 3.1.1) Allows Unauthorized API Requests Information Exposure Vulnerability in OKLOK Mobile Companion App for Fingerprint Bluetooth Padlock FB50 Arbitrary File Read Vulnerability in OpenSMTPD Remote Code Execution in OpenSMTPD Server via Out-of-Bounds Read in mta_io Group Sharing Vulnerability in GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5 Remote Code Execution Vulnerability in Biscom Secure File Transfer (SFT) Command Line Injection Vulnerability in Juplink RX4-1500 v1.0.3 Unauthenticated Remote Access and Configuration Change Vulnerability in Juplink RX4-1500 v1.0.3-v1.0.5 Stored XSS Vulnerability in WTI Like Post Plugin for WordPress EmailsControllerActionGetFromFields PHP Object Injection in SuiteCRM through 7.11.11 PHAR Deserialization Vulnerability in SuiteCRM 7.11.11 Incorrect Access Control via action_saveHTMLField Bean Manipulation in SuiteCRM through 7.11.11 Arbitrary .php File Inclusion Vulnerability in SuiteCRM 7.11.11 SQL Injection Vulnerability in SuiteCRM 7.11.10 Consensus Failure and Double Spending Vulnerability in Electric Coin Company Zcashd Timing Side Channel Vulnerability in Electric Coin Company Zcashd Arbitrary Memory Access Vulnerability in CORSAIR iCUE Drivers Unencrypted HTTP Download Vulnerability in Gurux GXDLMS Director Path Traversal and Code Execution Vulnerability in Gurux GXDLMS Director Authenticated User Profile Picture Manipulation Vulnerability in Bludit 3.10.0 Bludit 3.10.0 WYSIWYG Editor Allows Insertion of Malicious JavaScript by Editor or Author Roles Arbitrary OS Command Execution in Cacti 1.2.8 via graph_realtime.php Denial of Service Vulnerability in IKTeam BearFTP v0.3.1 Remote Code Execution in Pi-hole Web v4.3.2 via Crafted DHCP Static Lease Arbitrary Modification of Created by Metadata in Dataiku DSS before 6.0.5 Remote Code Execution and Payment Bypass Vulnerability in CardGate Payments Plugin for Magento 2 Remote Code Execution and Payment Bypass Vulnerability in CardGate Payments Plugin for WooCommerce XSS Vulnerability in Webmin 1.941 and Earlier: Cluster Shell Commands Endpoint Webmin Command Shell HTML Injection Vulnerability Stored XSS Vulnerability in Digi TransPort WR21, WR44, and WR44v2 Devices Reflected XSS vulnerability in SockJS before 0.3.0 via /htmlfile callback parameter Cross-Site Scripting (XSS) Vulnerability in Hitron CODA-4582U 7.1.1.30 Wireless Access Control Stored XSS vulnerability in Vanilla 2.6.3: index.php?p=/dashboard/settings/branding Argo Web Interface Vulnerability: Lack of Token Expiration and Refresh Mechanism Lack of Anti-Automation Measures in Argo API Allows Unlimited Authentication Attempts Default Admin Password Vulnerability in ArgoCD CSRF Vulnerability in Intelbras CIP 92200 Devices: Unauthorized Panel Access and Data Analysis CSRF Vulnerability in Ruckus Login Panel Allows Unauthorized Access and SSRF Exploitation World-writable lock file symlink vulnerability in Apport Incomplete Fix for CVE-2019-14615 in Ubuntu 18.04 LTS Allows Information Exposure Time-of-check Time-of-use Race Condition vulnerability in Apport allows for privilege escalation through crash report ownership change Stack Corruption Vulnerability in KVM on Power8 Processors Out-of-bounds Memory Access in Linux Kernel BPF Verifier Unauthenticated Remote Code Execution in Zoho ManageEngine AssetExplorer 6.5 Stored XSS Vulnerability in CHIYU BF-430 232/485 TCP/IP Converter Devices Unprotected JNDI Access in FasterXML Jackson-Databind Authenticated SQL Injection in TestLink 1.9.19 via reqSearch.php Endpoint Bypassing Mixer Policy in Istio 1.3 through 1.3.6 Arbitrary Code Execution via JPEG Parsing in Foxit Reader 9.6.0.25114 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.6.0.25114 Remote Code Execution Vulnerability in Foxit PhantomPDF 9.6.0.25114 Arbitrary Code Execution via JPEG2000 Processing in Foxit Reader 9.7.0.29455 Arbitrary Code Execution via JPG2000 Image Processing in Foxit Reader 9.7.0.29455 Arbitrary Code Execution via JPEG2000 Processing in Foxit Reader 9.7.0.29455 Arbitrary Code Execution via JPEG2000 Processing in Foxit Reader 9.7.0.29455 Arbitrary Code Execution via JPG2000 Image Processing in Foxit Reader 9.7.0.29455 Remote Code Execution Vulnerability in Foxit Reader 9.7.0.29455 via JPEG2000 Processing Arbitrary Code Execution via HTML to PDF Conversion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution via JPEG to PDF Conversion in Foxit PhantomPDF 9.7.0.29478 Arbitrary Code Execution Vulnerability in Foxit PhantomPDF 9.7.0.2947 (ZDI-CAN-9560) Remote Code Execution Vulnerability in Foxit PhantomPDF 9.6.0.25608 via Watermark Handling Arbitrary Code Execution Vulnerability in Foxit Reader 9.7.0.29455 Arbitrary Code Execution Vulnerability in Moxa MGate 5105-MB-EIP Firmware 4.1 Null Pointer Dereference Vulnerability in ELOG Electronic Logbook 3.1.4-283534d Remote Code Execution Vulnerability in Samsung Galaxy S10 Firmware G973FXXS3ASJA with Exynos Chipsets via Call Control Setup Messages D-Link DAP-1330 Authentication Bypass Vulnerability Authentication Bypass Vulnerability in D-Link DAP-2610 Firmware v2.01RC067 Authentication Bypass Vulnerability in D-Link DIR-867, DIR-878, and DIR-882 Routers Authentication Bypass Vulnerability in D-Link DIR-867, DIR-878, and DIR-882 Routers Remote Code Execution Vulnerability in Horde Groupware Webmail Edition 5.2.22 Arbitrary File Creation Vulnerability in Horde Groupware Webmail Edition 5.2.22 Unauthenticated Remote Denial-of-Service Vulnerability in OPC Foundation UA .NET Standard Hard-coded Password Vulnerability in Quest Foglight Evolve 9.0.0 Arbitrary Code Execution via TIF File Handling in Foxit Studio Photo 3.6.6.916 Arbitrary Code Execution via TIF File Handling in Foxit Studio Photo 3.6.6.916 Privilege Escalation via VGA Virtual Device in Parallels Desktop 15.1.0-47107 Parallels Desktop 15.1.1-47117 xHCI Component Buffer Overflow Vulnerability Privilege Escalation Vulnerability in Parallels Desktop 15.1.2-47123 Privilege Escalation via Integer Overflow in Parallels Desktop 15.1.2-47123 Privilege Escalation Vulnerability in Parallels Desktop 15.1.2-47123 (ZDI-CAN-10028) Parallels Desktop 15.1.2-47123 Local Information Disclosure Vulnerability Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.916 via Malicious PSD Files Arbitrary Code Execution via PSD File Handling in Foxit Studio Photo 3.6.6.916 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.916 via Malicious PSD Files Arbitrary Code Execution via TIF File Handling in Foxit Studio Photo 3.6.6.916 Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.916 via TIF File Processing Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.916 via Malicious PSD Files (ZDI-CAN-9811) Remote Code Execution Vulnerability in Foxit Studio Photo 3.6.6.916 via EPS File Handling Arbitrary Code Execution via Improper Deserialization in Proofpoint Insider Threat Management Windows Agent SQL Injection Vulnerability in Telestream Tektronix Medius and Sentry Vulnerability in ShipStation.com Plugin 1.0 for CS-Cart Allows Information Disclosure Time Skew Vulnerability in MISP Username Canonicalization Vulnerability HTTP PUT Method Brute-Force Vulnerability in MISP Improper Sanitization of Search String in MISP Galaxy View Improper Access Control in MISP Discussion Threads Untrusted Search Path Vulnerability in Google Earth Pro Installer Buffer Overflow Vulnerability in Google Earth Pro 7.3.2 Allows Man-in-the-Middle Attack Multiple-Decryption Results Vulnerability in AWS Encryption SDKs Samsung Android OS Quram qmg Library Buffer Overwrite Vulnerability (SVE-2020-16747) Server-Side Request Forgery (SSRF) Vulnerability in Rendertron Privilege Escalation via DHCP XID in Google Cloud Platform's guest-oslogin Arbitrary Memory Overwrite Vulnerability in Asylo's Trusted Memory Buffer Length Validation Vulnerability in Asylo: Unauthorized Data Access Privilege Escalation Vulnerability in Google Cloud Platform's guest-oslogin Guava createTempDir() Vulnerability URL Parsing Vulnerability in Google Closure Library (Versions up to v20200224) Padding Oracle Vulnerability in AWS S3 Crypto SDK for GoLang Versions Prior to V2 In-band Key Negotiation Vulnerability in AWS S3 Crypto SDK for GoLang Arbitrary Code Execution Vulnerability in Android's Play Core Library Memory Leak Vulnerability in Openthread's wpantund Improper Initialization of 'migrationAuth' in go-tpm TPM1.2 Library Information Leak Vulnerability in Gerrit Branch REST API Information Leak Vulnerability in Gerrit Versions Prior to 3.2.5 DOM Clobbering XSS Vulnerability in Dart SDK versions up to 2.7.1 and dev versions up to 2.8.0-dev.16.0 Buffer Overflow Vulnerability in Brotli Library Versions Prior to 1.0.8 Vulnerability: ID Manipulation in Java Tink Implementation Allows for Duplicate Ciphertexts Privilege Escalation Vulnerability in Google Cloud Platform's Guest-OSLogin Vulnerability: Sensitive Information Disclosure in Site Kit by Google WordPress Plugin (up to v1.8.0) Arbitrary Memory Overwrite Vulnerability in Asylo Versions up to 0.6.0 Arbitrary Memory Overwrite Vulnerability in Asylo Versions up to 0.6.0 Arbitrary Memory Overwrite Vulnerability in Asylo Versions up to 0.6.0 Arbitrary Memory Overwrite Vulnerability in Asylo Versions up to 0.6.0 Vulnerability: Out of Bounds Read in enc_untrusted_inet_ntop Function Arbitrary Memory Read Vulnerability in Asylo Versions