Vulnerability Summary for the Week of April 26, 2021

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.

High Vulnerabilities

CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an CVE- avaya -- authenticated, remote attacker to send specially 2020- 2021- session_border_controller_for_en crafted messages and execute arbitrary commands 9 7034 04-23 terprise with the affected system privileges. Affected versions CONFIR of Avaya Session Border Controller for Enterprise M include 7.x, 8.0 through 8.1.1.x

ibm -- spectrum_protect_backup- IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 2021- CVE- 7.2 archive_client could allow a local user to escalate their privileges to 04-26 2021- CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

take full control of the system due to insecure 20532 directory permissions. IBM X-Force ID: 198811. CONFIR M XF

IBM Spectrum Protect Client 8.1.0.0-8 through CVE- 1.11.0 is vulnerable to a stack-based buffer overflow, 2021- caused by improper bounds checking when 2021- 29672 ibm -- spectrum_protect_client processing the current locale settings. A local attacker 7.2 04-26 CONFIR could overflow a buffer and execute arbitrary code on M the system with elevated privileges or cause the XF application to crash. IBM X-Force ID: 199479

SQL Injection in CVE- com/inxedu/OS/edu/controller/letter/AdminMsgSyste 2021- 2020- inxedu -- inxedu 7.5 mController in Inxedu v2.0.6 via the ids parameter to 04-29 35430 admin/letter/delsystem. MISC

Improperly Controlled Modification of Object CVE- Prototype Attributes ('Prototype Pollution') in jquery- 2021- 2021- jquery-bbq_project -- jquery-bbq 7.5 bbq 1.2.1 allows a malicious user to inject properties 04-23 20086 into Object.prototype. MISC CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

CVE- Prototype pollution vulnerability in 'safe-obj' versions 2021- 1.0.0 through 1.0.2 allows an attacker to cause a 2021- manta -- safe-obj 7.5 25928 denial of service and may lead to remote code 04-26 MISC execution. MISC

CVE- Aterm WG2600HS firmware Ver1.5.1 and earlier 2021- nec -- 2021- allows an attacker to execute arbitrary OS commands 10 20711 aterm_wg2600hs_firmware 04-26 via unspecified vectors. MISC MISC

CVE- Unbound before 1.9.5 allows an integer overflow in 2021- 2019- nlnetlabs -- unbound 7.5 the regional allocator via regional_alloc. 04-27 25032 MISC

CVE- Unbound before 1.9.5 allows an integer overflow in 2021- 2019- nlnetlabs -- unbound 7.5 the regional allocator via the ALIGN_UP macro. 04-27 25033 MISC CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

CVE- Unbound before 1.9.5 allows an integer overflow in 2021- 2019- nlnetlabs -- unbound sldns_str2wire_dname_buf_origin, leading to an out- 7.5 04-27 25034 of-bounds write. MISC

CVE- Unbound before 1.9.5 allows an out-of-bounds write 2021- 2019- nlnetlabs -- unbound 7.5 in sldns_bget_token_par. 04-27 25035 MISC

CVE- Unbound before 1.9.5 allows an integer overflow in a 2021- 2019- nlnetlabs -- unbound 7.5 size calculation in dnscrypt/dnscrypt.c. 04-27 25038 MISC

CVE- Unbound before 1.9.5 allows an integer overflow in a 2021- 2019- nlnetlabs -- unbound 7.5 size calculation in respip/respip.c. 04-27 25039 MISC

Unbound before 1.9.5 allows an out-of-bounds write 2021- CVE- nlnetlabs -- unbound 7.5 via a compressed name in rdata_copy. 04-27 2019- CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

25042 MISC

Pulse Connect Secure 9.0R3/9.1R1 and higher is CVE- vulnerable to an authentication bypass vulnerability 2021- exposed by the Windows File Share Browser and 22893 pulsesecure -- Pulse Secure Collaboration features of Pulse Connect 2021- 7.5 MISC pulse_connect_secure Secure that can allow an unauthenticated user to 04-23 MISC perform remote arbitrary code execution on the Pulse MISC Connect Secure gateway. This vulnerability has been MISC exploited in the wild.

