Vulnerability Summary for the Week of March 22, 2021

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.

High Vulnerabilities

Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE- 2021- Apache OFBiz has unsafe deserialization prior to 26295 17.12.06. An unauthenticated attacker can use this 2021-03- MLIST apache -- ofbiz 7.5 vulnerability to successfully take over Apache 22 CONFIRM OFBiz. MLIST MLIST MLIST

In Apache SpamAssassin before 3.4.5, malicious 2021-03- CVE- apache -- spamassassin 10 rule configuration (.cf) files can be configured to 25 2020-1946 Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

run system commands without any output or MISC errors. With this, exploits can be injected in a DEBIAN number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package CVE- name inside application manifest. An attacker 2021- 2021-03- apkleaks_project -- apkleaks could include arguments that allow unintended 10 21386 24 commands or code to be executed, allow sensitive MISC data to be read or modified or could cause other CONFIRM unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above.

** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js CVE- allows command injection via shell metacharacters 2021- eslint-fixer_project -- eslint- 2021-03- to the fix function. NOTE: This vulnerability only 10 26275 fixer 19 affects products that are no longer supported by the MISC maintainer. The ozum/eslint-fixer GitHub MISC repository has been intentionally deleted. Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

A code execution vulnerability exists in the WS- CVE- Addressing plugin functionality of Genivia gSOAP 2021-03- 2021- genivia -- gsoap 2.8.107. A specially crafted SOAP request can lead 7.5 25 21783 to remote code execution. An attacker can send an MISC HTTP request to trigger this vulnerability.

git-bug before 0.7.2 has an Uncontrolled Search CVE- Path Element. It will execute git.bat from the 2021-03- 2021- git-bug_project -- git-bug 7.5 current directory in certain PATH situations (most 22 28955 often seen on Windows). MISC

A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer CVE- overflow, allowing a remote attacker to write 2021-03- gnu -- libmicrohttpd 10 2021-3466 arbitrary data in an application that uses 25 MISC libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE- 2020- The package copy-props before 2.0.5 are 2021-03- 28503 gulpjs -- copy-props vulnerable to Prototype Pollution via the main 7.5 23 CONFIRM functionality. CONFIRM CONFIRM Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor CVE- without proper sanitization. This could result in a 2019- http-proxy-agent_project -- 2021-03- Denial of Service through the usage of all available 9 10196 http-proxy-agent 19 CPU resources and data exposure through an MISC uninitialized memory leak in setups where an MISC attacker could submit typed input to the auth parameter.

The /admin/admapi.php script of Invigo Automatic CVE- Device Management (ADM) through 5.0 allows invigo -- 2021-03- 2020- remote authenticated attackers to execute arbitrary 9 automatic_device_management 25 10583 OS commands on the server as the user running CONFIRM the application.

A SQL injection on the /admin/display_errors.php CVE- script of Invigo Automatic Device Management invigo -- 2021-03- 2020- (ADM) through 5.0 allows remote attackers to 7.5 automatic_device_management 25 10582 execute arbitrary SQL requests (including data CONFIRM reading and modification) on the database.

CVE- The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c it-recht-kanzlei -- it-recht- 2021-03- 2020-6577 (German edition) allows itrk-api.php 7.5 kanzlei 19 MISC rechtstext_language SQL Injection. MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

In drivers/pci/hotplug/rpadlpar_sysfs. in the CVE- Linux kernel through 5.11.8, the RPA PCI Hotplug 2021- driver has a user-tolerable buffer overflow when 28972 writing a new device name to the driver from 2021-03- linux -- linux_kernel 7.2 MISC userspace, allowing userspace to write data to the 22 FEDORA kernel stack frame directly. This occurs because FEDORA add_slot_store and remove_slot_store mishandle FEDORA drc_name '\0' termination, aka CID-cc7a0bb058b8.

A remote code execution issue was discovered in CVE- MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 2021- 10.4 before 10.4.18, and 10.5 before 10.5.9; 27928 Percona Server through 2021-03-03; and the wsrep MISC patch through 2021-03-03 for MySQL. An 2021-03- MLIST mariadb -- mariadb 9 untrusted search path leads to eval injection, in 19 MISC which a database SUPER user can execute OS MISC commands after modifying wsrep_provider and MISC wsrep_notify_cmd. NOTE: this does not affect an MISC Oracle product. MISC

In MaEPSBroker 2.5.0.31 and prior, a command CVE- injection vulnerability caused by improper input 2021-03- 2020-7839 markany -- maepsbroker 7.5 validation checks when parsing brokerCommand 24 MISC parameter. MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE- 2021- The unofficial MATLAB extension before 2.0.1 28967 microsoft -- for Visual Studio Code allows attackers to execute 2021-03- 7.5 MISC visual_studio_code arbitrary code via a crafted workspace because of 24 MISC lint configuration settings. MISC MISC

** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or CVE- overwrite arbitrary .rsc files via the /export 2021-03- 2021- mikrotik -- routeros 8.5 command. NOTE: the vendor's position is that this 19 27221 is intended behavior because of how user policies MISC work.

CVE- Cloud Manager versions prior to 3.9.4 are 2021-03- 2021- netapp -- cloud_manager susceptible to a vulnerability that could allow a 9.4 19 26990 remote attacker to overwrite arbitrary system files. MISC

Certain NETGEAR devices are affected by CVE- authentication bypass. This affects RBK852 before 2021-03- 2021- netgear -- rbk852_firmware 3.2.17.12, RBK853 before 3.2.17.12, RBK854 8.3 23 29066 before 3.2.17.12, RBR850 before 3.2.17.12, and MISC RBS850 before 3.2.17.12. Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE- NETGEAR RBR850 devices before 3.2.10.11 are 2021-03- 2021- netgear -- rbr850_firmware 8.3 affected by authentication bypass. 23 29065 MISC

Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 CVE- before 3.2.17.12, RBR850 before 3.2.17.12, 2021-03- 2021- netgear -- rbw30_firmware 8.3 RBS850 before 3.2.17.12, RBK752 before 23 29067 3.2.17.12, RBK753 before 3.2.17.12, RBK753S MISC before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVE- A flaw was found in Privoxy in versions before 2021- 3.0.29. Memory leak in the show-status CGI 2021-03- privoxy -- privoxy 7.8 20210 handler when no filter files are configured can lead 25 MISC to a system crash. MISC

A flaw was found in Privoxy in versions before CVE- 3.0.29. Memory leaks when a response is buffered 2021-03- privoxy -- privoxy 7.8 2020- and the buffer limit is reached or Privoxy is 25 35502 running out of memory can lead to a system crash. Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

MISC MISC

CVE- A flaw was found in Privoxy in versions before 2021- 3.0.31. A memory leak that occurs when 2021-03- 20216 privoxy -- privoxy decompression fails unexpectedly may lead to a 7.8 25 MISC denial of service. The highest threat from this MISC vulnerability is to system availability. MISC

CVE- A flaw was found in Privoxy in versions before 2021- 3.0.29. Memory leaks in the show-status CGI 2021-03- privoxy -- privoxy 7.8 20215 handler when memory allocations fail can lead to a 25 MISC system crash. MISC

CVE- A flaw was found in Privoxy in versions before 2021- 2021-03- privoxy -- privoxy 3.0.29. Memory leak when client tags are active 7.8 20211 25 can cause a system crash. MISC MISC

CVE- A flaw was found in Privoxy in versions before 2021-03- privoxy -- privoxy 7.8 2021- 3.0.29. Memory leak if multiple filters are 25 20212 Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

executed and the last one is skipped due to a pcre MISC error leading to a system crash. MISC

A flaw was found in Privoxy in versions before CVE- 3.0.31. An assertion failure triggered by a crafted 2021-03- 2021- privoxy -- privoxy CGI request may lead to denial of service. The 7.8 25 20217 highest threat from this vulnerability is to system MISC availability.

CVE- A flaw was found in Privoxy in versions before 2021- 3.0.29. Memory leaks in the client-tags CGI 2021-03- privoxy -- privoxy 7.8 20214 handler when client tags are configured and 25 MISC memory allocations fail can lead to a system crash. MISC

An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow CVE- when decoding crafted YCbCr files because of 2021-03- 2021- python -- pillow 7.5 certain interpretation conflicts with LibTIFF in 19 25289 RGBA mode. NOTE: this issue exists because of MISC an incomplete fix for CVE-2020-35654.

A flaw was discovered in OpenShift Container CVE- redhat -- 2021-03- Platform 4 where, by default, users with access to 9 2019- openshift_container_platform 19 create pods also have the ability to schedule 10200 Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

workloads on master nodes. Pods with permission MISC to access the host network, running on master MISC nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high.