up to 0.6.0 Arbitrary Memory Read Vulnerability in Asylo Versions up to 0.6.0 Arbitrary Memory Read Vulnerability in Asylo Versions up to 0.6.0 Arbitrary Memory Read Vulnerability in Asylo Versions up to 0.6.0 Arbitrary Memory Write Vulnerability in Asylo Versions up to 0.6.0 Use-after-free vulnerability in proglottis Go wrapper for GPGME library allows for code execution during GPG signature verification Arbitrary OS Command Execution in Netis WF2471 v1.2.30142 via Log_3g_type Parameter Arbitrary OS Command Execution in Artica Pandora FMS 7.0 via functions_netflow.php Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) Arbitrary File Overwrite Vulnerability Remote Code Execution via Shell Metacharacters in Gocloud and ISP3000 Devices Elevation of Privilege Vulnerability in Radeon AMD User Experience Program Launcher Cross-Site Scripting (XSS) Vulnerability in Fiserv Accurate Reconciliation 2.19.0 XSS Vulnerability in Fiserv Accurate Reconciliation 2.19.0 LDAP Authentication Bypass in OpenVPN Access Server 2.8.x Intent Scheme Hijacking Vulnerability in OpenSearch Web Browser 1.0.4.9 Buffer Overflow Vulnerability in WeeChat's irc_mode_channel_update Function Password Exposure in Pulse Secure Desktop Client on Windows Remote Command Execution in Guangzhou 1GE ONU V2801RW and V2804RGW Devices DLL Hijacking Vulnerability in Western Digital SSD Dashboard Setup (before 3.0.2.0) Cross-Site Scripting (XSS) Vulnerability in Western Digital MyCloud.com Vulnerability: Code Injection Bypasses Avira Free-Antivirus Self-Protection Stack-based Buffer Overflow in D-Link DIR-842 REVC Firmware v3.13B09 HOTFIX Arbitrary OS Command Execution in TimeTools SC and SR Devices Hardcoded Cookie Authentication Bypass in TimeTools SC and SR Devices Basic XSS Vulnerability in Tiki-Wiki Groupware Allows Injection of Malicious Code SQL Injection Vulnerability in GESIO ERP Allows Retrieval of Database Information Parallels RAS Local File Retrieval Vulnerability Unauthenticated Parameter Manipulation in ZGR TPS200 NG Firmware 2.00 and Hardware 1.01 Firmware Upload Vulnerability in ZGR TPS200 NG 2.00 Firmware Version and 1.01 Hardware Version Information Disclosure Vulnerability in ZGR TPS200 NG 2.00 Firmware and 1.01 Hardware Remote Code Execution Vulnerability in ZGR TPS200 NG Integrated Server Arbitrary Code Execution via Cross-Site Scripting (XSS) in Source Integration Plugin for MantisBT Unauthenticated Arbitrary File Read Vulnerability in Citrix ShareFile StorageZones Arbitrary File Write Vulnerability in Citrix ShareFile StorageZones Controller IP Address Spoofing Vulnerability in ZendTo's lib/NSSDropbox.php Reflected XSS and CSRF Vulnerability in ZendTo Prior to 5.22-2 Beta Session Cookie Validation Vulnerability in ZendTo Vulnerability: Man-in-the-Middle Attack via Unvalidated Certificates in Avast AntiTrack and AVG Antitrack Limited PIN Space Vulnerability in Voatz Android Application Metadata Length Dependency Vulnerability in Voatz Android App Session Fixation Vulnerability in Western Digital My Cloud Home and ibi Memory Leak in LVM2 2.02's vg_lookup Function in lvmetad-core.c Denial of Service Vulnerability in ext4_protect_reserved_inode in Linux Kernel Root Shell Access and Data Manipulation Vulnerability on XIAOMI AI Speaker MDZ-25-DT Hardcoded Credentials Vulnerability in Programi Bilanc Build 007 Release 014 31.01.2020 Authenticated Directory Traversal Vulnerability in AnyShare Cloud 6.0.9 NFC Unlock Vulnerability in Older Generation Abbott FreeStyle Libre Sensors Denial of Service Vulnerability in iPortalis iCS 7.1.13.0 Privilege Escalation Vulnerability in iPortalis iCS 7.1.13.0 Stored XSS Vulnerability in Modula Image Gallery Plugin for WordPress Remote Authenticated Authorization Bypass Vulnerability in Wowza Streaming Engine 4.8.0 and Earlier Remote Code Execution and Denial of Service Vulnerability in Valve Dota 2 through 2020-02-17 Arbitrary WordPress Administrator Account Creation and Remote Code Execution in Popup Builder Plugin Self-XSS vulnerability in Codoforum 4.8.8 via new topic title. Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 through Tile widget in People Tool profile editor Arbitrary Information Insertion Vulnerability in ShipStation.com Plugin for CS-Cart Arbitrary Code Injection through Import People Functionality in Gluu Identity Configuration 4.0 Arvato Skillpipe 3.0 Vulnerability: Bypassing Print Restrictions via HTML Source Code Manipulation Denial of Service Vulnerability in Epson iProjection v2.30 TACACS+ Shell Bypass Vulnerability in Arista Networking Devices Dolibarr 11.0 XSS Vulnerability via joinfiles, topic, code parameters, or HTTP Referer Header CSV Injection Vulnerability in LiteCart Customer Profile CSRF Vulnerability in LiteCart 2.2.1 Allows Unauthorized User Addition Persistent XSS Vulnerability in WPJobBoard Plugin 5.5.3 via Add Job Form Command Injection Vulnerability in Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 Devices Vulnerability: Command Injection in Post Oak AWAM Bluetooth Field Device XSS Vulnerability in Xirrus XR520, XR620, XR2436, and XH2-120 Devices Undocumented Users and Weak Passwords in Iteris Vantage Velocity Field Unit Devices World-writable permissions for critical scripts in Iteris Vantage Velocity Field Unit devices Multiple Stored XSS Vulnerabilities in Iteris Vantage Velocity Field Unit 2.4.2 OS Command Injection in ELTEX NTP-RG-1402G and NTP-2 Devices via PING Field OS Command Injection in ELTEX NTP-RG-1402G and NTP-2 Devices via TRACE Field of ping.cmd Resource Stored XSS Vulnerability in Symmetricom SyncServer Devices Directory Traversal Vulnerability in Symmetricom SyncServer Devices Directory Traversal Vulnerability in Symmetricom SyncServer Devices Directory Traversal Vulnerability in Symmetricom SyncServer Devices Directory Traversal Vulnerability in Symmetricom SyncServer Devices Directory Traversal Vulnerability in Symmetricom SyncServer Devices Unauthenticated User Manipulation in Symmetricom SyncServer Devices XSS Vulnerability in Jeedom 4.0.38 Arbitrary File Read Vulnerability in Joplin through 1.0.184 via XSS Insecure Permissions for Couchbase Server Projector and Indexer REST Endpoints SSL Certificate Forgery Vulnerability in Couchbase Server Java SDK Vulnerability: Slowloris Denial-of-Service Attack in Couchbase Server and Sync Gateway CSRF Vulnerability Exploiting Cached Credentials in Couchbase Server 6.0 Disclosure of Connection Key in wpCentral Plugin for WordPress XXE Vulnerability in Johnson Controls' Metasys Family of Products Web Services Credentials Logged in Install Log File during Software House C•CURE 9000 and American Dynamics victor VMS Installation/Upgrade Critical Privilege Escalation Vulnerability in Kantech EntraPass Editions OS Command Injection Vulnerability in exacqVision Web Service and Enterprise Manager Remote Unauthenticated File Deletion and Denial of Service Vulnerability in American Dynamics victor and Software House CCURE Web Clients Unauthenticated JSON Web Token Creation and Execution Vulnerability in American Dynamics victor and Software House C•CURE Web Clients Metasys Reporting Engine (MRE) Web Services Path Traversal Vulnerability Pre-Authentication Command Injection Vulnerability in ZyXEL NAS Devices Stored Cross-Site Scripting Vulnerability in Versiant LYNX Customer Service Portal (CSP) v3.5.2 Stored Cross-Site Scripting Vulnerability in Periscope BuySpeed Version 14.5 Unencrypted Z-Wave Chipsets: Vulnerability Exploitation and Device Takeover Z-Wave Devices with Silicon Labs 500 Series Chipsets: Lack of Encryption and Replay Protection Vulnerability: Uncontrolled Resource Consumption Leading to Battery Exhaustion in Z-Wave Devices with Silicon Labs 500 Series Chipsets and S0 Authentication Vulnerability: Denial of Service and Resource Exhaustion in Z-Wave Devices using Silicon Labs 500 Series Chipsets with S2 Z-Wave Denial of Service Vulnerability in Silicon Labs 500 and 700 Series Chipsets Vulnerability: Lack of Message Encryption and Authentication in Diebold Nixdorf ProCash 2100xe USB ATMs USB HID Communication Vulnerability in NCR SelfServ ATMs Improper Authentication Vulnerability in Huawei Honor V30 Smartphones Use-After-Free Vulnerability in Huawei Taurus-AL00B Smartphones Improper Authentication Vulnerability in Huawei Smartphones Buffer Overflow Vulnerability in Huawei Optical Line Terminals (OLTs) Improper Authentication Vulnerability in Huawei AR3200 Products Title: Information Leakage Vulnerability in Huawei Products Allows Unauthenticated Attacker to Decrypt Data Improper Authentication Vulnerability in Huawei Taurus-AL00B Smartphones Out-of-Bounds Read Vulnerability in Huawei Products Local Privilege Escalation Vulnerability in Huawei OSD Product Improper Authentication Vulnerability in Huawei P20 Smartphones Improper Exception Handling Vulnerability in Huawei Smartphones HONOR 20 PRO, Honor View 20, and HONOR 20 Insufficient Input Verification Vulnerability in Huawei Secospace USG6300;USG6300E Improper Authentication Vulnerability in HUAWEI P30 and P30 Pro Smartphones Information Exposure Vulnerability in HUAWEI P30 Smartphones Local Privilege Escalation Vulnerability in FusionCompute 8.0.0 Protection Mechanism Failure Vulnerability in FusionSphere OpenStack 8.0.0 Denial of Service (DoS) Vulnerability in HUAWEI Mate 20 Smartphones Use-After-Free Vulnerability in