Improperly Controlled Modification of Object CVE- Prototype Attributes ('Prototype Pollution') in purl 2021- 2021- purl_project -- purl 7.5 2.3.2 allows a malicious user to inject properties into 04-23 20089 Object.prototype. MISC

Medium Vulnerabilities Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

Improperly Controlled Modification of Object CVE-2021- acemetrix -- jquery- Prototype Attributes ('Prototype Pollution') in jquery- 2021-04- 6.5 20087 deparam deparam 0.5.1 allows a malicious user to inject 23 MISC properties into Object.prototype.

Cross-site scripting vulnerability in Aterm CVE-2021- aterm -- WG2600HS firmware Ver1.5.1 and earlier allows 2021-04- 20710 4.3 wg2600hs_firmware remote attackers to inject an arbitrary script via 26 MISC unspecified vectors. MISC

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, CVE-2020- avaya -- 2021-04- remote attacker to gain read access to information 4 7035 aura_orchestration_designer 23 that is stored on an affected system. The affected CONFIRM versions of Orchestration Designer includes all 7.x versions before 7.2.3.

An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote CVE-2020- attacker to gain read access to information that is 2021-04- avaya -- callback_assist 4 7036 stored on an affected system. The affected versions of 23 CONFIRM Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

Improperly Controlled Modification of Object backbone-query- CVE-2021- Prototype Attributes ('Prototype Pollution') in 2021-04- parameters_project -- 6.5 20085 backbone-query-parameters 0.4.0 allows a malicious 23 backbone-query-parameters MISC user to inject properties into Object.prototype.

CVE-2021- CNCSoft-B Versions 1.0.0.3 and prior is vulnerable criticalmanufacturing -- 2021-04- 22664 to an out-of-bounds write, which may allow an 6.8 cncsoft-b 27 MISC attacker to execute arbitrary code. MISC

CVE-2021- Settings.aspx?view=About in Directum 5.8.2 allows 2021-04- 31794 directum -- directum 4.3 XSS via the HTTP User-Agent header. 24 MISC MISC

An issue has been discovered in GitLab CE/EE CVE-2021- affecting all versions starting from 11.9. GitLab was 22205 2021-04- gitlab -- gitlab not properly validating image files that were passed 6.5 MISC 23 to a file parser which resulted in a remote command MISC execution. CONFIRM

Insufficient data validation in V8 in Google Chrome CVE-2021- prior to 90.0.4430.93 allowed a remote attacker to 2021-04- google -- chrome 6.8 21227 potentially exploit heap corruption via a crafted 30 MISC HTML page. Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

MISC GENTOO

CVE-2021- Type confusion in V8 in Google Chrome prior to 21230 2021-04- google -- chrome 90.0.4430.93 allowed a remote attacker to potentially 6.8 MISC 30 exploit heap corruption via a crafted HTML page. MISC GENTOO

CVE-2021- Use after free in Dev Tools in Google Chrome prior 21232 to 90.0.4430.93 allowed a remote attacker to 2021-04- google -- chrome 6.8 MISC potentially exploit heap corruption via a crafted 30 MISC HTML page. GENTOO

CVE-2021- Type confusion in V8 in Google Chrome prior to 21224 90.0.4430.85 allowed a remote attacker to execute 2021-04- MISC google -- chrome 6.8 arbitrary code inside a sandbox via a crafted HTML 26 MISC page. DEBIAN GENTOO

CVE-2021- Integer overflow in Mojo in Google Chrome prior to 2021-04- google -- chrome 6.8 21223 90.0.4430.85 allowed a remote attacker who had 26 MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

compromised the renderer process to potentially MISC perform a sandbox escape via a crafted HTML page. DEBIAN GENTOO

CVE-2021- Use after free in Blink in Google Chrome prior to 21206 89.0.4389.128 allowed a remote attacker to 2021-04- google -- chrome 6.8 MISC potentially exploit heap corruption via a crafted 26 MISC HTML page. GENTOO

CVE-2021- Insufficient validation of untrusted input in V8 in 21220 Google Chrome prior to 89.0.4389.128 allowed a 2021-04- google -- chrome 6.8 MISC remote attacker to potentially exploit heap corruption 26 MISC via a crafted HTML page. GENTOO