SOPlanning before 1.47 has Incorrect Access CVE- Control because certain secret key information, 2020- and the related authentication algorithm, is public. 2021-03- soplanning -- soplanning 7.5 13963 The key for admin is hardcoded in the installation 21 MISC code, and there is no key for publicsp (which is a MISC guest account).

ThinkSAAS before 3.38 contains a SQL injection CVE- vulnerability through 2020- 2021-03- thinksaas -- thinksaas app/topic/action/admin/topic.php via the title 7.5 35337 24 parameter, which allows remote attackers to MISC execute arbitrary SQL commands. MISC

The Config UI component of TIBCO Software CVE- Inc.'s TIBCO API Exchange Gateway and TIBCO 2021-03- tibco -- api_exchange_gateway 7.5 2021- API Exchange Gateway Distribution for TIBCO 23 23274 Silver Fabric contains a vulnerability that Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

theoretically allows an unauthenticated attacker CONFIRM with network access to execute a clickjacking CONFIRM attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.

The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows CVE- to insert malicious software. The 2021-03- 2021- tibco -- ftl affected component can be abused to execute the 7.2 23 28819 malicious software inserted by the attacker with CONFIRM the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.

An outbound read/write vulnerability exists in CVE- XPLATFORM that does not check offset input 2021-03- tobesoft -- xplatform 7.5 2020-7853 ranges, allowing out-of-range data to be read. An 24 MISC attacker can exploit arbitrary code execution.

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked CVE- files like _.htaccess_ or _malicious.php_. Besides 2021- that, _UploadedFileReferenceConverter_ 2021-03- 21355 typo3 -- typo3 transforming uploaded files into proper 7.5 23 CONFIRM FileReference domain model objects handles MISC possible file uploads for other extensions as well - MISC given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a CVE- remote attacker to execute arbitrary code only by 2021- manipulating the processed input stream. No user 21350 2021-03- xstream_project -- xstream is affected, who followed the recommendation to 7.5 MISC 23 setup XStream's security framework with a CONFIRM whitelist limited to the minimal required types. If MISC you rely on XStream's default blacklist of the MISC Security Framework, you will have to use at least version 1.4.16.

XStream is a Java library to serialize objects to CVE- XML and back again. In XStream before version 2021- 2021-03- xstream_project -- xstream 1.4.16, there is a vulnerability which may allow a 7.5 21347 23 remote attacker to load and execute arbitrary code MISC from a remote host only by manipulating the CONFIRM Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

processed input stream. No user is affected, who MISC followed the recommendation to setup XStream's MISC security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a CVE- remote attacker to load and execute arbitrary code 2021- from a remote host only by manipulating the 21346 2021-03- xstream_project -- xstream processed input stream. No user is affected, who 7.5 MISC 23 followed the recommendation to setup XStream's CONFIRM security framework with a whitelist limited to the MISC minimal required types. If you rely on XStream's MISC default blacklist of the Security Framework, you will have to use at least version 1.4.16.

XStream is a Java library to serialize objects to CVE- XML and back again. In XStream before version 2021- 1.4.16, there is a vulnerability which may allow a 21344 remote attacker to load and execute arbitrary code 2021-03- xstream_project -- xstream 7.5 MISC from a remote host only by manipulating the 23 CONFIRM processed input stream. No user is affected, who MISC followed the recommendation to setup XStream's MISC security framework with a whitelist limited to the Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a CVE- remote attacker to occupy a thread that consumes 2021- maximum CPU time and will never return. No user 21348 2021-03- xstream_project -- xstream is affected, who followed the recommendation to 7.8 MISC 23 setup XStream's security framework with a CONFIRM whitelist limited to the minimal required types. If MISC you rely on XStream's default blacklist of the MISC Security Framework, you will have to use at least version 1.4.16.

Medium Vulnerabilities CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- 2021- 27807 MLIST MLIST MLIST MLIST MLIST A carefully crafted PDF file can trigger an infinite loop while MLIST 2021- apache -- pdfbox loading the file. This issue affects Apache PDFBox version 4.3 MLIST 03-19 2.0.22 and prior 2.0.x versions. CONFI RM MLIST MLIST MLIST MLIST MLIST FEDOR A

CVE- A carefully crafted PDF file can trigger an OutOfMemory- 2021- 2021- apache -- pdfbox Exception while loading the file. This issue affects Apache 4.3 27906 03-19 PDFBox version 2.0.22 and prior 2.0.x versions. MLIST MLIST CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST CONFI RM MLIST FEDOR A

CVE- Cross Site Scripting (XSS) vulnerability in Aryanic HighMail 2021- 2020- aryanic -- high_cms (High CMS) versions 2020 and before allows remote attackers 4.3 03-26 23517 to inject arbitrary web script or HTML, via 'user' to LoginForm. MISC

Affected versions of Atlassian Jira Server and Data Center CVE- allow remote attackers to evade behind-the-firewall protection 2021- 2021- atlassian -- data_center 6.4 of app-linked resources via a Broken Authentication 03-22 26070 vulnerability in the `makeRequest` gadget resource. The MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1.

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to download temporary CVE- files and enumerate project keys via an Information Disclosure 2021- 2021- atlassian -- data_center vulnerability in the 5 03-22 26069 /rest/api/1.0/issues/{id}/ActionsAndOperations API endpoint. MISC The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0.

CVE- In Chris Walz bit before 1.0.5 on Windows, attackers can run 2021- 2021- bit_project -- bit 6.8 arbitrary code via a .exe file in a crafted repository. 03-21 28954 MISC

Loading a DLL through an Uncontrolled Search Path Element CVE- in the Bosch Configuration Manager installer up to and 2020- bosch -- including version 7.21.0078 potentially allows an attacker to 2021- 6.9 6788 configuration_manager execute arbitrary code on a victim's system. A prerequisite is 03-25 CONFI that the victim is tricked into placing a malicious DLL in the RM same directory where the installer is started from. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Loading a DLL through an Uncontrolled Search Path Element CVE- in Bosch IP Helper up to and including version 1.00.0008 2020- potentially allows an attacker to execute arbitrary code on a 2021- bosch -- ip_helper 6.9 6771 victim's system. A prerequisite is that the victim is tricked into 03-25 CONFI placing a malicious DLL in the same application directory as RM the portable IP Helper application.

Loading a DLL through an Uncontrolled Search Path Element CVE- in the Bosch Monitor Wall installer up to and including version 2020- 10.00.0164 potentially allows an attacker to execute arbitrary 2021- bosch -- monitor_wall 6.9 6789 code on a victim's system. A prerequisite is that the victim is 03-25 CONFI tricked into placing a malicious DLL in the same directory RM where the installer is started from.

Loading a DLL through an Uncontrolled Search Path Element CVE- in the Bosch Video Client installer up to and including version 2020- 1.7.6.079 potentially allows an attacker to execute arbitrary 2021- bosch -- video_client 6.9 6787 code on a victim's system. A prerequisite is that the victim is 03-25 CONFI tricked into placing a malicious DLL in the same directory RM where the installer is started from. bosch -- Loading a DLL through an Uncontrolled Search Path Element CVE- 2021- video_management_syste in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 6.9 2020- 03-25 m 10.0.0 and 9.0.0 and older potentially allows an attacker to 6785 CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

execute arbitrary code on a victim's system. This affects both CONFI the installer as well as the installed application. This also affects RM Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and CVE- including version 3.82.0055 for 3.82, up to and including 2020- bosch -- 2021- version 3.81.0064 for 3.81 and 3.71 and older potentially allows 6.9 6786 video_recording_manager 03-25 an attacker to execute arbitrary code on a victim's system. A CONFI prerequisite is that the victim is tricked into placing a malicious RM DLL in the same directory where the installer is started from.

Calling an executable through an Uncontrolled Search Path CVE- Element in the Bosch Video Streaming Gateway installer up to 2020- bosch -- and including version 6.45.10 potentially allows an attacker to 2021- 6.9 6790 video_streaming_gateway execute arbitrary code on a victim's system. A prerequisite is 03-25 CONFI that the victim is tricked into placing a malicious exe in the RM same directory where the installer is started from.

decompress_gunzip.c in BusyBox through 1.32.1 mishandles CVE- 2021- busybox -- busybox the error bit on the huft_build result pointer, with a resultant 5 2021- 03-19 invalid free or segmentation fault, via malformed gzip data. 28831 CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

MISC FEDOR A compassplus -- CVE- tranzware_e- /exec in TranzWare e-Commerce Payment Gateway (TWEC 2021- 2021- 5 commerce_payment_gate PG) before 3.1.27.5 had a vulnerability in its XML parser. 03-19 28110 way MISC compassplus -- CVE- index.jsp in TranzWare e-Commerce Payment Gateway tranzware_e- 2021- 2021- (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting 4.3 commerce_payment_gate 03-19 28126 (XSS) vulnerability way MISC

CVE- 2021- compassplus -- TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php 2021- 4.3 28109 tranzware_fimi reflected Cross-Site Scripting (XSS). 03-19 MISC MISC

An issue was discovered in Contiki through 3.0. When sending CVE- 2021- contiki-os -- contiki an ICMPv6 error message because of invalid extension header 5 2021- 03-24 options in an incoming IPv6 packet, there is an attempt to 28362 CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

remove the RPL extension headers. Because the packet length MISC and the extension header length are unchecked (with respect to MISC the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c.