Taurus-AN00B Versions Earlier than 10.1.0.156(C00E155R7P2) Out-of-Bounds Read Vulnerability in Taurus-AL00A Version 10.0.0.1(C00E1R1P1) XFRM Module Improper Authorization Vulnerability in FusionAccess Version 6.5.1 Out-of-Bounds Read and Write Vulnerability in Taurus-AN00B Versions Earlier than 10.1.0.156(C00E155R7P2) JavaScript Injection Vulnerability in HUAWEI Mate 20 Versions Earlier than 10.1.0.163(C00E160R3P8) Use After Free Vulnerability in Taurus-AL00A Version 10.0.0.1(C00E1R1P1) Denial of Service Vulnerability in Huawei CloudEngine Product Integer Overflow Vulnerability in HUAWEI P30 Pro Smartphone Out-of-Bound Read Vulnerability in HUAWEI P30 Pro Smartphones Invalid Pointer Access Vulnerability in Huawei OceanStor 5310 V500R007C60SPC100: Device Reboot Exploit Improper Authentication Vulnerability in Huawei Products DLL Hijacking Vulnerability in HiSuite Out-of-Bounds Write Vulnerability in Multiple Products Title: Information Leak Vulnerability in Huawei Products Allows Local Attackers to Obtain Username Information Logic Error Vulnerability in HUAWEI Mate 20 Smartphones: Impact on P2P Connections and Device Availability Denial of Service Vulnerability in Huawei P30 Smartphones Insufficient Input Validation Vulnerability in Taurus-AN00B Versions Earlier than 10.1.0.156(C00E155R7P2) Path Traversal Vulnerability in HUAWEI P30 Pro Versions Earlier than 10.1.0.160(C00E160R2P8) Out-of-Bounds Read and Write Vulnerability in HUAWEI P30 Pro (Versions Earlier than 10.1.0.160) Out-of-Bounds Read and Write Vulnerability in HUAWEI P30 Pro (Versions Earlier than 10.1.0.160) Title: Information Disclosure Vulnerability in Huawei Smartphones Information Disclosure Vulnerability in Taurus-AN00B Versions Earlier than 10.1.0.156(C00E155R7P2) Denial of Service Vulnerability in E6878-370 and E6878-870 Versions 10.0.3.1 Privilege Elevation Vulnerability in Taurus-AN00B Versions Earlier than 10.1.0.156(C00E155R7P2) Buffer Overflow Vulnerability in Bluetooth Module of HUAWEI Mate 20 Versions Earlier than 10.0.0.188(C00E74R3P8) Privilege Escalation Vulnerability in FusionCompute Versions 6.3.0, 6.3.1, 6.5.0, 6.5.1, and 8.0.0 Command Injection Vulnerability in ManageOne Versions 6.5.1.1.B010 - 6.5.1.1.B050 and 8.0.0 - 8.0.1 Command Injection Vulnerability in Huawei FusionCompute Versions 6.5.1 and 8.0.0 Out-of-Bounds Read and Write Vulnerability in HUAWEI nova 4 and SydneyM-AL00 Insufficient Integrity Check Vulnerability in Huawei Sound X Product Physical Privilege Escalation Vulnerability on Huawei Smart Phones: Exploiting Design Defects for Unauthorized Privilege Promotion Resource Management Error Vulnerability in CloudEngine 1800V Versions V100R019C10SPC500 Insufficient Input Verification Vulnerability in Huawei LAN Devices Buffer Overflow Vulnerability in HUAWEI P30 Pro Software Versions Earlier than 10.1.0.160 Memory Leak Vulnerability in Huawei CloudEngine Product Out-of-Bound Read Vulnerability in Huawei Mate 30 Smartphones Command Injection Vulnerability in Huawei Products Insecure Encryption Algorithm Vulnerability in FusionCompute 8.0.0 Improper Buffer Operation Vulnerability in HUAWEI Mate 30 Versions Earlier than 10.1.0.159(C00E159R7P2) Privilege Escalation Vulnerability in CloudEngine Series: Insufficient Input Validation Critical Heap-Based Buffer Overflow Vulnerability in Huawei Smartphones Leads to Process Exceptions During Updating Improper Input Validation Vulnerability in Huawei Smartphones: Memory Access Errors and Denial of Service Buffer Overflow Vulnerability in Huawei Smartphones Improper Privilege Management Vulnerability in Huawei Smartphones: Risk of Information Disclosure and Malfunctions Heap Base Buffer Overflow Vulnerability in Huawei Smartphone Unauthenticated Access Vulnerability in Huawei Smartphones: Potential Low-Sensitive Information Exposure Critical Heap Overflow Vulnerability in Huawei Smartphones Out-of-bounds Write Vulnerability in Huawei Smartphone Allows Unauthorized Memory Access Memory Buffer Error Vulnerability in Huawei Smartphone Component Interface Huawei Smartphone Component Interface Memory Buffer Error Vulnerability Huawei Smartphone Component Interface Vulnerability Allows Deletion of User SMS Messages Huawei Smartphone Component Interface Vulnerability Allows Unauthorized SMS Modification and Deletion Missing Cryptographic Step Vulnerability in Huawei Smartphone Leads to Samgr DoS Command Injection Vulnerability in B2368 Series Routers CSV Injection Vulnerability in iManager NetEco 6000 Versions V600R021C00 Out-of-Bounds Read Vulnerability in NIP6800, Secospace USG6600, and USG9500 DHCP Message Parsing TE Mobile Software Information Disclosure Vulnerability Resource Management Errors Vulnerability in Huawei P30: Exploiting Broadcast Messages for Application Disruption CSV Injection Vulnerability in ManageOne 8.0.1 Resource Management Vulnerability in eUDC660: Exploiting Improper Resource Management for Key File Access and Data Decryption Improper Authentication Vulnerability in Huawei CloudEngine: Bypassing Verification Mechanism Authentication Bypass Vulnerability in iManager NetEco 6000 V600R021C00 SMC2.0 Privilege Escalation Vulnerability: Improper Directory Location USG9500 Login Information Handling Vulnerability: Exploitable Information Leak Denial of Service Vulnerability in Huawei Products Denial of Service Vulnerability in Huawei Smartphones Improper Permissions Management Vulnerability in FusionSphere OpenStack 6.5.1 Improper Signature Verification Vulnerability in HUAWEI P30 (Versions Earlier than 10.1.0.135) Missing Initialization of Resource Vulnerability in Huawei Smart Phones Moana-AL00B (Versions Earlier than 10.1.0.166) FusionCompute 8.0.0 Information Disclosure Vulnerability FusionCompute 8.0.0 Information Disclosure Vulnerability Denial of Service Vulnerability in WS5800-10 Version 10.0.3.25 Insufficient Authentication Vulnerability in FusionCompute 8.0.0 Information Leakage Vulnerability in Huawei HONOR 20 PRO Smartphones User After Free Vulnerability in Huawei Smartphone Taurus-AL00B (Versions < 10.1.0.126) Buffer Overflow Vulnerability in Taurus-AN00B Versions Earlier than 10.1.0.156(C00E155R7P2) Title: Information Vulnerability in Huawei Smartphones Buffer Overflow Vulnerability in Taurus-AN00B Versions Earlier than 10.1.0.156(C00E155R7P2) Improper Authorization Vulnerability in Huawei 5G Mobile WiFi E6878-370 Command Injection Vulnerability in FusionCompute 8.0.0 Denial of Service Vulnerability in HUAWEI Mate 30 (Versions Earlier than 10.1.0.150) Improper Authentication Vulnerability in Multiple Huawei and Honor Devices Denial of Service Vulnerability in HUAWEI P30 and P30 Pro Information Leak Vulnerability in FusionCompute 8.0.0 Buffer Overflow Vulnerability in Multiple Huawei Products Improper Authorization Vulnerability in Huawei FusionComput 8.0.0 Denial of Service Vulnerability in HUAWEI P30 Smartphones (Versions earlier than 10.1.0.160) Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones Path Traversal Vulnerability in HUAWEI Mate 20, Mate 20 X, Mate 20 RS, and Honor Magic2 Smartphones Logic Check Error Vulnerability in HUAWEI P30 Pro Smartphones Denial of Service Vulnerability in Huawei Honor 10 Smartphones Improper Authorization Vulnerability in Huawei Mate 30 Pro: Denial of Audio Service Buffer Overflow Vulnerability in HUAWEI P30 Pro Smartphones Improper Input Verification Vulnerability in HUAWEI P30 Smartphone Improper Authentication Vulnerability in Huawei Honor V30 Smartphones Information Disclosure Vulnerability in HUAWEI P30 and P30 Pro Smartphones Type Confusion Vulnerability in HUAWEI Mate 30 (Versions Earlier than 10.1.0.150) Use After Free Vulnerability in HUAWEI Mate 30 (Versions Earlier than 10.1.0.150) Use After Free Vulnerability in HUAWEI Mate 30 and HUAWEI P30 Virus-Detection Bypass Vulnerability in ESET Archive Support Module SQL Injection Vulnerability in phpMyChat-Plus 1.98's deluser.php Delete User Functionality CSRF Vulnerability in SOPlanning 1.45 Allows Arbitrary Admin Password Change CSRF Vulnerability in SOPlanning 1.45 Allows Arbitrary User Creation SQL Injection Vulnerability in SoPlanning 1.45 - OrderBy Clause Authenticated SQL Injection in SOPlanning 1.45 via users parameter in export_ical.php CSRF Vulnerability in ICE Hrm 26.2.0 Allows Password Reset via service.php CSRF Vulnerability in ICE Hrm 26.2.0 Allows Unauthorized User Creation Out-of-Bounds Read Vulnerability in ProFTPD 1.3.7 mod_cap Remote Code Execution Vulnerability in ProFTPD 1.3.7 Uninitialized Pointer Vulnerability in Pure-FTPd 1.0.49's diraliases Linked List Unauthenticated Exfiltration of Administrative Credentials on D-Link DSL-2640B B2 EU_4.01B Devices Remote Stack-Based Buffer Overflow in D-Link DSL-2640B B2 EU_4.01B Devices Authentication Bypass Vulnerability in D-Link DSL-2640B B2 EU_4.01B Devices Unauthenticated URL Access Allows Reset to Default Configuration on D-Link DSL-2640B B2 EU_4.01B Devices Hard-coded Account Vulnerability on D-Link DSL-2640B B2 EU_4.01B Devices Vulnerability: File Uploads Redirected to Incorrect Folder in SilverStripe 4.x CKEditor 4.0 XSS Vulnerability through Crafted Protected Comment Injection Information Disclosure Vulnerability in Mahara Panic-Inducing Signature Verification Vulnerability in golang.org/x/crypto/ssh Package Memory Access Vulnerability via Mini-PCI Express Slot in Sonos One (1st and 2nd Generation) Improper Authorization Vulnerability in FortiADC Allows Unauthorized System Reboot Unsafe Search Path Vulnerability in FortiClient EMS Online Installer 6.2.1 and Below Stored Cross-Site Scripting (XSS) Vulnerability in FortiWLC 8.5.1 Hard-coded Cryptographic Key Vulnerability in FortiManager and FortiAnalyzer Unsafe Search Path Vulnerability in FortiClient for Windows Online Installer 6.2.3 and Below FortiClient for Windows 6.2.1 and below: Insecure Temporary File Vulnerability Unquoted Service Path Vulnerability in FortiSIEM Windows Agent Component Improper Authentication Vulnerability in FortiMail and FortiVoiceEnterprise Arbitrary Code Execution through Java EL Injection in Netflix Titus Arbitrary Code Execution in Netflix Titus via Java EL Injection Spinnaker Template Resolution Vulnerability: Server-Side Request Forgery (SSRF) Authenticated User XSS Vulnerabilities in Dispatch Application: Incident Priority, Incident Type, Tag Type, and Incident Filter Parameters Access Control Vulnerabilities: Incident Viewing, User Role Escalation, and Unauthorized Search Arbitrary File Read/Write Vulnerability in Spinnaker Tesla SolarCity Solar Monitoring Gateway Vulnerability: Use of Hard-coded Credentials in Digi ConnectPort X2e Denial of Service Vulnerability in Hirschmann OS2, RSP, and RSPE Devices before HiOS 08.3.00 Invalid or Corrupted Header Vulnerability in libarchive before 3.4.2 Vulnerability: Script Execution via Malicious Upload Contents in Silverstripe CMS Cross-Site Scripting (XSS) Vulnerability in SilverStripe CMS Login Form Image Injection Vulnerability in Oracle iPlanet Web Server 7.0.x Administration Console Incorrect Access Control in Oracle iPlanet Web Server 7.0.x Administration Console Allows Unauthenticated Read Access to Encryption Keys SQL Injection Vulnerability in Red Gate SQL Monitor 9.0.13 through 9.2.14 via SNMP Alert Configuration Virus-Detection Bypass in Avira AV Engine via Crafted ISO Archive Improper Certificate Purging in Traefik 2.x and TraefikEE 2.0.0 Unauthenticated File and Directory Enumeration Vulnerability in Aquaforest TIFF Server 4.0 Unauthenticated SMB Hash Capture via UNC in Aquaforest TIFF Server 4.0 Unauthenticated Arbitrary File Download in Aquaforest TIFF Server 4.0 Command-Line Argument Mishandling in BeyondTrust Privilege Management for Windows and Mac (PMWM) 5.1-5.5 before 5.5 SR1 SQLite 3.31.1 Vulnerability: NULL Pointer Dereference and Segmentation Fault in isAuxiliaryVtabOperator Race condition vulnerability in Gogs through 0.11.91 allows unauthorized repo creation LDAP Connection IP Address Change Vulnerability in Certain Xerox WorkCentre Printers Local Privilege Escalation in CryptoPro CSP through 5.0.0.10004 on 32-bit Platforms Privilege Escalation via Crafted IoCtl Code in FabulaTech USB for Remote Desktop (CVE-2020-02-19) Stored XSS Vulnerability in Envira Photo Gallery Plugin for WordPress Stored XSS Vulnerabilities in 10Web Photo Gallery Plugin for WordPress XSS Vulnerability in fauzantrif eLection 2.0 Admin Dashboard Insecure Transmission of Passwords in GolfBuddy Course Manager 1.1 Cross-Site Scripting (XSS) Vulnerability in SOPlanning 1.45 via Your SoPlanning URL Field Cross-Site Scripting (XSS) Vulnerability in SOPlanning 1.45 via status.php SQL Injection Vulnerability in fauzantrif eLection 2.0 via admin/ajax/op_kandidat.php id parameter CSRF Vulnerability in CandidATS 2.1.0 Allows Unauthorized Administrator Account Addition Virus-Detection Bypass Vulnerability in F-Secure AV Parsing Engine Denial of Service Vulnerability in signotec signoPAD-API/Web Reflected XSS Vulnerability in Subversion ALM for the Enterprise (Before 8.8.2) Unlimited WebSocket Socket Denial of Service Vulnerability Cross-Site Request Forgery (CSRF) Vulnerability in Zoho ManageEngine Password Manager Pro 10.4 and Prior CSV Excel Macro Injection Vulnerability in Zoho ManageEngine Password Manager Pro Unauthenticated Access to RTSP Service in CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP Firmware 3.4.2.0919 XSS Vulnerability in SAS Visual Analytics 8.5 Graph Builder Sensitive Information Disclosure in SmartClient 12.0 Blind XXE Vulnerability in SmartClient 12.0's downloadWSDL Feature Unauthenticated Local File Inclusion in SmartClient 12.0's RPC loadFile via directory traversal sequences File Overwrite Vulnerability in SmartClient 12.0's Remote Procedure Call (RPC) saveFile Privilege Escalation in NetworkManager-ssh: Mishandling of Extra Options Code Execution Vulnerability in KDE Okular PDF Viewer Denial of Service Vulnerability in CryptoPro CSP through 5.0.0.10004 on 64-bit Platforms Virus-Detection Bypass Vulnerability in Quick Heal AV Parsing Engine (November 2019) Virus-Detection Bypass Vulnerability in Sophos AV Parsing Engine Directory Traversal Vulnerability in Creative Contact Form Extension Out-of-Bounds Read Vulnerability in Pure-FTPd 1.0.49 Buffer Overflow Vulnerability in GNU Screen before 4.8.0 via Special Escape OSC 49 DLL Hijacking Vulnerability in Zoho ManageEngine Desktop Central MSP Build 10.0.486 Arbitrary File Read Vulnerability in Olea Gift On Order Module for PrestaShop Denial of Service and Disk Consumption Vulnerability in Sympa 6.2.38 through 6.2.52 Session Hijacking Vulnerability in HUMAX HGA12R-02 BRGCAA 1.1.53 Devices Stored XSS in Appointment Booking Calendar Plugin for WordPress (<=1.3.35) via Calendar Name Input Arbitrary Formula Injection and Remote Code Execution in Appointment Booking Calendar Plugin Remote Command Execution Vulnerability in TP-Link TL-WR849N 0.9.1 4.16 Diagnostics Panel Denial of Service Vulnerability in TP-Link Archer C50 V3 Devices Information Disclosure Vulnerability in Unsupported D-Link DIR-610 Devices Remote Command Execution in D-Link DIR-610 Devices (Unsupported Versions) Authenticated User Access to Sensitive Information in MiContact Center Business with Site Based Security Remote Code Execution in IPTV Smarters WEB TV PLAYER Arbitrary Code Execution in Total.js CMS 13 via controllers/admin.js Arbitrary Execution of Wiki Pages as Widgets in MediaWiki Out-of-bounds Read Vulnerability in Linux Kernel's set_fdc Function (CID-2e90ca68b0d2) IDOR Vulnerability in Subex ROC Partner Settlement 10.5 Allows Account Takeover NULL Pointer Dereference Vulnerability in libzint File Metadata Disclosure Vulnerability Information Leakage in Mahara Elasticsearch Results Lack of CSRF Protection in SquaredUp Prior to Version 4.6.0 Allows for Arbitrary Code Execution Username Enumeration Vulnerability in SquaredUp Stored XSS Vulnerability in SquaredUp Versions Prior to 4.6.0: Execution of Malicious Content via Dashboards and SVG Uploads Heap Corruption Vulnerability in Linux Kernel 5.4 and 5.5 Unauthenticated Access and Manipulation of Pricing Tables in Pricing Table by Supsystic Plugin Cross-Site Scripting (XSS) Vulnerability in Pricing Table by Supsystic Plugin CSRF Vulnerability in Pricing Table by Supsystic Plugin Stack-based Buffer Overflow in Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF Devices SQL Injection in ISPConfig before 3.1.15p3 via undocumented reverse_proxy_panel_allowed=sites option Avast AV Vulnerability: Virus-Detection Bypass via Crafted ZIP Archive SQL Injection Vulnerability in Django GIS Functions and Aggregates on Oracle Password Vulnerability in PACTware Workstation Insecure Password Storage Vulnerability in PACTware Unauthenticated Reflected XSS Vulnerability in IBL Online Weather before 4.3.5a via Redirect Page Unauthenticated Eval Injection in IBL Online Weather before 4.3.5a Sensitive Information Disclosure via IWEBSERVICE_JSONRPC_COOKIE in IBL Online Weather before 4.3.5a Arbitrary Code Execution Vulnerability in TIBCO Spotfire Analytics Platform Unauthenticated Remote Code Execution in TIBCO JasperReports Server HTML Injection Vulnerability in TIBCO JasperReports Library and Server Unauthorized Network File Transfer Vulnerability in TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution Vulnerability in TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution Vulnerability in TIBCO Managed File Transfer Command Center and Internet Server Session Identifier Leakage Vulnerability in TIBCO Managed File Transfer Command Center and Internet Server Arbitrary File Download Vulnerability in TIBCO Data Virtualization Server Script Injection Vulnerability in TIBCO Spotfire Software SQL Injection Vulnerability in TIBCO Foresight Transaction Insight and Healthcare Edition Untrusted Search Path Vulnerability in PDFescape Desktop Installer Stored XSS Vulnerabilities in Arcadyan Wifi Routers VRV9506JAC23 Cleartext Transmission of Administrative Password in Arcadyan Wifi Routers VRV9506JAC23 Arbitrary File Upload Vulnerability in LogicalDoc before 8.3.3 Cleartext Credentials Disclosure in rConfig before 3.9.4 Cross-Site Scripting (XSS) Vulnerability in OX Guard 2.10.3 and Earlier SSRF Vulnerability in OX Guard 2.10.3 and Earlier EAP Dissector Crash Vulnerability in Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14 WireGuard Dissector Crash Vulnerability in Wireshark 3.2.0 to 3.2.1 Wireshark WiMax DLMAP Dissector Length Field Validation Vulnerability Memory Leakage in LTE RRC Dissector in Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14 Improper X.509 Certificate Validation in lua-openssl 0.7.7-1 Improper X.509 Certificate Validation in lua-openssl 