CVE-2021- Use after free in WebMIDI in Google Chrome prior 21213 to 90.0.4430.72 allowed a remote attacker to 2021-04- MISC google -- chrome 6.8 potentially exploit heap corruption via a crafted 26 MISC HTML page. DEBIAN GENTOO

Use after free in IndexedDB in Google Chrome prior 2021-04- CVE-2021- google -- chrome 6.8 to 90.0.4430.72 allowed an attacker who convinced a 26 21207 Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

user to install a malicious extension to potentially MISC perform a sandbox escape via a crafted Chrome MISC Extension. DEBIAN GENTOO

CVE-2021- Heap buffer overflow in ANGLE in Google Chrome 21233 on Windows prior to 90.0.4430.93 allowed a remote 2021-04- google -- chrome 6.8 MISC attacker to potentially exploit heap corruption via a 30 MISC crafted HTML page. GENTOO

CVE-2021- Use after free in Blink in Google Chrome on OS X 21204 prior to 90.0.4430.72 allowed a remote attacker to 2021-04- MISC google -- chrome 6.8 potentially exploit heap corruption via a crafted 26 MISC HTML page. DEBIAN GENTOO

CVE-2021- 21203 Use after free in Blink in Google Chrome prior to 2021-04- MISC google -- chrome 90.0.4430.72 allowed a remote attacker to potentially 6.8 26 MISC exploit heap corruption via a crafted HTML page. DEBIAN GENTOO Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE-2021- Use after free in navigation in Google Chrome prior 21226 to 90.0.4430.85 allowed a remote attacker who had 2021-04- MISC google -- chrome 6.8 compromised the renderer process to potentially 26 MISC perform a sandbox escape via a crafted HTML page. DEBIAN GENTOO

CVE-2021- Use after free in Network API in Google Chrome 21214 prior to 90.0.4430.72 allowed a remote attacker to 2021-04- MISC google -- chrome 6.8 potentially exploit heap corruption via a crafted 26 MISC Chrome Extension. DEBIAN GENTOO

CVE-2021- Out of bounds memory access in V8 in Google 21225 Chrome prior to 90.0.4430.85 allowed a remote 2021-04- MISC google -- chrome 6.8 attacker to potentially exploit heap corruption via a 26 MISC crafted HTML page. DEBIAN GENTOO

Use after free in permissions in Google Chrome prior CVE-2021- to 90.0.4430.72 allowed a remote attacker who had 2021-04- 21201 google -- chrome 6.8 compromised the renderer process to potentially 26 MISC perform a sandbox escape via a crafted HTML page. MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

DEBIAN GENTOO

CVE-2021- Incorrect security UI in Network Config UI in Google 21212 Chrome on ChromeOS prior to 90.0.4430.72 allowed 2021-04- MISC google -- chrome 4.3 a remote attacker to potentially compromise WiFi 26 MISC connection security via a malicious WAP. DEBIAN GENTOO

CVE-2021- Heap buffer overflow in V8 in Google Chrome prior 21222 to 90.0.4430.85 allowed a remote attacker who had 2021-04- MISC google -- chrome 4.3 compromised the renderer process to bypass site 26 MISC isolation via a crafted HTML page. DEBIAN GENTOO

CVE-2021- Inappropriate implementation in storage in Google 21209 Chrome prior to 90.0.4430.72 allowed a remote 2021-04- MISC google -- chrome 4.3 attacker to leak cross-origin data via a crafted HTML 26 MISC page. DEBIAN GENTOO Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE-2021- Insufficient policy enforcement in navigation in 21205 Google Chrome on iOS prior to 90.0.4430.72 allowed 2021-04- MISC google -- chrome 5.8 a remote attacker to bypass navigation restrictions via 26 MISC a crafted HTML page. DEBIAN GENTOO

CVE-2021- Use after free in extensions in Google Chrome prior 21202 to 90.0.4430.72 allowed an attacker who convinced a 2021-04- MISC google -- chrome user to install a malicious extension to potentially 6.8 26 MISC perform a sandbox escape via a crafted Chrome DEBIAN Extension. GENTOO

CVE-2021- Insufficient data validation in QR scanner in Google 21208 Chrome on iOS prior to 90.0.4430.72 allowed an 2021-04- MISC google -- chrome 4.3 attacker displaying a QR code to perform domain 26 MISC spoofing via a crafted QR code. DEBIAN GENTOO