CVE- 2020- This affects the package es6-crawler-detect before 3.1.3. No 28501 crawlerdetect_project -- 2021- limitation of user agent string length supplied to regex 5 CONFI crawlerdetect 03-22 operators. RM CONFI RM

CVE- Clansphere CMS 2011.4 allows unauthenticated reflected XSS 2021- 2021- csphere -- clansphere 4.3 via "language" parameter. 03-23 27310 MISC

Clansphere CMS 2011.4 allows unauthenticated reflected XSS 2021- CVE- csphere -- clansphere 4.3 via "module" parameter. 03-23 2021- CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

27309 MISC

CVE- doctor_appointment_syste Blind SQL injection in contactus.php in Doctor Appointment 2021- m_project -- 2021- System 1.0 allows an unauthenticated attacker to insert 5 27320 doctor_appointment_syste 03-24 malicious SQL queries via firstname parameter. MISC m MISC doctor_appointment_syste CVE- Blind SQL injection in contactus.php in Doctor Appointment m_project -- 2021- 2021- System 1.0 allows an unauthenticated attacker to insert 5 doctor_appointment_syste 03-24 27319 malicious SQL queries via email parameter. m MISC doctor_appointment_syste CVE- Blind SQL injection in contactus.php in doctor appointment m_project -- 2021- 2021- system 1.0 allows an unauthenticated attacker to insert 5 doctor_appointment_syste 03-24 27316 malicious SQL queries via lastname parameter. m MISC doctor_appointment_syste CVE- Blind SQL injection in contactus.php in Doctor Appointment m_project -- 2021- 2021- System 1.0 allows an unauthenticated attacker to insert 5 doctor_appointment_syste 03-24 27315 malicious SQL queries via the comment parameter. m MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Multiple buffer overflow vulnerabilities when parsing a CVE- specially crafted file in Esri ArcReader, ArcGIS Desktop, 2021- 2021- esri -- arcgis ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and 6.8 29097 03-25 earlier) allow an unauthenticated attacker to achieve arbitrary CONFI code execution in the context of the current user. RM

Multiple uninitialized pointer vulnerabilities when parsing a CVE- specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) 2021- 2021- esri -- arcgis allows an authenticated attacker with specialized permissions to 6 29095 03-25 achieve arbitrary code execution in the context of the service CONFI account. RM

Multiple uninitialized pointer vulnerabilities when parsing a CVE- specially crafted file in Esri ArcReader, ArcGIS Desktop, 2021- 2021- esri -- arcgis ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and 6.8 29098 03-25 earlier) allow an unauthenticated attacker to achieve arbitrary CONFI code execution in the context of the current user. RM

CVE- 2021- FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the 2021- ftapi -- ftapi 4.3 25277 alternative text hover box in the file submission component. 03-19 MISC MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows 2021- 2021- fudforum -- fudforum remote attackers to inject JavaScript via index.php in the 4.3 03-19 27520 "author" parameter. MISC

CVE- A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows 2021- 2021- fudforum -- fudforum remote attackers to inject JavaScript via index.php in the "srch" 4.3 03-19 27519 parameter. MISC

A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it CVE- possible to override environment variables leading to code 2021- execution on the GitHub Enterprise Server instance. To exploit 2021- 22864 github -- enterprise_server 6.5 this vulnerability, an attacker would need permission to create 03-23 MISC and build a GitHub Pages site on the GitHub Enterprise Server MISC instance. This vulnerability affected all versions of GitHub MISC Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- 2021- An issue has been discovered in GitLab CE/EE affecting all 22192 2021- gitlab -- gitlab versions starting from 13.2 allowing unauthorized authenticated 6.5 CONFI 03-24 users to execute arbitrary code on the server. RM MISC MISC

CVE- 2021- A vulnerability was discovered in GitLab versions before 12.2. 22179 2021- gitlab -- gitlab GitLab was vulnerable to a SSRF attack through the Outbound 5.5 CONFI 03-24 Requests feature. RM MISC MISC

CVE- 2021- An authorization issue in GitLab CE/EE version 9.4 and up 2021- 22186 gitlab -- gitlab allowed a group maintainer to modify group CI/CD variables 4 03-24 CONFI which should be restricted to group owners RM MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- 2021- An issue has been discovered in GitLab affecting all versions 22178 2021- gitlab -- gitlab starting from 13.2. Gitlab was vulnerable to SRRF attack 4 CONFI 03-24 through the Prometheus integration. RM MISC MISC

CVE- 2021- An issue has been discovered in GitLab affecting all versions 22176 2021- gitlab -- gitlab starting with 3.0.1. Improper access control allows demoted 4 CONFI 03-24 project members to access details on authored merge requests RM MISC MISC

CVE- 2021- An issue was identified in GitLab EE 13.4 or later which leaked 2021- 22169 gitlab -- gitlab 4 internal IP address via error messages. 03-24 CONFI RM MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- 2021- 28146 The team sync HTTP API in Grafana Enterprise 7.4.x before MISC 7.4.5 has an Incorrect Access Control issue. On Grafana MISC instances using an external authentication service, this 2021- CONFI grafana -- grafana 4 vulnerability allows any authenticated user to add external 03-22 RM groups to existing teams. This can be used to grant a user team MISC permissions that the user isn't supposed to have. MISC MISC CONFI RM

CVE- 2021- 28148 One of the usage insights HTTP API endpoints in Grafana MISC Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before MISC 7.4.5 is accessible without any authentication. This allows any 2021- CONFI grafana -- grafana 5 unauthenticated user to send an unlimited number of requests to 03-22 RM the endpoint, leading to a denial of service (DoS) attack against MISC a Grafana Enterprise instance. MISC MISC CONFI RM CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- HashiCorp Terraform Enterprise up to v202102-2 failed to 2021- hashicorp -- enforce an organization-level setting that required users within 2021- 4 3153 terraform_enterprise an organization to have two-factor authentication enabled. 03-26 CONFI Fixed in v202103-1. RM

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet CVE- Emulation Mode). By persuading an authenticated user to visit 2020- hidglobal -- a malicious Web site, a remote attacker could send a malformed 2021- 6.8 36283 omnikey_5427_firmware HTTP request to upload a configuration file to the device. An 03-24 MISC attacker could exploit this vulnerability to perform cross-site MISC scripting attacks, Web cache poisoning, and other malicious activities.

DaviewIndy has a Heap-based overflow vulnerability, triggered CVE- when the user opens a malformed ex.j2c format file that is 2021- 2020- hmtalk -- daviewindy 6.8 mishandled by Daview.exe. Attackers could exploit this and 03-24 7852 arbitrary code execution. MISC

CVE- A potential security vulnerability has been identified in HPE hpe -- 2021- 2021- Network Orchestrator (NetO) version(s): Prior to 2.5. The 5 network_orchestrator 03-22 26578 vulnerability could be remotely exploited with SQL injection. MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform CVE- specific operations to exploit the vulnerability on the affected huawei -- 2021- 2020- device. Due to improper resource management of the device, as 4.6 eudc660_firmware 03-22 9206 a result, the key file can be obtained and data can be decrypted, MISC affecting confidentiality, integrity, and availability of the device.

There is a denial of service vulnerability in Huawei products. A module cannot deal with specific messages correctly. Attackers CVE- can exploit this vulnerability by sending malicious messages to huawei -- 2021- 2021- an affected module. This can lead to denial of service. Affected 5 ips_module_firmware 03-22 22320 product include some versions of IPS Module, NGFW Module, MISC NIP6600, NIP6800, Secospace USG6300, Secospace USG6500 and Secospace USG6600.