0.7.7-1 Vulnerability: X.509 Certificate Validation Mishandling in lua-openssl 0.7.7-1 Hardcoded Certificate Vulnerability in Phoenix Contact TC Routers and TC Cloud Clients Command Injection Vulnerability in Phoenix Contact TC Routers and TC Cloud Clients Client-Side Template Injection Vulnerability in SecureAuth IdP 9.3.0 Door-Access Revocation Mishandling in Tinxy Door Lock Firmware (Before 3.2) Multiple Cross-Site Scripting (XSS) Vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting Plugin WSC Plugin Cross-Site Scripting (XSS) Vulnerability in CKEditor 4 Insecure Permissions in OpenVPN Connect 3.1.0.361 on Windows Untrusted Content Loading Vulnerability in Zulip Desktop 2.3.82 Reverse Tabnabbing Vulnerability in Zulip Server Markdown Functionality Cross-Site Scripting (XSS) Vulnerability in Zulip Server's Markdown Modal Link Feature File Upload XSS Vulnerability in GwtUpload 1.0.3 Insecure Random Number Generation Vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS, and BlaB! WS Pro (Version 19.11) Allows Privilege Escalation Unprivileged Access to Acronis True Image 2020 REST API Allows Malicious Whitelist Modification Privilege Escalation Vulnerability in Acronis True Image 2020 Privilege Escalation via Arbitrary File Write in Acronis True Image 2020 Epson iProjection v2.30 Local Denial of Service Vulnerability CSRF Vulnerability in RegistrationMagic Plugin for WordPress Allows Remote Attackers to Forge Requests and Gain Administrative Privileges Arbitrary Email Sending Vulnerability in RegistrationMagic Plugin for WordPress Privilege Escalation in RegistrationMagic Plugin for WordPress Privilege Escalation via Custom Form Import in RegistrationMagic Plugin for WordPress Vulnerability: Unauthorized Data Export in RegistrationMagic Plugin for WordPress Multiple Stored Cross-site scripting (XSS) vulnerabilities in Webnus Modern Events Calendar Lite plugin for WordPress (up to version 5.1.6) allow remote authenticated users to inject arbitrary JavaScript, HTML, or CSS. Authenticated XSS vulnerability in Octech Oempro 4.7 through 4.11 via CampaignName parameter in Campaign.Create Stored XSS Vulnerability in Octech Oempro 4.7 through 4.11 via Media.CreateFolder FolderName Parameter RF Range Attack: Cleartext Network Configuration Exposure in Athom Homey Devices Arbitrary OS Command Execution in Centreon 19.10 via server_ip Field in JSON Data BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 Denial-of-Service Vulnerability SQL Injection Vulnerability in EyesOfNetwork eonweb 5.1-5.3 CSV Injection Vulnerability in Export Users to CSV Plugin for WordPress Stored XSS in Piwigo 2.10.1 via file parameter in /ws.php request Unauthorized Image Information Manipulation in Piwigo Community Plugin Insecure Permissions in Wing FTP Server 6.2.5 Allow Session Hijacking and Remote Code Execution Authenticated File Upload and Remote Code Execution in Umbraco Cloud 8.5.3 via Install Packages Functionality Authenticated File Upload and Remote Code Execution in Umbraco CMS 8.5.3 via Install Package Functionality Root Access Vulnerability in S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 Remote Code Execution Vulnerability in S. Siedle & Soehne SG 150-0 Smart Gateway (Versions before 1.2.4) Local Privilege Escalation Vulnerability in S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 via Logrotate Race Condition Remote Code Execution Vulnerability in ARRIS TG1692A Devices Authentication Bypass Vulnerability in HUMAX HGA12R-02 BRGCAA 1.1.53 Devices OS Command Injection Vulnerability in Rubrik 5.0.3-2296 Arbitrary File Placement Vulnerability in Apache AsterixDB Unauthenticated Remote Code Execution in Apache Spark Standalone Resource Manager HTTP/2 Slow Read Vulnerability in Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 Authentication Token Invalidation Vulnerability in NiFi Registry SQL Injection Vulnerability in Apache SkyWalking Storage Implementations Remote Code Execution via Deserialization in Apache Tomcat Stored XSS Vulnerability in Apache Airflow Classic UI Chart Pages Sensitive Property Value Leakage in Apache NiFi Apache NiFi Download Token Denial of Service Vulnerability Vulnerability: Man-in-the-Middle Attack in Apache Log4j SMTP Appender Vulnerability: System.exit, Out of Memory Errors, and Infinite Loops in Tika's Parsers Apache HTTP Server HTTP/2 Cache-Digest Header Vulnerability Insecure TLS Versions Supported in Apache NiFi Intracluster Communication Apache Hadoop WebHDFS Client SPNEGO Authorization Header Vulnerability Apache Chainsaw Deserialization Flaw Allows for Remote Code Execution Apache Traffic Server HTTP/2 HEADERS Frame Memory Allocation Vulnerability LDAP Injection Vulnerability in Apache Archiva Login Service Unsafe Deserialization and Cross-Site Scripting Vulnerabilities in Apache OFBiz 17.12.03 Apache Guacamole 1.1.0 and older: Memory Disclosure Vulnerability via RDP Server Apache Guacamole 1.1.0 and older: Remote Code Execution via RDP Static Virtual Channels Buffer Overflow Vulnerability in Dahua Products: Device Crash via DDNS Test Command Dahua Products Vulnerable to Denial of Service Attack via Log Query Command Dahua Web P2P Control Cloud Key Leakage Vulnerability Predictable Session ID Vulnerability in Dahua Products (Pre-December 2019 Builds) Arbitrary Post and Page Manipulation Vulnerability in IMPress for IDX Broker Plugin UI Redress Vulnerability in Micro Focus Service Manager Release Control Unauthorized Access to Configuration Data Vulnerability in Micro Focus Service Manager (Web Tier) HTTP Methods Exposure Vulnerability in Micro Focus Service Manager Stored XSS Vulnerability in Micro Focus Vibe Versions Prior to 4.0.7 SQL Injection Vulnerability in Micro Focus Service Manager Automation (SMA) Remote Cross-Site Scripting (XSS) Vulnerability in Micro Focus ArcSight ESM 7.x Credential Leakage Vulnerability in Micro Focus Enterprise Developer and Enterprise Server Stored and Reflected Cross-Site Scripting Vulnerability in Micro Focus Enterprise Server and Enterprise Developer CS2 Network P2P Authentication Flaw: Enabling Remote Man-in-the-Middle Attacks on IoT Devices CS2 Network P2P Information Exposure Vulnerability Buffer Overflow Vulnerability in Shenzhen Hichip Vision Technology Firmware: Millions of IoT Devices at Risk Cryptographic Vulnerabilities in Shenzhen Hichip Vision Technology Firmware: Compromising IoT Devices and User Data Privilege Escalation Vulnerability in Shenzhen Hichip Vision Technology Firmware: Resetting Administrator Password in Millions of IoT Devices Information Leakage Vulnerability in Xiaomi MIUI GetApps Component Xiaomi MIUI GetApps NFC Installation and Information Leakage Vulnerability Stack-Based Buffer Overflow in D-Link DIR-615Jx10 Devices via formWlanSetup Parameter Stack-Based Buffer Overflow in D-Link DIR-615Jx10 Devices via formWlanSetup_Wizard Parameter Local Elevation of Privilege Vulnerability in Sophos HitmanPro.Alert Unauthorized Access and Resource Manipulation in OpenStack Manila Unauthenticated Firmware Installation Vulnerability on D-Link DSL-2640B E1 EU_1.01 Devices Segmentation Fault Vulnerability in Pale Moon 28.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Deserialization Vulnerability in FasterXML Jackson-databind 2.x Out-of-Bounds Write Vulnerability in PDFResurrect 0.12 through 0.19 Unencrypted 433 MHz Communication Vulnerability in Rubetek SmartHome 2020 Devices Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0 Heap-Based Buffer Overflow Vulnerability in Adobe Bridge Versions 10.0 Out-of-Bounds Read Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Stack-Based Buffer Overflow Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Heap Overflow Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Heap Overflow Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Use After Free Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier: Arbitrary Code Execution Use After Free Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier: Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.1 and Earlier Memory Corruption Vulnerability in Adobe Illustrator Versions 24.0.2 and Earlier Memory Corruption Vulnerability in Adobe Illustrator: Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator: Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator: Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator Versions 24.0.2 and Earlier Memory Corruption Vulnerability in Adobe Illustrator Versions 24.1.2 and Earlier: Risk of Arbitrary Code Execution Command Injection Vulnerability in Magento Versions 2.3.4 and Earlier, 2.2.11 and Earlier, 1.14.4.4 and Earlier, and 1.9.4.4 and Earlier Stored Cross-Site Scripting Vulnerability in Magento Versions 2.3.4 and Earlier Command Injection Vulnerability in Magento Versions 2.3.4 and Earlier, 2.2.11 and Earlier, 1.14.4.4 and Earlier, and 1.9.4.4 and Earlier Security Mitigation Bypass Vulnerability in Magento Versions 2.3.4 and Earlier Security Mitigation Bypass Vulnerability in Magento Versions 2.3.4 and Earlier Stored Cross-Site Scripting Vulnerability in Magento Versions 2.3.4 and Earlier Command Injection Vulnerability in Magento Versions 2.3.4 and Earlier, 2.2.11 and Earlier, 1.14.4.4 and Earlier, and 1.9.4.4 and Earlier Command Injection Vulnerability in Magento Versions 2.3.4 and Earlier, 2.2.11 and Earlier, 1.14.4.4 and Earlier, and 1.9.4.4 and Earlier