Inappropriate implementation in Network in Google CVE-2021- Chrome prior to 90.0.4430.72 allowed a remote 2021-04- 21210 google -- chrome 4.3 attacker to potentially access local UDP ports via a 26 MISC crafted HTML page. MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

DEBIAN GENTOO

CVE-2021- Insufficient validation of untrusted input in Mojo in 21221 Google Chrome prior to 90.0.4430.72 allowed a 2021-04- MISC google -- chrome remote attacker who had compromised the renderer 4.3 26 MISC process to leak cross-origin data via a crafted HTML DEBIAN page. GENTOO

CVE-2021- Inappropriate implementation in Navigation in 21211 Google Chrome on iOS prior to 90.0.4430.72 allowed 2021-04- MISC google -- chrome 4.3 a remote attacker to leak cross-origin data via a 26 MISC crafted HTML page. DEBIAN GENTOO

CVE-2021- Inappropriate implementation in Autofill in Google 21215 Chrome prior to 90.0.4430.72 allowed a remote 2021-04- MISC google -- chrome 4.3 attacker to spoof security UI via a crafted HTML 26 MISC page. DEBIAN GENTOO Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE-2021- Inappropriate implementation in Autofill in Google 21216 Chrome prior to 90.0.4430.72 allowed a remote 2021-04- MISC google -- chrome 4.3 attacker to spoof security UI via a crafted HTML 26 MISC page. DEBIAN GENTOO

CVE-2021- Uninitialized data in PDFium in Google Chrome 21217 prior to 90.0.4430.72 allowed a remote attacker to 2021-04- MISC google -- chrome 4.3 obtain potentially sensitive information from process 26 MISC memory via a crafted PDF file. DEBIAN GENTOO

CVE-2021- Uninitialized data in PDFium in Google Chrome 21218 prior to 90.0.4430.72 allowed a remote attacker to 2021-04- MISC google -- chrome 4.3 obtain potentially sensitive information from process 26 MISC memory via a crafted PDF file. DEBIAN GENTOO

Uninitialized data in PDFium in Google Chrome CVE-2021- prior to 90.0.4430.72 allowed a remote attacker to 2021-04- 21219 google -- chrome 4.3 obtain potentially sensitive information from process 26 MISC memory via a crafted PDF file. MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

DEBIAN GENTOO

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project CVE-2021- 2021-04- hornerautomation -- cscape files. This could lead to memory corruption. An 6.8 22678 23 attacker could leverage this vulnerability to execute MISC code in the context of the current process.

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows CVE-2021- full permissions, including read/write access. This 2021-04- hornerautomation -- cscape 4.6 22682 may allow unprivileged users to modify the binaries 23 MISC and configuration files and lead to local privilege escalation.

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper CVE-2021- ibm -- bounds checking. A local privileged user could 2021-04- 20515 4.6 informix_dynamic_server overflow a buffer and execute arbitrary code on the 30 XF system or cause a denial of service condition. IBM X- CONFIRM Force ID: 198366.

IBM Planning Analytics 2.0 could allow a remote 2021-04- CVE-2020- ibm -- planning_analytics 5 attacker to obtain sensitive information by allowing 26 4562 Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

cross-window communication with unrestricted target XF origin via documentation frames. CONFIRM

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 CVE-2021- ibm -- uses weaker than expected cryptographic algorithms 2021-04- 29694 5 spectrum_protect_plus that could allow an attacker to decrypt highly 26 XF sensitive information. IBM X-Force ID: 200258. CONFIRM

IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which CVE-2021- ibm -- could allow an attacker to carry out privileged actions 2021-04- 20432 6.4 spectrum_protect_plus and retrieve sensitive information as the domain 26 XF name is not being limited to only trusted domains. CONFIRM IBM X-Force ID: 196344.

Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable CVE-2021- to XSS in the ElectronJS Framework. An attacker can 2021-04- 28079 jamovi -- jamovi 4.3 make a .omv (Jamovi) document containing a 26 MISC payload. When opened by victim, the payload is MISC triggered. jquery-plugin-query- CVE-2021- Improperly Controlled Modification of Object 2021-04- object_project -- jquery- 6.5 20083 Prototype Attributes ('Prototype Pollution') in jquery- 23 plugin-query-object MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.