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security CVE- hardening, the process can run with a higher privilege. 2021- 2021- huawei -- manageone 6.5 Successful exploit could allow certain users to do certain 03-22 22311 operations with improper permissions. Affected product MISC versions include: ManageOne versions 8.0.0, 8.0.1. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

There is a local privilege escalation vulnerability in some CVE- versions of ManageOne. A local authenticated attacker could 2021- 2021- huawei -- manageone perform specific operations to exploit this vulnerability. 4.6 03-22 22314 Successful exploitation may cause the attacker to obtain a MISC higher privilege and compromise the service.

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of CVE- the packets, an attacker may craft many specific packets. huawei -- 2021- 2020- Successful exploit may cause some services to be abnormal. 5 ngfw_module_firmware 03-22 9213 Affected products include some versions of NGFW Module, MISC NIP6300, NIP6600, NIP6800, Secospace USG6300, Secospace USG6500, Secospace USG6600 and SG9500.

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by CVE- huawei -- performing malicious operations. This can cause memory use- 2021- 2021- 5 nip6300_firmware after-free, compromising normal service. Affected product 03-22 22321 include some versions of NIP6300, NIP6600, NIP6800, S1700, MISC S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

There is a vulnerability in some version of USG9500 that the CVE- device improperly handles the information when a user logs in huawei -- 2021- 2020- to device. The attacker can exploit the vulnerability to perform 4 usg9500_firmware 03-22 9212 some operation and can get information and cause information MISC leak.

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to CVE- obtain sensitive message. This can lead to information leak. huawei -- 2021- 2021- Affected product versions include:USG9500 versions 5 usg9500_firmware 03-22 22309 V500R001C30SPC200, MISC V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.

CVE- 2020- IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM 5015 ibm -- Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a 2021- XF 5 elastic_storage_server remote attacker to cause a denial of service by sending 03-24 CONFI malformed UDP requests. IBM X-Force ID: 193486. RM CONFI RM CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- IBM Planning Analytics 2.0 could be vulnerable to a Server- 2020- Side Request Forgery (SSRF) attack by constucting URLs from 2021- 4882 ibm -- planning_analytics user-controlled data . This could enable attackers to make 5.8 03-22 XF arbitrary requests to the internal network or to the local file CONFI system. IBM X-Force ID: 190852. RM

CVE- 2020- IBM Resilient SOAR 40 and earlier could disclose sensitive 2021- 4635 ibm -- soar 5 information by allowing a user to enumerate usernames. 03-19 XF CONFI RM

CVE- A command injection on the /admin/broadcast.php script of invigo -- 2020- Invigo Automatic Device Management (ADM) through 5.0 2021- automatic_device_manag 6.5 10580 allows remote authenticated attackers to execute arbitrary PHP 03-25 ement CONFI code on the server as the user running the application. RM

A directory traversal on the /admin/sysmon.php script of Invigo invigo -- CVE- Automatic Device Management (ADM) through 5.0 allows 2021- automatic_device_manag 5 2020- remote attackers to list the content of arbitrary server directories 03-25 ement 10579 accessible to the user running the application. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CONFI RM

CVE- Multiple session validity check issues in several administration invigo -- 2020- functionalities of Invigo Automatic Device Management 2021- automatic_device_manag 5 10581 (ADM) through 5.0 allow remote attackers to read potentially 03-25 ement CONFI sensitive data hosted by the application. RM

CVE- A directory traversal on the /admin/search_by.php script of invigo -- 2020- Invigo Automatic Device Management (ADM) through 5.0 2021- automatic_device_manag 5 10584 allows remote attackers to read arbitrary server files accessible 03-25 ement CONFI to the user running the application. RM

Jellyfin is a Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will CVE- allow arbitrary file read from a Jellyfin server's file system. 2021- This issue is more prevalent when Windows is used as the host 21402 2021- jellyfin -- jellyfin OS. Servers that are exposed to the public Internet are 4 MISC 03-23 potentially at risk. This is fixed in version 10.7.1. As a MISC workaround, users may be able to restrict some access by CONFI enforcing strict security permissions on their filesystem, RM however, it is recommended to update as soon as possible. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

This affects the package killport before 1.0.2. If (attacker- CVE- controlled) user input is given, it is possible for an attacker to 2021- execute arbitrary commands. This is due to use of the 2021- 23360 killport_project -- killport 6.5 child_process exec function without input sanitization. Running 03-21 MISC this PoC will cause the command touch success to be executed, MISC leading to the creation of a file called success. MISC

CVE- 2021- 28834 Kramdown before 2.3.1 does not restrict Rouge formatters to kramdown_project -- 2021- MISC the Rouge::Formatters namespace, and thus arbitrary classes 6.8 kramdown 03-19 MISC can be instantiated. MISC FEDOR A

CVE- Stack overflow in the parse_tag function in libass/ass_parse.c in 2020- 2021- libass_project -- libass libass before 0.14.0 allows remote attackers to cause a denial of 6.8 24994 03-23 service or remote code execution via a crafted file. MISC MISC

An issue was discovered in the Linux kernel through 5.11.8. 2021- CVE- linux -- linux_kernel 4.6 The sound/soc/qcom/sdm845.c soundwire device driver has a 03-20 2021- CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

buffer overflow when an unexpected port ID number is 28952 encountered, aka CID-1c668e1c0a0f. (This has been fixed in MISC 5.12-rc4.) FEDOR A FEDOR A FEDOR A MISC

CVE- 2021- 28971 In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in MISC the Linux kernel through 5.11.8 on some Haswell CPUs, 2021- FEDOR linux -- linux_kernel userspace applications (such as perf-fuzzer) can cause a system 4.9 03-22 A crash because the PEBS status in a PEBS record is mishandled, FEDOR aka CID-d88d05a9e0b6. A FEDOR A

CVE- An issue was discovered in fs/io_uring.c in the Linux kernel 2021- 2021- linux -- linux_kernel through 5.11.8. It allows attackers to cause a denial of service 4.9 03-20 28951 (deadlock) because exit may be waiting to park a SQPOLL MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

thread, but concurrently that SQPOLL thread is waiting for a FEDOR signal to start, aka CID-3ebba796fa25. A FEDOR A FEDOR A

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf CVE- programs could use this gain out-of-bounds reads in kernel 2021- memory leading to information disclosure (kernel memory), 2021- 3444 linux -- linux_kernel 4.6 and possibly out-of-bounds writes that could potentially lead to 03-23 MLIST code execution. This issue was addressed in the upstream MISC kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling MISC for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.

CVE- lxml 4.6.2 allows XSS. It places the HTML action attribute into 2021- defs.link_attrs (in html/defs.py) for later use in input 2021- 28957 lxml -- lxml 4.3 sanitization, but does not do the same for the HTML5 03-21 MISC formaction attribute. MISC MLIST CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, CVE- low privileged, attacker through the use of junctions to cause 2020- mcafee -- 2021- the product to load DLLs of the attacker's choosing. This 4.6 7346 data_loss_prevention 03-23 requires the creation and removal of junctions by the attacker CONFI along with sending a specific IOTL command at the correct RM time.

CVE- Authentication Bypass Vulnerability in Micro Focus Access microfocus -- 2021- 2021- Manager Product, affects all version prior to version 4.5.3.3. 5 access_manager 03-25 22496 The vulnerability could cause information leakage. MISC

CVE- The unofficial C/C++ Advanced Lint extension before 1.9.0 for 2021- microsoft -- 2021- Visual Studio Code allows attackers to execute arbitrary 6.8 28953 c\/c\+\+_advanced_lint 03-21 binaries if the user opens a crafted repository. MISC MISC

MinIO is an open-source high performance object storage CVE- service and it is API compatible with Amazon S3 cloud storage 2021- 2021- minio -- minio service. In MinIO before version RELEASE.2021-03-17T02- 4.3 21390 03-19 33-02Z, there is a vulnerability which enables MITM MISC modification of request bodies that are meant to have integrity MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

guaranteed by chunk signatures. In a PUT request using aws- CONFI chunked encoding, MinIO ordinarily verifies signatures at the RM end of a chunk. This check can be skipped if the client sends a false chunk size that is much greater than the actual data sent: the server accepts and completes the request without ever reaching the end of the chunk + thereby without ever checking the chunk signature. This is fixed in version RELEASE.2021- 03-17T02-33-02Z. As a workaround one can avoid using "aws- chunked" encoding-based chunk signature upload requests instead use TLS. MinIO SDKs automatically disable chunked encoding signature when the server endpoint is configured with TLS.

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, CVE- 3.5 to 3.5.7 and earlier unsupported versions, where forum 2019- subscribe link contained an open redirect if forced subscription 2021- moodle -- moodle 5.8 14831 mode was enabled. If a forum's subscription mode was set to 03-19 MISC "forced subscription", the forum's subscribe link contained an MISC open redirect.