Stored Cross-Site Scripting Vulnerability in Magento Versions 2.3.4 and Earlier Arbitrary Code Execution Vulnerability in Magento Versions 2.3.4 and Earlier Buffer Overflow Vulnerability in Adobe Character Animator: Arbitrary Code Execution Authorization Bypass Vulnerability in Magento Versions 2.3.4 and Earlier Observable Timing Discrepancy Vulnerability in Magento Versions 2.3.4 and Earlier Heap Overflow Vulnerability in Adobe DNG Software Development Kit (SDK) 1.5 and Earlier Versions Heap Overflow Vulnerability in Adobe DNG Software Development Kit (SDK) 1.5 and Earlier Versions Unauthenticated Access to Magento Admin Panel Security Bypass Vulnerability in Adobe Acrobat and Reader Invalid Memory Access Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Invalid Memory Access Vulnerability in Adobe Acrobat and Reader Security Bypass Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Invalid Memory Access Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Use-After-Free Vulnerability in Adobe Acrobat and Reader Use-After-Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Null Pointer Vulnerability in Adobe Acrobat and Reader Stack Exhaustion Vulnerability in Adobe Acrobat and Reader Heap Overflow Vulnerability in Adobe Acrobat and Reader Security Bypass Vulnerability in Adobe Acrobat and Reader Security Bypass Vulnerability in Adobe Acrobat and Reader Race Condition Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Premiere Pro Versions 14.1 and Earlier Out-of-Bounds Read Vulnerability in Adobe Premiere Rush 1.5.8 and Earlier Out-of-Bounds Read Vulnerability in Adobe Audition Versions 13.0.5 and Earlier Heap Overflow Vulnerability in Adobe DNG Software Development Kit (SDK) 1.5 and Earlier Versions Heap Overflow Vulnerability in Adobe DNG Software Development Kit (SDK) 1.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe DNG SDK 1.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe DNG SDK 1.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe DNG SDK 1.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe DNG SDK 1.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe DNG SDK 1.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe DNG SDK 1.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe DNG SDK 1.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe DNG SDK 1.5 and Earlier Versions Business Logic Error Vulnerability in Magento Versions 2.3.4 and Earlier, 2.2.11 and Earlier, 1.14.4.4 and Earlier, and 1.9.4.4 and Earlier Security Mitigation Bypass Vulnerability in Magento Versions 2.3.4 and Earlier Security Mitigation Bypass Vulnerability in Magento Versions 2.3.4 and Earlier, 2.2.11 and Earlier, 1.14.4.4 and Earlier, and 1.9.4.4 and Earlier Use After Free Vulnerability in Adobe Flash Player Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.5 and Below Out-of-Bounds Write Vulnerability in Adobe Framemaker 2019.0.5 and Below Memory Corruption Vulnerability in Adobe Framemaker 2019.0.5 and Below Heap Overflow Vulnerability in Adobe After Effects Versions 17.1 and Earlier: Arbitrary Code Execution Heap Overflow Vulnerability in Adobe After Effects Versions 17.1 and Earlier: Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator Versions 24.1.2 and Earlier: Risk of Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator Versions 24.1.2 and Earlier: Risk of Arbitrary Code Execution Memory Corruption Vulnerability in Adobe Illustrator Versions 24.1.2 and Earlier: Risk of Arbitrary Code Execution Buffer Overflow Vulnerability in Adobe Illustrator Versions 24.1.2 and Earlier Adobe Experience Manager 6.5 and Earlier: Server-Side Request Forgery (SSRF) Vulnerability Cross-Site Scripting (Stored) Vulnerability in Adobe Experience Manager 6.5 and Earlier Blind Server-Side Request Forgery (SSRF) Vulnerability in Adobe Experience Manager 6.5 and Earlier Out-of-Bounds Write Vulnerability in Adobe Media Encoder (Versions 14.2 and Earlier) Allows Arbitrary Code Execution Cross-Site Scripting (DOM-Based) Vulnerability in Adobe Experience Manager 6.5 and Earlier Cross-Site Scripting Vulnerability in Adobe Experience Manager 6.5 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe Media Encoder 14.2 and Earlier Out-of-Bounds Write Vulnerability in Adobe Media Encoder (Versions 14.2 and Earlier) Allows Arbitrary Code Execution Cross-Site Scripting (Reflected) Vulnerability in Adobe Experience Manager 6.5 and Earlier Critical Out-of-Bounds Read Vulnerability in Adobe Premiere Pro Versions 14.2 and Earlier Critical Out-of-Bounds Write Vulnerability in Adobe Premiere Pro: Risk of Arbitrary Code Execution Critical Out-of-Bounds Write Vulnerability in Adobe Premiere Pro: Risk of Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Premiere Rush Versions 1.5.12 and Earlier Out-of-Bounds Write Vulnerability in Adobe Premiere Rush Versions 1.5.12 and Earlier Out-of-Bounds Write Vulnerability in Adobe Premiere Rush Versions 1.5.12 and Earlier Out-of-Bounds Write Vulnerability in Adobe Audition Versions 13.0.6 and Earlier Out-of-Bounds Write Vulnerability in Adobe Audition Versions 13.0.6 and Earlier Critical Out-of-Bounds Write Vulnerability in Adobe After Effects: Risk of Arbitrary Code Execution Critical Out-of-Bounds Read Vulnerability in Adobe After Effects: Risk of Arbitrary Code Execution Critical Out-of-Bounds Write Vulnerability in Adobe After Effects: Risk of Arbitrary Code Execution Adobe Reader Mobile Directory Traversal Vulnerability Magento PHP Object Injection Vulnerability Stored Cross-Site Scripting Vulnerability in Magento Versions 1.14.4.5 and Earlier, and 1.9.4.5 and Earlier Out-of-Bounds Read Vulnerability in Adobe Campaign Classic (Before 20.2) Leading to Information Disclosure Uncontrolled Search Path Element Vulnerability in Adobe Genuine Service Adobe Genuine Service Improper Access Control Vulnerability Privilege Escalation Vulnerability in Adobe Creative Cloud Desktop Application Symlink Vulnerability in Adobe Creative Cloud Desktop Application Allows Privilege Escalation Insecure File Permissions Vulnerability in Adobe Creative Cloud Desktop Application DLL Search-Order Hijacking Vulnerability in Adobe ColdFusion: Privilege Escalation Risk DLL Search-Order Hijacking Vulnerability in Adobe ColdFusion: Privilege Escalation Risk Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.3 and Earlier Out-of-Bounds Read Vulnerability in Adobe Bridge Versions 10.0.3 and Earlier Out-of-Bounds Write Vulnerability in Adobe Bridge Versions 10.0.3 and Earlier Out-of-Bounds Read Vulnerability in Adobe Prelude Versions 9.0 and Earlier Out-of-Bounds Write Vulnerability in Adobe Prelude Versions 9.0 and Earlier Out-of-Bounds Read Vulnerability in Adobe Prelude Versions 9.0 and Earlier Out-of-Bounds Write Vulnerability in Adobe Prelude Versions 9.0 and Earlier Uncontrolled Search Path Element Vulnerability in Adobe Genuine Service v6.6 and Earlier Symlink Vulnerability in Adobe Creative Cloud Desktop Application Allows Arbitrary File System Write Out-of-Bounds Read Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020: Risk of Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020: Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020: Arbitrary Code Execution Out-of-Bounds Read Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020: Risk of Arbitrary Code Execution Out-of-Bounds Write Vulnerability in Adobe Photoshop CC 2019 and Photoshop 2020: Arbitrary Code Execution Command Injection Vulnerability in Adobe Download Manager 2.0.0.518 Path Traversal Vulnerability in Magento Versions 2.3.5-p1 and Earlier: Arbitrary Code Execution Observable Timing Discrepancy Vulnerability in Magento Versions 2.3.5-p1 and Earlier: Signature Verification Bypass Dom-based Cross-Site Scripting Vulnerability in Magento Versions 2.3.5-p1 and Earlier Arbitrary Code Execution Vulnerability in Magento Versions 2.3.5-p1 and Earlier Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Security Bypass Vulnerability Adobe Acrobat and Reader: Sensitive Data Disclosure and Memory Leak Vulnerability Buffer Error Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Stack Exhaustion Vulnerability in Adobe Acrobat and Reader Stack Exhaustion Vulnerability in Adobe Acrobat and Reader Buffer Error Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Unvalidated User Input Allows Unauthorized Access to Git Repositories Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Adobe Acrobat and Reader Security Bypass Vulnerability Adobe Acrobat and Reader Privilege Escalation Vulnerability Use-After-Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Use-After-Free Vulnerability in Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability in Adobe Acrobat and Reader Insecure Library Loading Vulnerability in Adobe Lightroom Versions 9.2.0.10 and Earlier Stack-based Buffer Overflow in Adobe FrameMaker 2019.0.6 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe FrameMaker 2019.0.6 and Earlier Versions Memory Corruption Vulnerability in InDesign 15.1.1 and Earlier Versions Allows for Code Execution Memory Corruption Vulnerability in InDesign 15.1.1 and Earlier Versions Allows for Code Execution Memory Corruption Vulnerability in InDesign 15.1.1 and Earlier Versions Allows for Code Execution Memory Corruption Vulnerability in InDesign 15.1.1 and Earlier Versions Allows for Code Execution Memory Corruption Vulnerability