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, CVE- 3.5 to 3.5.7 and earlier unsupported versions, where the mobile 2019- 2021- moodle -- moodle launch endpoint contained an open redirect in some 5.8 14830 03-19 circumstances, which could result in a user's mobile access MISC token being exposed. (Note: This does not affect sites with a MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app").

A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 CVE- to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where 2021- 2019- moodle -- moodle users with the capability to create courses were assigned as a 4 03-19 14828 teacher in those courses, regardless of whether they had the MISC capability to be automatically assigned that role.

CVE- A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 2019- to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where 2021- moodle -- moodle 4 14829 activity creation capabilities were not correctly respected when 03-19 MISC selecting the activity to use for a course in single activity mode. MISC

CVE- Cloud Manager versions prior to 3.9.4 contain an insecure 2021- 2021- netapp -- cloud_manager Cross-Origin Resource Sharing (CORS) policy which could 5 03-19 26991 allow a remote attacker to interact with Cloud Manager. MISC

Cloud Manager versions prior to 3.9.4 are susceptible to a 2021- CVE- netapp -- cloud_manager vulnerability which could allow a remote attacker to cause a 5 03-19 2021- Denial of Service (DoS). CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

26992 MISC

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before CVE- 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, 2021- 2021- netgear -- r6700_firmware 6.5 RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 03-23 29068 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before MISC 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, CVE- netgear -- MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P 2021- 2021- 5.2 r8000p_firmware before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 03-23 29073 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, MISC RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Certain NETGEAR devices are affected by command injection CVE- by an authenticated user. This affects RBK852 before netgear -- 2021- 2021- 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 5.2 rbk852_firmware 03-23 29072 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before MISC 3.2.17.12.

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before CVE- 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before netgear -- 2021- 2021- 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, 5.2 rbk852_firmware 03-23 29071 RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S MISC before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Certain NETGEAR devices are affected by command injection CVE- by an authenticated user. This affects RBK852 before netgear -- 2021- 2021- 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 5.2 rbk852_firmware 03-23 29070 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before MISC 3.2.17.12.

Certain NETGEAR devices are affected by command injection CVE- netgear -- by an unauthenticated attacker. This affects RBK852 before 2021- 2021- 5.8 rbk852_firmware 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 03-23 29078 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR854 before 3.2.10.11, CVE- RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 netgear -- 2021- 2021- before 2.5.0.10, R7000 before 1.0.11.116, R6900P before 4.8 rbk852_firmware 03-23 29080 1.3.2.126, R7900 before 1.0.4.38, R7960P before 1.4.1.66, MISC R8000 before 1.0.4.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and R7000P before 1.3.2.126.

Certain NETGEAR devices are affected by command injection CVE- by an unauthenticated attacker. This affects RBK852 before netgear -- 2021- 2021- 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 5.8 rbk852_firmware 03-23 29076 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before MISC 3.2.17.12.

CVE- Certain NETGEAR devices are affected by command injection netgear -- 2021- 2021- by an unauthenticated attacker. This affects RBK852 before 5.8 rbk852_firmware 03-23 29079 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBW30 before 2.6.2.2, RBS40V before 2.6.2.4, RBK852 before 3.2.17.12, CVE- netgear -- RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 2021- 2021- 5.8 rbw30_firmware before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 03-23 29077 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before MISC 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, CVE- netgear -- RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 2021- 2021- 5.2 rbw30_firmware before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 03-23 29075 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before MISC 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Certain NETGEAR devices are affected by a stack-based buffer netgear -- 2021- CVE- overflow by an unauthenticated attacker. This affects RBW30 5.8 rbw30_firmware 03-23 2021- before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, 29081 RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 MISC before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, CVE- netgear -- RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 2021- 2021- 5.2 rbw30_firmware before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 03-23 29074 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before MISC 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

CVE- Certain NETGEAR devices are affected by command injection 2021- 2021- netgear -- xr450_firmware by an authenticated user. This affects XR450 before 2.3.2.114, 5.2 03-23 29069 XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76. MISC

CVE- The package hosted-git-info before 3.0.8 are vulnerable to 2021- 2021- npmjs -- hosted-git-info Denial of Service (ReDoS) via 5 03-23 23362 shortcutMatch in fromUrl(). MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

MISC MISC

CVE- In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to 2021- Improper Access Control when creating a new user, which 2021- open-emr -- openemr 5.5 25920 leads to a malicious user able to read and send sensitive 03-22 MISC messages on behalf of the victim user. MISC

CVE- In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to 2021- Reflected Cross-Site-Scripting (XSS) due to user input not 2021- open-emr -- openemr 4.3 25922 being validated properly. An attacker could trick a user to click 03-22 MISC on a malicious url and execute malicious code. MISC

CVE- OMERO.web is open source Django-based software for 2021- managing microscopy imaging. OMERO.web before version 21377 5.9.0 supports redirection to a given URL after performing MISC openmicroscopy -- login or switching the group context. These URLs are not 2021- 4.9 MISC omero.web validated, allowing redirection to untrusted sites. OMERO.web 03-23 CONFI 5.9.0 adds URL validation before redirecting. External URLs RM are not considered valid, unless specified in the MISC omero.web.redirect_allowed_hosts setting. MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- OMERO.web is open source Django-based software for 2021- managing microscopy imaging. OMERO.web before version 21376 5.9.0 loads various information about the current user such as MISC openmicroscopy -- their id, name and the groups they are in, and these are 2021- 5 MISC omero.web available on the main webclient pages. This represents an 03-23 CONFI information exposure vulnerability. Some additional RM information being loaded is not used by the webclient and is MISC being removed in this release. This is fixed in version 5.9.0. MISC

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in CVE- the DDNS package for OpenWrt 19.07 allows remote 2021- 2021- openwrt -- openwrt 6.5 authenticated users to inject arbitrary commands via POST 03-21 28961 requests. MISC

Agents are able to see linked FAQ articles without permissions CVE- (defined in FAQ Category). This issue affects: FAQ version 2021- 2021- -- faq 4 6.0.29 and prior versions, OTRS version 7.0.24 and prior 03-22 21438 versions. MISC

Agents are able to see linked Config Items without permissions, CVE- otrs -- which are defined in General Catalog. This issue affects: 2021- 2021- itsmconfigurationmanage 4 OTRSCIsInCustomerFrontend 7.0.15 and prior versions, 03-22 21437 ment ITSMConfigurationManagement 7.0.24 and prior versions MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps CVE- the inherited ACL. In the default configuration, this allows a 2019- 2021- postgresql -- postgresql local attacker to read arbitrary data directory files, essentially 4.1 10128 03-19 bypassing database-imposed read access limitations. In MISC plausible non-default configurations, an attacker having both an MISC unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In CVE- the default configuration, an attacker having both an 2019- unprivileged Windows account and an unprivileged 2021- postgresql -- postgresql 4.3 10127 PostgreSQL account can cause the PostgreSQL service account 03-19 MISC to execute arbitrary code. An attacker having only the MISC unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- 2020- ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c 2021- projectacrn -- acrn 5 28346 NULL Pointer Dereference. 03-26 MISC MISC

go-ipfs is an open-source golang implementation of IPFS which CVE- is a global, versioned, peer-to-peer filesystem. In go-ipfs before 2020- version 0.8.0-rc1, it is possible for path traversal to occur with 26279 2021- protocol -- go-ipfs DAGs containing relative paths during retrieval. This can cause 5.5 MISC 03-24 files to be overwritten, or written to incorrect output directories. CONFI The issue can only occur when a get is done on an affected RM DAG. This is fixed in version 0.8.0-rc1. MISC

CVE- go-ipfs is an open-source golang implementation of IPFS which 2020- is a global, versioned, peer-to-peer filesystem. In go-ipfs before 26283 version 0.8.0, control characters are not escaped from console 2021- protocol -- go-ipfs 6.5 MISC output. This can result in hiding input from the user which 03-24 MISC could result in the user taking an unknown, malicious action. CONFI This is fixed in version 0.8.0. RM

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 2021- CVE- pygments -- pygments 5 may lead to denial of service when performing syntax 03-23 2021- CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

highlighting of a Standard ML (SML) source file, as 20270 demonstrated by input that only contains the "exception" MISC keyword.

CVE- An issue was discovered in Pillow before 8.1.1. In 2021- 2021- python -- pillow TiffDecode.c, there is a negative-offset memcpy with an invalid 5 03-19 25290 size. MISC

CVE- An issue was discovered in Pillow before 8.1.1. In 2021- 2021- python -- pillow TiffDecode.c, there is an out-of-bounds read in 5 03-19 25291 TiffreadRGBATile via invalid tile boundaries. MISC

CVE- An issue was discovered in Pillow before 8.1.1. There is an out- 2021- 2021- python -- pillow 5 of-bounds read in SGIRleDecode.c. 03-19 25293 MISC

CVE- An issue was discovered in Pillow before 8.1.1. The PDF parser 2021- 2021- python -- pillow allows a regular expression DoS (ReDoS) attack via a crafted 4.3 03-19 25292 PDF file because of a catastrophic backtracking regex. MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

A flaw was found in Undertow when using Remoting as CVE- shipped in Red Hat Jboss EAP before version 7.2.4. A memory 2019- leak in HttpOpenListener due to holding remote connections 2021- redhat -- jboss-remoting 5 19343 indefinitely may lead to denial of service. Versions before 03-23 MISC undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are MISC believed to be vulnerable.

A flaw was found in keycloak. The new account console in CVE- keycloak can allow malicious code to be executed using the 2021- 2021- redhat -- keycloak 5.1 referrer URL. The highest threat from this vulnerability is to 03-23 20222 data confidentiality and integrity as well as system availability. MISC

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform CVE- doesn't sufficiently protect the GlusterFS StorageClass against 2021- 2019- redhat -- openshift leaking of the restuserkey. An attacker with basic-user 6.5 03-19 10225 permissions is able to obtain the value of restuserkey, and use it MISC to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

CVE- redhat -- An insecure modification vulnerability in the /etc/passwd file 2021- 2019- openshift_container_platf was found in the operator-framework/hive as shipped in Red 6.9 03-24 19353 orm Hat Openshift 4. An attacker with access to the container could MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

use this flaw to modify /etc/passwd and escalate their MISC privileges. MISC

An insecure modification vulnerability in the /etc/passwd file CVE- redhat -- was found in the operator-framework/presto as shipped in Red 2019- 2021- openshift_container_platf Hat Openshift 4. An attacker with access to the container could 4.4 19352 03-24 orm use this flaw to modify /etc/passwd and escalate their MISC privileges. MISC

CVE- Revive Adserver before v5.2.0 is vulnerable to a reflected XSS 2021- vulnerability in the `status` parameter of campaign-zone- revive-adserver -- 2021- 22888 zones.php. An attacker could trick a user with access to the user 4.3 revive_adserver 03-25 MISC interface of a Revive Adserver instance into clicking on a MISC specifically crafted URL and execute injected JavaScript code. MISC

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS CVE- vulnerability in the `statsBreakdown` parameter of stats.php 2021- (and possibly other scripts) due to single quotes not being revive-adserver -- 2021- 22889 escaped. An attacker could trick a user with access to the user 4.3 revive_adserver 03-25 MISC interface of a Revive Adserver instance into clicking on a MISC specifically crafted URL and pressing a certain key MISC combination to execute injected JavaScript code. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- When a user opens manipulated Windows Bitmap (.BMP) files sap -- 2021- received from untrusted sources in SAP 3D Visual Enterprise 2021- 3d_visual_enterprise_vie 4.3 27594 Viewer, the application crashes and becomes temporarily 03-22 wer MISC unavailable to the user until restart of the application. MISC

When a user opens manipulated Autodesk 3D Studio for MS- CVE- sap -- DOS (.3DS) files received from untrusted sources in SAP 3D 2021- 2021- 3d_visual_enterprise_vie Visual Enterprise Viewer, the application crashes and becomes 4.3 27596 03-22 wer temporarily unavailable to the user until restart of the MISC application. MISC

When a user opens manipulated Portable Document Format CVE- sap -- (.PDF) files received from untrusted sources in SAP 3D Visual 2021- 2021- 3d_visual_enterprise_vie Enterprise Viewer, the application crashes and becomes 4.3 27595 03-22 wer temporarily unavailable to the user until restart of the MISC application. MISC

When a user opens manipulated Graphics Interchange Format CVE- sap -- (.GIF) files received from untrusted sources in SAP 3D Visual 2021- 2021- 3d_visual_enterprise_vie Enterprise Viewer, the application crashes and becomes 4.3 27593 03-22 wer temporarily unavailable to the user until restart of the MISC application. MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial- CVE- of-service attack where some input (for example 2021- `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. 21267 schema-inspector_project 0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web 2021- 5 MISC -- schema-inspector browser page executing the code. This affects any current 03-19 CONFI schema-inspector users using any version to validate email RM addresses. Users who do not do email validation, and instead do MISC other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS.

CVE- shescape is a simple shell escape package for JavaScript. In 2021- shescape before version 1.1.3, anyone using _Shescape_ to 21384 defend against shell injection may still be vulnerable against shescape_project -- 2021- MISC shell injection if the attacker manages to insert a into the 4.4 shescape 03-19 MISC payload. For an example see the referenced GitHub Security CONFI Advisory. The problem has been patched in version 1.1.3. No RM further changes are required. MISC

Shibboleth Service Provider before 3.2.1 allows content CVE- shibboleth -- 2021- injection because template generation uses attacker-controlled 5 2021- service_provider 03-22 parameters. 28963 CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

MISC MISC MISC MISC MISC

CVE- 2021- A malicious website could execute code remotely in Sophos 2021- 25265 sophos -- connect 6.8 Connect Client before version 2.1. 03-22 MISC CONFI RM

spxmanage on certain SpinetiX devices allows requests that CVE- access unintended resources because of SSRF and Path 2020- 2021- spinetix -- dsos Traversal. This affects HMP350, HMP300, and DiVA through 4 15809 03-24 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2- MISC 1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd. MISC

An issue was discovered in Squid through 4.13 and 5.x through CVE- 5.0.4. Due to improper input validation, it allows a trusted 2020- 2021- squid-cache -- squid client to perform HTTP Request Smuggling and access services 5 25097 03-19 otherwise forbidden by the security controls. This occurs for MISC certain uri_whitespace configuration settings. MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

MISC DEBIA N

CVE- 2021- The ClamAV Engine (Version 0.103.1 and below) embedded in stormshield -- 2021- 27506 Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS 4.3 network_security 03-19 CONFI in case of parsing of malformed png files. RM MISC

The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the CVE- Windows operating system to insert malicious software. The 2021- affected component can be abused to execute the malicious 2021- tibco -- rendezvous 4.6 28817 software inserted by the attacker with the elevated privileges of 03-23 CONFI the component. This vulnerability results from a lack of access RM restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions 8.5.1 and below and TIBCO Rendezvous Developer Edition: versions 8.5.1 and below. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

CVE- 2021- 28089 Tor before 0.4.5.7 allows a remote participant in the Tor 2021- CONFI torproject -- tor directory protocol to exhaust CPU resources on a target, aka 5 03-19 RM TROVE-2021-001. MISC FEDOR A

CVE- 2021- 28090 CONFI Tor before 0.4.5.7 allows a remote attacker to cause Tor 2021- RM torproject -- tor directory authorities to exit with an assertion failure, aka 5 03-19 CONFI TROVE-2021-002. RM MISC FEDOR A

TYPO3 is an open source PHP based web content management CVE- system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 2021- 2021- typo3 -- typo3 requesting invalid or non-existing resources via HTTP triggers 5 21359 03-23 the page error handler which again could retrieve content to be CONFI shown as error message from another page. This leads to a RM CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

scenario in which the application is calling itself recursively - MISC amplifying the impact of the initial attack until the limits of the MISC web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, CVE- 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in 2021- cleartext - without processing of additional cryptographic 21339 2021- typo3 -- typo3 hashing algorithms. This vulnerability cannot be exploited 5 CONFI 03-23 directly and occurs in combination with a chained attack - like RM for instance SQL injection in any other component of the MISC system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, MISC 10.4.14, 11.1.1.

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, CVE- 11.1.1 due to improper input validation, attackers can by-pass 2021- restrictions of predefined options and submit arbitrary data in 21357 the Form Designer backend module of the Form Framework. In 2021- typo3 -- typo3 6.5 CONFI the default configuration of the Form Framework this allows 03-23 RM attackers to explicitly allow arbitrary mime-types for file MISC uploads - however, default _fileDenyPattern_ successfully MISC blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.

TYPO3 is an open source PHP based web content management CVE- system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 2021- 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login 21338 Handling is susceptible to open redirection which allows 2021- typo3 -- typo3 5.8 CONFI attackers redirecting to arbitrary content, and conducting 03-23 RM phishing attacks. No authentication is required in order to MISC exploit this vulnerability. This is fixed in versions 6.2.57, MISC 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

CVE- The appstore before 8.12.0.0 exposes some of its components, 2020- 2021- vivo -- appstore and the attacker can cause remote download and install apps 5.8 12483 03-23 through carefully constructed parameters. CONFI RM

CVE- The iOS and macOS apps before 1.4.1 for the Western Digital westerndigital -- 2021- 2021- G-Technology ArmorLock NVMe SSD store keys insecurely. 4 armorlock 03-19 28653 They choose a non-preferred storage mechanism if the device MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

has Secure Enclave support but lacks biometric authentication hardware.