in InDesign 15.1.1 and Earlier Versions Allows for Code Execution Stored XSS Vulnerability in AEM Forms Add-on Allows Execution of Malicious Scripts Privilege Escalation Vulnerability in AEM Java Servlet Stored XSS Vulnerability in AEM Forms Component Allows Execution of Malicious Scripts Stored XSS Vulnerability in Adobe Experience Manager (AEM) Versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below Stored XSS Vulnerability in Adobe Experience Manager (AEM) Versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below Stored XSS Vulnerability in Adobe Experience Manager (AEM) Versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below Stored XSS Vulnerability in Adobe Experience Manager (AEM) Versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below, and 6.2 SP1-CFP20 and below Out-of-Bounds Read Vulnerability in Adobe Media Encoder 14.3.2 and Earlier Versions Stored XSS Vulnerability in AEM Design Importer Stored XSS Vulnerability in AEM Forms Component Allows Execution of Malicious Scripts Stored XSS Vulnerability in AEM Inbox Calendar Feature HTML Injection Vulnerability in AEM Content Editor Component Out-of-Bounds Read Vulnerability in Adobe Media Encoder 14.3.2 and Earlier Versions Out-of-Bounds Read Vulnerability in Adobe Media Encoder 14.3.2 and Earlier Versions Adobe Flash Player NULL Pointer Dereference Vulnerability Double Free Vulnerability in Adobe Animate 20.5 and Earlier: Arbitrary Code Execution via Crafted .fla File Stack Overflow Vulnerability in Adobe Animate 20.5 and Earlier: Arbitrary Code Execution via Crafted .fla File Arbitrary Code Execution Vulnerability in Adobe Animate 20.5 and Earlier Out-of-Bounds Read Vulnerability in Adobe Animate 20.5 and Earlier Arbitrary File Download and Execution Vulnerability in Naver Cloud Explorer Arbitrary File Movement Vulnerability in Naver Cloud Explorer Lack of Signature Verification in Whale Browser Installer Prior to 1.2.0.5 Versions for Flash Installer Bypassing Browser Unlock Function in NAVER Whale Mobile App via Incognito Mode Insufficient Access Control in Patriot Viper RGB Driver Allows Privilege Escalation Craft CMS SEOmatic Component Server-Side Template Injection Vulnerability Blind JavaScript Injection and Privilege Escalation in LiveZilla Live Chat 8.0.1.3 Privilege Escalation and File Overwrite Vulnerability in LG Electronic web OS TV Emulator Buffer Overflow Vulnerability in WeeChat IRC Client Insecure Default Configuration in UNCTAD ASYCUDA World: Remote Java Code Execution Vulnerability Zoom Sharing Service DLL Loading Vulnerability Use After Free Vulnerability in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2 Allows Arbitrary Code Execution Vulnerabilities in Vim: Addressed in macOS Catalina 10.15.4 Bluetooth Traffic Interception Vulnerability in iOS 13.4 and iPadOS 13.4 File System Access Vulnerability Patched in macOS Catalina 10.15.4 Sandbox Circumvention Vulnerability in Apple Operating Systems Vulnerability: Information Leakage through Icon Caches Vulnerability: Unauthorized Access to Encrypted Data via Siri Suggestions Privacy vulnerability in Picture in Picture video handling Call History Access Vulnerability Patched in macOS Catalina 10.15.4 Vulnerability: Video Cropping Issue in Mail on iOS 13.4 and iPadOS 13.4 Improper Input Validation in macOS Catalina 10.15.4 Allows Local User to Read Kernel Memory Deleted Content Exposure in App Switcher on iOS 13.3 and iPadOS 13.3 Unintended Website Permission Grants in iOS 13.4 and iPadOS 13.4 Directory Path Parsing Vulnerability in macOS Use After Free Vulnerability in iOS, iPadOS, tvOS, Safari, iTunes, and iCloud Safari 13.1 Patch: Mitigating Malicious Iframe Exploitation of Download Settings Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Vulnerability Patched: Application-Triggered Sysdiagnose in macOS Improper Website Display in Safari Preferences Vulnerability JavaScript Execution Vulnerability in macOS Catalina 10.15.5 Arbitrary Code Execution Vulnerability in Image Processing Arbitrary Code Execution Vulnerability in Image Processing Improper Input Validation in Audio File Processing Leading to Arbitrary Code Execution USB Denial of Service Vulnerability in iOS, iPadOS, and macOS Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Improved Bounds Checking to Address Out-of-Bounds Read Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Race Condition Vulnerability in macOS Catalina 10.15.5 Allows Arbitrary Code Execution with Kernel Privileges Information Disclosure Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Improper Bounds Checking in macOS Catalina 10.15.6 Allows Arbitrary Code Execution Type Confusion Vulnerability Patched in Multiple Apple Products Safari 13.1.1 Vulnerability: Malicious Process Exploits Application Launch Arbitrary Code Execution Vulnerability in iOS 13.5 and Other Apple Products Arbitrary Code Execution Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud for Windows USB Device Logic Issue Leading to Kernel Panic in macOS Catalina 10.15.5 Universal Cross-Site Scripting Vulnerability Fixed in Multiple Apple Products Memory Corruption Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud Memory Corruption Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Improved State Management to Prevent Information Disclosure in iOS 13.5 and Other Apple Operating Systems Login Window Bypass Vulnerability Patched in macOS Catalina 10.15.5 Improved State Management Fixes Information Disclosure Vulnerability Improved State Management Fixes Information Disclosure Vulnerability Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Improper Bounds Checking in Audio File Processing Leading to Arbitrary Code Execution Out-of-Bounds Write Vulnerability in PDF Parsing Root Privilege Escalation Vulnerability in macOS Catalina 10.15.5 Out-of-Bounds Write Vulnerability in iOS and iPadOS Heap Corruption Vulnerability in iOS and iPadOS File System Modification Vulnerability Patched in iOS 13.5 and iPadOS 13.5 Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Allows Arbitrary Code Execution Kernel Privilege Escalation Vulnerability in macOS Catalina 10.15.5 Vulnerability: State Alteration by Removed Users in iMessage Conversations Vulnerability: Unauthorized Modification of Restricted Network Settings in macOS Catalina 10.15.5 Sandbox Bypass Vulnerability in iOS, iPadOS, and macOS Improved Input Validation Fixes Denial of Service Vulnerability in iOS, iPadOS, and macOS Improved Input Validation Fixes Denial of Service Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Improper Input Validation Leads to Out-of-Bounds Read Vulnerability in macOS Catalina 10.15.4 Improved Input Sanitization in iOS 13.5 Fixes Application Denial of Service Vulnerability Arbitrary Code Execution Vulnerability in iOS, iPadOS, and macOS Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in macOS Catalina 10.15.5 Improved Input Validation Fixes Out-of-Bounds Read Vulnerability in macOS Catalina 10.15.5 Memory Initialization Vulnerability in macOS Catalina 10.15.5 Allows Local User to Read Kernel Memory Memory Corruption Vulnerability in macOS Catalina 10.15.5 Allows Arbitrary Code Execution with Kernel Privileges FaceTime Video Pausing Vulnerability Memory Leak Vulnerability in iOS, iPadOS, macOS, and tvOS Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in iOS 13.5 and iPadOS 13.5 Elevated Privileges Vulnerability Fixed in iOS 13.5 and Other Apple Operating Systems Improper Logic Restriction in SwiftNIO Extras 1.4.0 and earlier Integer Overflow Vulnerability in macOS Catalina 10.15.5 Allows Arbitrary Code Execution with Kernel Privileges Entitlement Parsing Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Cross-Site Scripting Vulnerability Patched in Multiple Apple Products Double Free Vulnerability in iOS, iPadOS, and macOS: Remote Code Execution and Memory Corruption Logic Issue in macOS Monterey 12.0.1 Allows Unauthorized Access to Apple IDs Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in macOS Catalina 10.15.5 Lockscreen Notification Content Vulnerability Improved State Management to Prevent Memory Leakage Vulnerability Improved Restrictions for Logic Issue in iOS 13.5 and Other Apple Products Improved Access Restrictions in macOS Catalina 10.15.5: Fixing File System Modification Vulnerability Integer Overflow Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Allows Arbitrary Code Execution Memory Corruption Vulnerability in macOS Catalina 10.15.4 Allows Kernel Memory Layout Disclosure Elevated Privileges Vulnerability Patched in iOS 13.5 and macOS Catalina 10.15.5 Privilege Escalation Vulnerability in macOS Catalina 10.15.5 Privilege Escalation Vulnerability in macOS Catalina 10.15.5 URL Parsing Vulnerability in Safari Allows Exfiltration of Autofilled Data Arbitrary Code Execution Vulnerability in Windows Migration Assistant 2.2.0.0 (v. 1A11) Arbitrary Code Execution Vulnerability with Kernel Privileges Arbitrary JavaScript Code Execution via Custom URL Scheme Handling in Safari 13.0.5 Stack Overflow Vulnerability in Swift for Linux: Enhanced Input Validation for Handling Malicious JSON Command Injection Vulnerability in Web Inspector Memory Initialization Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Allows Arbitrary Code Execution with Kernel Privileges Arbitrary Code Execution Vulnerability in macOS Catalina 10.15.6 Memory Corruption Vulnerability in iOS, iPadOS, macOS, tvOS, and watchOS Title: Critical Buffer Overflow Vulnerability Patched in macOS Catalina and Security Updates Certificate Validation Vulnerability Memory Corruption Vulnerability in macOS Catalina 10.15.6 Allows Remote Application Termination Pointer Authentication Code Bypass Vulnerability Arbitrary Code Execution via Maliciously Crafted Image Arbitrary Code Execution via Maliciously Crafted Image Arbitrary Code Execution via Malicious Image Processing Arbitrary Code Execution via Maliciously Crafted Image Integer Overflow Vulnerability in Image Processing Out-of-Bounds Write Vulnerability in PDF Parsing Improper Bounds Checking in Image Processing Leading to Arbitrary Code Execution Buffer Overflow Vulnerability in Apple Operating Systems Arbitrary Code Execution via Maliciously Crafted Image Buffer Overflow Vulnerability Patched in iOS 13.6 and Other Apple Operating Systems Buffer Overflow Vulnerability in Apple Operating Systems Buffer Overflow Vulnerability in Apple Operating Systems Buffer Overflow Vulnerability in Image Processing Arbitrary Code Execution Vulnerability in Apple Operating Systems iMessage Group Rejoin Vulnerability JPEG File Memory Corruption Vulnerability in macOS Catalina 10.15.6 Improper Bounds Checking in Audio File Processing Leading to Arbitrary Code Execution Arbitrary Code Execution Vulnerability in Apple Operating Systems Improper Bounds Checking in Audio File Processing Leading to Arbitrary Code Execution Improper Bounds Checking in Audio File Processing Leading to Arbitrary Code Execution Memory Corruption Vulnerabilities in iOS, iPadOS, macOS, tvOS, and watchOS Allow Arbitrary Code Execution Use After Free Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud for Windows Improper Input Validation Leading to Remote Code Execution in Multiple Apple Products Use After Free Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud for Windows Improper Input Validation in PDF Processing Allows Arbitrary Code Execution Sandbox Bypass Vulnerability in iOS, iPadOS, and macOS Memory Corruption Vulnerability in macOS Catalina 10.15.6 Allows Arbitrary Code Execution with Kernel Privileges Privilege Escalation Vulnerability in Apple Operating Systems Privilege Escalation Vulnerability in Path Validation Logic for Symlinks Kernel Memory Layout Disclosure Vulnerability Improper Domain Password Suggestion Vulnerability in Safari Memory Corruption Vulnerability Allows Arbitrary Code Execution with Kernel Privileges Improved Bounds Checking to Address Buffer Overflow Vulnerability Memory Corruption Vulnerability in iOS, iPadOS, macOS, and watchOS Memory Corruption Vulnerability in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8 Improper Input Validation in macOS Catalina 10.15.6 Allows Local User to Read Kernel Memory Kernel Memory Bypass Vulnerability in iOS 13.6 and iPadOS 13.6 Pointer Authentication Bypass Vulnerability Safari Reader Mode Same Origin Policy Bypass Vulnerability Safari Reader Mode Frame Origin Manipulation Vulnerability Improved Data Protection in macOS Catalina 10.15.6: Fixing Local User Information Leakage Vulnerability Bluetooth Input Validation Vulnerability Content Security Policy Access Restriction Vulnerability URL Unicode Encoding Vulnerability Patched in Multiple Apple Products Title: Denial of Service Vulnerability in iOS 13.6 and iPadOS 13.6 Improper Input Validation Leads to Out-of-Bounds Read Vulnerability Buffer Overflow Vulnerability in Image Processing Leading to Arbitrary Code Execution Arbitrary Mail File Overwrite Vulnerability Memory Corruption Vulnerability in macOS Catalina 10.15.6 Allows Arbitrary Code Execution Arbitrary File Writing Vulnerability in macOS Email Processing Memory Corruption Vulnerability in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8 Allows Arbitrary Code Execution Improper State Management in macOS Catalina 10.15.6 Allows Remote Denial of Service Universal Cross-Site Scripting Vulnerability Fixed in Multiple Apple Products Use After Free Vulnerability in XML Processing Memory Corruption Vulnerability in macOS Catalina 10.15.6 Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in macOS Catalina 10.15.6 Allows Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerability in macOS Catalina 10.15.6 Vulnerability: Out-of-Bounds Read Leading to Unexpected System Termination and Kernel Memory Disclosure Improved Input Validation Fixes Denial of Service Vulnerability in iOS 13.6 and iPadOS 13.6 Arbitrary Code Execution Vulnerability in Safari 13.0.1 and iOS 13.1 Improved State Management Fixes Authorization Vulnerability in iOS 13.6 and iPadOS 13.6 Improper Validation of Environment Variables Allows Local User to Access Sensitive User Information User Account Cross-Login Vulnerability in macOS Catalina 10.15.6 Arbitrary Code Execution via Maliciously Crafted Image Arbitrary Code Execution via Maliciously Crafted Image Arbitrary Code Execution via Malicious Image Processing Unsigned Kernel Extension Loading Vulnerability Patched in macOS Catalina 10.15.6 Buffer Overflow Vulnerability in Apple Operating Systems Remote Code Execution Vulnerability in macOS Address Bar Spoofing Vulnerability in macOS Big Sur 11.0.1 and Safari 13.1.2 Improved Bounds Checking for Out-of-Bounds Read Vulnerability Improved Bounds Checking Fixes Out-of-Bounds Read Vulnerability in macOS Big Sur and iOS 14.0 Address Bar Spoofing Vulnerability in macOS Big Sur 11.0.1 and Safari 14.0.1 Screen Lock Bypass Vulnerability in iOS 14.0, iPadOS 14.0, and watchOS 7.0 Arbitrary Code Execution Vulnerability in Multiple Apple Products Type Confusion Vulnerability Patched in Safari 14.0, Allowing Arbitrary Code Execution Kernel Privilege Escalation via Use After Free Vulnerability Use After Free Vulnerability Patched in Multiple Apple Platforms Safari 14.0 Patch: Use After Free Vulnerability Allows Arbitrary Code Execution Cross-Site Scripting Vulnerability Patched in iOS 14.0 and Other Apple Platforms Title: Critical Buffer Overflow Vulnerability Patched in Apple Devices, Allowing Arbitrary Code Execution via Malicious Audio Files Arbitrary Code Execution Vulnerability in Image Processing Improper Input Validation in Font Processing Leading to Arbitrary Code Execution Improper Bounds Checking Leading to Kernel Memory Write Vulnerability Lock Screen Message Access Vulnerability Improper Input Validation in Audio File Processing Leading to Arbitrary Code Execution Vulnerability Patched: Arbitrary Code Execution via Maliciously Crafted Image in macOS Buffer Overflow Vulnerability Patched in macOS Big Sur 11.0.1 and Other Apple Operating Systems Vulnerability: Information Disclosure via Icon Cache Handling Memory Initialization Vulnerability in iOS 14.0 and iPadOS 14.0 Allows Local User to Read Kernel Memory Improper Input Validation Leads to Arbitrary Code Execution with Kernel Privileges Improper Input Validation Leads to Arbitrary Code Execution with Kernel Privileges Memory Corruption Vulnerabilities Patched in macOS Big Sur 11.0.1 and Other Apple Operating Systems Vulnerability: Logic Issue Allows Unauthorized Access to Restricted Files Sandbox Restrictions Patched to Prevent Local User Access to Sensitive User Information Privilege Escalation Vulnerability Patched in Apple Operating Systems Buffer Overflow Vulnerability in iOS 14.0 and iPadOS 14.0 Allows Arbitrary Code Execution Improper Bounds Checking in macOS and iOS Leads to Arbitrary Code Execution Kernel Memory Layout Disclosure Vulnerability Kernel Privilege Escalation via Use After Free Vulnerability Improved State Management Fixes Logic Issue Allowing Sensitive User Information Leakage Entitlement Verification Vulnerability Allows Safari Tab Enumeration Vulnerability: Application State Alteration in Privileged Network Position Legacy API Trust Misuse Vulnerability Arbitrary Code Execution via Malicious Font File in Apple Devices Arbitrary Code Execution Vulnerability Fixed in Multiple Apple Products Improved Checks to Prevent Unauthorized Actions in Apple Music 3.4.0 for Android Safari 14.0 Out-of-Bounds Write Vulnerability Arbitrary Code Execution via Malicious Image Processing Buffer Overflow Vulnerability in Apple Operating Systems Improved Access Restrictions Fix File Access Vulnerability in macOS Catalina 10.15.7 Address Bar Spoofing Vulnerability Fixed in Safari 14.0 Improved Deletion Vulnerability in macOS Big Sur 11.0.1, iOS 14.0, and iPadOS 14.0 Improved Deletion Vulnerability in macOS, watchOS, iOS, and iPadOS Race Condition Vulnerability in macOS Catalina 10.15.6 Allows Arbitrary Code Execution with Kernel Privileges Improper Input Validation Leading to Denial of Service in macOS, watchOS, iOS, iPadOS, iCloud for Windows, and tvOS Network-based code execution vulnerability during debug session on iOS 14 and iPadOS 14 Address Bar Spoofing Vulnerability Fixed in watchOS 7.0, Safari 14.0, iOS 14.0, and iPadOS 14.0 Arbitrary File Overwrite Vulnerability in Apple Operating Systems Improper URL Parsing Leads to Open Redirect and XSS Vulnerability Privilege Escalation Vulnerability Fixed in macOS Big Sur 11.0.1, iOS 14.0, and iPadOS 14.0 Improved State Management Fixes Information Disclosure Vulnerability in macOS Catalina 10.15.6 and watchOS 6.2.8 Memory Corruption Vulnerability in macOS Big Sur 11.0.1 and iTunes for Windows 12.10.9