Wrongthink peer-to-peer, end-to-end encrypted messenger with PeerJS and Axolotl ratchet. In wrongthink from version 2.0.0 and before 2.3.0 there was a set of vulnerabilities causing inadequate encryption strength. Part of the secret identity key CVE- was disclosed by the fingerprint used for connection. 2021- Additionally, the safety number was improperly calculated. It 2021- wrongthink -- wrongthink 5 21387 was computed using part of one of the public identity keys 03-19 CONFI instead of being derived from both public identity keys. This RM caused issues in computing safety numbers which would potentially be exploitable in the real world. Additionally there was inadequate encryption strength due to use of 1024-bit DSA keys. These issues are all fixed in version 2.3.0.

XStream is a Java library to serialize objects to XML and back CVE- again. In XStream before version 1.4.16, there is a vulnerability 2021- which may allow a remote attacker who has sufficient rights to 21345 execute commands of the host only by manipulating the xstream_project -- 2021- MISC processed input stream. No user is affected, who followed the 6.5 xstream 03-23 CONFI recommendation to setup XStream's security framework with a RM whitelist limited to the minimal required types. If you rely on MISC XStream's default blacklist of the Security Framework, you will MISC have to use at least version 1.4.16. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type CVE- information to recreate the formerly written objects. XStream 2021- creates therefore new instances based on these type 21342 xstream_project -- information. An attacker can manipulate the processed input 2021- MISC 6.4 xstream stream and replace or inject objects, that result in a server-side 03-23 CONFI forgery request. No user is affected, who followed the RM recommendation to setup XStream's security framework with a MISC whitelist limited to the minimal required types. If you rely on MISC XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability CVE- which may allow a remote attacker to allocate 100% CPU time 2021- on the target system depending on CPU type or parallel 21341 xstream_project -- execution of such a payload resulting in a denial of service only 2021- MISC 5 xstream by manipulating the processed input stream. No user is affected 03-23 CONFI who followed the recommendation to setup XStream's security RM framework with a whitelist limited to the minimal required MISC types. If you rely on XStream's default blacklist of the Security MISC Framework, you will have to use at least version 1.4.16. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type CVE- information to recreate the formerly written objects. XStream 2021- creates therefore new instances based on these type 21343 xstream_project -- information. An attacker can manipulate the processed input 2021- MISC 5 xstream stream and replace or inject objects, that result in the deletion of 03-23 CONFI a file on the local host. No user is affected, who followed the RM recommendation to setup XStream's security framework with a MISC whitelist limited to the minimal required types. If you rely on MISC XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.

XStream is a Java library to serialize objects to XML and back CVE- again. In XStream before version 1.4.16, there is a vulnerability 2021- may allow a remote attacker to load and execute arbitrary code 21351 from a remote host only by manipulating the processed input xstream_project -- 2021- MISC stream. No user is affected, who followed the recommendation 6.5 xstream 03-23 CONFI to setup XStream's security framework with a whitelist limited RM to the minimal required types. If you rely on XStream's default MISC blacklist of the Security Framework, you will have to use at MISC least version 1.4.16. xstream_project -- XStream is a Java library to serialize objects to XML and back 2021- CVE- 5 xstream again. In XStream before version 1.4.16, there is a vulnerability 03-23 2021- CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

which may allow a remote attacker to request data from internal 21349 resources that are not publicly available only by manipulating MISC the processed input stream. No user is affected, who followed CONFI the recommendation to setup XStream's security framework RM with a whitelist limited to the minimal required types. If you MISC rely on XStream's default blacklist of the Security Framework, MISC you will have to use at least version 1.4.16.

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API CVE- installed), the Rating Script Service expose an API to perform 2021- SQL requests without escaping the from and where search 2021- 21380 xwiki -- xwiki 6.5 arguments. This might lead to an SQL script injection quite 03-23 CONFI easily for any user having Script rights on XWiki. The problem RM has been patched in XWiki 12.9RC1. The only workaround MISC besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.

Zen Cart 1.5.6d allows reflected XSS via the main_page CVE- parameter to 2020- includes/templates/template_default/common/tpl_main_page.ph 2021- zen-cart -- zen_cart 4.3 6578 p or 03-19 MISC includes/templates/responsive_classic/common/tpl_main_page. MISC php. CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer CVE- dereferencing issue related to sqlcipher_export in crypto.c and 2021- sqlite3StrICmp in sqlite3.c. This may allow an attacker to 2021- zetetic -- sqlcipher 5 3119 perform a remote denial of service attack. For example, an SQL 03-25 MISC injection can be used to execute the crafted SQL command MISC sequence, which causes a segmentation fault.

Low Vulnerabilities

CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

CVE- A cross-site scripting (XSS) vulnerability in the admin login panel in 4homepages -- 2021- 2021- 4images version 1.8 allows remote attackers to inject JavaScript via the 3.5 4images 03-22 27308 "redirect" parameter. MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

In all versions prior to Mautic 3.3.2, secret parameters such as database CVE- credentials could be exposed publicly by an authorized admin user through acquia -- 2021- 2021- leveraging Symfony parameter syntax in any of the free text fields in 2.1 mautic 03-23 27908 Mautic’s configuration that are used in publicly facing parts of the MISC application.

CVE- A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 bitweaver -- 2021- 2021- allows remote attackers to inject JavaScript via the 3.5 bitweaver 03-24 29029 /users/edit_personal_page.php URI. MISC

CVE- A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 bitweaver -- 2021- 2021- allows remote attackers to inject JavaScript via the 3.5 bitweaver 03-24 29028 /users/admin/user_activity.php URI. MISC

CVE- bitweaver -- A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 2021- 2021- 3.5 bitweaver allows remote attackers to inject JavaScript via the /users/index.php URI. 03-24 29027 MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

CVE- A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 bitweaver -- 2021- 2021- allows remote attackers to inject JavaScript via the 3.5 bitweaver 03-24 29026 /users/admin/permissions.php URI. MISC

CVE- A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 bitweaver -- 2021- 2021- allows remote attackers to inject JavaScript via the /users/my_images.php 3.5 bitweaver 03-24 29025 URI. MISC

CVE- A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 bitweaver -- 2021- 2021- allows remote attackers to inject JavaScript via the 3.5 bitweaver 03-24 29031 /users/admin/users_import.php URI. MISC

CVE- A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 bitweaver -- 2021- 2021- allows remote attackers to inject JavaScript via the /users/preferences.php 3.5 bitweaver 03-24 29032 URI. MISC

A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 bitweaver -- 2021- CVE- allows remote attackers to inject JavaScript via the 3.5 bitweaver 03-24 2021- /users/admin/edit_group.php URI. CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

29033 MISC

CVE- A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 bitweaver -- 2021- 2021- allows remote attackers to inject JavaScript via the /users/admin/index.php 3.5 bitweaver 03-24 29030 URI. MISC

CVE- 2021- 27969 boonex -- Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder 2021- 3.5 MISC dolphin_cms "width" parameter. 03-23 MISC MISC MISC

CVE- Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote 2020- craftcms -- 2021- attackers to inject arbitrary web script or HTML, via 3.5 19626 craft_cms 03-26 /admin/settings/sites/new. MISC MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. CVE- duo -- If successful, an attacker can manipulate files used by Duo Authentication 2021- 2021- authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or 3.6 03-25 1492 _proxy replace system files to potentially achieve elevation of privileges. This is CISCO only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue.

CVE- dynpg -- A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows 2021- 2021- 3.5 dynpg remote attackers to inject JavaScript via the "page" parameter. 03-23 27526 MISC

CVE- dynpg -- A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows 2021- 2021- 3.5 dynpg remote attackers to inject JavaScript via the "query" parameter. 03-23 27531 MISC

CVE- dynpg -- A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows 2021- 2021- 3.5 dynpg remote attackers to inject JavaScript via the "valueID" parameter. 03-23 27527 MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

CVE- dynpg -- A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows 2021- 2021- 3.5 dynpg remote attackers to inject JavaScript via the "refID" parameter. 03-23 27528 MISC

CVE- dynpg -- A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow 2021- 2021- 3.5 dynpg remote attacker to inject javascript via URI in /index.php. 03-23 27530 MISC

CVE- dynpg -- A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows 2021- 2021- 3.5 dynpg remote attackers to inject JavaScript via the "limit" parameter. 03-23 27529 MISC

CVE- 2021- FTAPI 4.0 through 4.10 allows XSS via an SVG document to the 2021- ftapi -- ftapi 3.5 25278 Background Image upload feature in the Submit Box Template Editor. 03-19 MISC MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

CVE- 2021- An issue has been discovered in GitLab affecting all versions starting with 22193 2021- gitlab -- gitlab 7.1. A member of a private group was able to validate the use of a specific 3.5 CONFI 03-24 name for private project. RM MISC MISC

CVE- 2021- Insufficient input sanitization in wikis in GitLab version 13.8 and up 22185 2021- gitlab -- gitlab allows an attacker to exploit a stored cross-site scripting vulnerability via a 3.5 CONFI 03-24 specially-crafted commit to a wiki RM MISC MISC

CVE- An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in 2021- 2021- gnu -- punbb the [email] BBcode tag allows (with authentication) injecting arbitrary 3.5 03-22 28968 JavaScript into any forum message. MISC

The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x CVE- grafana -- 2021- before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. 3.5 2021- grafana 03-22 On Grafana instances using an external authentication service and having 28147 CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

the EditorsCanAdmin feature enabled, this vulnerability allows any MISC authenticated user to add external groups to any existing team. This can be MISC used to grant a user team permissions that the user isn't supposed to have. CONFI RM MISC MISC MISC MISC

CVE- 2021- Lack of verification in haserl, a component of Alpine Linux Configuration 29133 haserl_project 2021- Framework, before 0.9.36 allows local users to read the contents of any file 2.1 MISC -- haserl 03-24 on the filesystem. MISC MISC MISC

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. CVE- huawei -- Successful exploit may cause an information leak. Affected product 2021- 2021- nip6300_firm 2.1 versions include: NIP6300 versions 03-22 22310 ware V500R001C00,V500R001C20,V500R001C30;NIP6600 versions MISC V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001 C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.

A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to CVE- libtpms_projec the returned IV (initialization vector) when certain symmetric ciphers were 2021- 2021- 2.1 t -- libtpms used. Instead of returning the last IV it returned the initial IV to the caller, 03-25 3446 thus weakening the subsequent encryption and decryption steps. The MISC highest threat from this vulnerability is to data confidentiality.

A denial of service vulnerability was found in n_tty_receive_char_special CVE- in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a linux -- 2021- 2021- normal user privilege could delay the loop (due to a changing ldata- 2.1 linux_kernel 03-23 20219 >read_head, and a missing sanity check) and cause a threat to the system MISC availability.

An issue was discovered in the Linux kernel before 5.11.8. CVE- kernel/bpf/verifier.c has an off-by-one error (with a resultant integer 2020- linux -- 2021- underflow) affecting out-of-bounds speculation on pointer arithmetic, 2.1 27171 linux_kernel 03-20 leading to side-channel attacks that defeat Spectre mitigations and obtain MLIST sensitive information from kernel memory, aka CID-10d2bb2e6b1d. MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

MISC FEDOR A FEDOR A FEDOR A MISC

CVE- 2021- 28950 An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before MISC linux -- 2021- 5.11.8. A "stall on CPU" can occur because a retry loop continually finds 2.1 MISC linux_kernel 03-20 the same bad inode, aka CID-775c5033a0d1. FEDOR A FEDOR A

An issue was discovered in the Linux kernel before 5.11.8. CVE- kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on 2020- linux -- pointer arithmetic, leading to side-channel attacks that defeat Spectre 2021- 27170 2.1 linux_kernel mitigations and obtain sensitive information from kernel memory, aka 03-20 MLIST CID-f232326f6966. This affects pointer types that do not define a MISC ptr_limit. MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

FEDOR A FEDOR A FEDOR A MISC

CVE- 2021- 28964 A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the MISC linux -- Linux kernel through 5.11.8. It allows attackers to cause a denial of service 2021- FEDOR 1.9 linux_kernel (BUG) because of a lack of locking on an extent buffer before a cloning 03-22 A operation, aka CID-dbcc7d57bffc. FEDOR A FEDOR A

In Netflix OSS Hollow, since the Files.exists(parent) is run before creating CVE- netflix -- the directories, an attacker can pre-create these directories with wide 2021- 2021- 3.6 hollow permissions. Additionally, since an insecure source of randomness is used, 03-23 28099 the file names to be created can be deterministically calculated. MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

CVE- Priam uses File.createTempFile, which gives the permissions on that file - 2021- 2021- netflix -- priam rw-r--r--. An attacker with read access to the local filesystem can read 2.1 03-23 28100 anything written there by the Priam process. MISC

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 before 2.6.1.4, RBS40V before 2.6.1.4, CVE- netgear -- RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 2021- 2021- rbw30_firmwa 3.2.15.25, RBK754 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 3.3 03-23 29082 re before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, MISC RBK854 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.

CVE- In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site- 2021- open-emr -- Scripting (XSS) due to user input not being validated properly. A highly 2021- 3.5 25919 openemr privileged attacker could inject arbitrary code into input fields when 03-22 MISC creating a new user. MISC

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site- CVE- Scripting (XSS) due to user input not being validated properly and 2021- open-emr -- 2021- rendered in the TOTP Authentication method page. A highly privileged 3.5 25918 openemr 03-22 attacker could inject arbitrary code into input fields when creating a new MISC user. MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

CVE- In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross- 2021- open-emr -- Site-Scripting (XSS) due to user input not being validated properly in the 2021- 3.5 25921 openemr `Allergies` section. An attacker could lure an admin to enter a malicious 03-22 MISC payload and by that initiate the exploit. MISC

In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site- CVE- Scripting (XSS) due to user input not being validated properly and 2021- open-emr -- 2021- rendered in the U2F USB Device authentication method page. A highly 3.5 25917 openemr 03-22 privileged attacker could inject arbitrary code into input fields when MISC creating a new user. MISC

CVE- ovation -- 2021- Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the 2021- dynamic_conte 3.5 3327 post_title parameter. 03-19 nt MISC MISC

CVE- A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists 2021- 2021- plone -- plone 3.5 in site-controlpanel via the "form.widgets.site_title" parameter. 03-24 29002 MISC CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

CVE- A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote seopanel -- 2021- 2021- attackers to inject JavaScript via archive.php in the "report_type" 3.5 seo_panel 03-25 29010 parameter. MISC

CVE- seopanel -- A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote 2021- 2021- 3.5 seo_panel attackers to inject JavaScript via archive.php in the "type" parameter. 03-25 29009 MISC

CVE- A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote seopanel -- 2021- 2021- attackers to inject JavaScript via webmaster-tools.php in the "to_time" 3.5 seo_panel 03-25 29008 parameter. MISC

A flaw was found in SQLite's SELECT query functionality (src/select.c). CVE- This flaw allows an attacker who is capable of running SQL queries locally 2021- 2021- sqlite -- sqlite on the SQLite database to cause a denial of service or possible code 2.1 20227 03-23 execution by triggering a use-after-free. The highest threat from this MISC vulnerability is to system availability. MISC tenable -- Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently 2021- CVE- 2.1 nessus_agent capture the IAM role security token on the local host during initial linking 03-19 2021- CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

of the Nessus Agent when installed on an Amazon EC2 instance. This 20077 could allow a privileged attacker to obtain the token. MISC

TYPO3 is an open source PHP based web content management system. In CVE- TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been 2021- discovered that content elements of type _menu_ are vulnerable to cross- 21370 2021- typo3 -- typo3 site scripting when their referenced items get previewed in the page 3.5 CONFI 03-23 module. A valid backend user account is needed to exploit this RM vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, MISC 11.1.1. MISC

CVE- TYPO3 is an open source PHP based web content management system. In 2021- TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the 21358 Form Designer backend module of the Form Framework is vulnerable to 2021- typo3 -- typo3 3.5 CONFI cross-site scripting. A valid backend user account with access to the form 03-23 RM module is needed to exploit this vulnerability. This is fixed in versions MISC 10.4.14, 11.1.1. MISC

CVE- TYPO3 is an open source PHP based web content management system. In 2021- TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that 2021- typo3 -- typo3 3.5 21340 database fields used as _descriptionColumn_ are vulnerable to cross-site 03-23 CONFI scripting when their content gets previewed. A valid backend user account RM CV Source Primary Publis SS & Vendor -- Description hed Sco Patch Product re Info

is needed to exploit this vulnerability. This is fixed in versions 10.4.14, MISC 11.1.1 . MISC

Back to top