Improperly Controlled Modification of Object CVE-2021- jquery-sparkle_project -- Prototype Attributes ('Prototype Pollution') in jquery- 2021-04- 6.5 20084 jquery-sparkle sparkle 1.5.2-beta allows a malicious user to inject 23 MISC properties into Object.prototype.

CVE-2021- The Import function in MintHCM RELEASE 3.0.8 2021-04- 25838 minthcm -- minthcm allows an attacker to execute a cross-site scripting 4.3 26 MISC (XSS) payload in file-upload. MISC

Improperly Controlled Modification of Object CVE-2021- Prototype Attributes ('Prototype Pollution') in 2021-04- mootools -- mootools-more 6.5 20088 mootools-more 1.6.0 allows a malicious user to inject 23 MISC properties into Object.prototype.

CVE-2019- Unbound before 1.9.5 allows an assertion failure and 2021-04- nlnetlabs -- unbound 5 25036 denial of service in synth_cname. 27 MISC

Unbound before 1.9.5 allows an assertion failure and CVE-2019- 2021-04- nlnetlabs -- unbound denial of service in dname_pkt_copy via an invalid 5 25037 27 packet. MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE-2019- Unbound before 1.9.5 allows an infinite loop via a 2021-04- nlnetlabs -- unbound 5 25040 compressed name in dname_pkt_copy. 27 MISC

CVE-2019- Unbound before 1.9.5 allows an assertion failure via a 2021-04- nlnetlabs -- unbound 5 25041 compressed name in dname_pkt_copy. 27 MISC

Unbound before 1.9.5 allows configuration injection CVE-2019- in create_unbound_ad_servers.sh upon a successful 2021-04- nlnetlabs -- unbound 4.3 25031 man-in-the-middle attack against a cleartext HTTP 27 MISC session.

CVE-2021- pfSense 2.5.0 allows XSS via the 2021-04- pfsense -- pfsense 4.3 27933 services_wol_edit.php Description field. 28 FULLDISC

CVE-2021- Webmin 1.973 is affected by Cross Site Request 31760 Forgery (CSRF) to achieve Remote Command 2021-04- MISC webmin -- webmin 6.8 Execution (RCE) through Webmin's running process 25 MISC feature. MISC MISC Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE-2021- 31761 Webmin 1.973 is affected by reflected Cross Site 2021-04- MISC webmin -- webmin Scripting (XSS) to achieve Remote Command 6.8 25 MISC Execution through Webmin's running process feature. MISC MISC

CVE-2021- Webmin 1.973 is affected by Cross Site Request 31762 Forgery (CSRF) to create a privileged user through 2021-04- MISC webmin -- webmin 6.8 Webmin's add users feature, and then get a reverse 25 MISC shell through Webmin's running process feature. MISC MISC

CVE-2021- Excessive memory consumption in MS-WSP 22207 dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 2021-04- wireshark -- wireshark 5 CONFIRM 3.2.12 allows denial of service via packet injection or 23 MISC crafted capture file MISC

The xmlhttprequest-ssl package before 1.6.1 for CVE-2021- Node.js disables SSL certificate validation by default, 31597 xmlhttprequest-ssl_project - because rejectUnauthorized (when the property exists 2021-04- 5.8 MISC - xmlhttprequest-ssl but is undefined) is considered to be false within the 23 MISC https.request function of Node.js. In other words, no MISC certificate is ever rejected. Low Vulnerabilities

Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

Cross Site Scripting (XSS) in dotCMS v5.1.5 allows CVE- remote attackers to execute arbitrary code by injecting a 2021-04- 2020- dotcms -- dotcms 3.5 malicious payload into the "Task Detail" comment 23 17542 window of the "/dotAdmin/#/c/workflow" component. MISC

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is CVE- vulnerable to a stack-based buffer overflow, caused by 2021- ibm -- 2021-04- improper bounds checking. A local attacker could 2.1 20546 spectrum_protect_client 26 overflow a buffer and cause the application to crash. IBM XF X-Force ID: 198934 CONFIRM

CVE- IBM Spectrum Protect Plus File Systems Agent 10.1.6 2021- ibm -- and 10.1.7 stores potentially sensitive information in log 2021-04- 2.1 20536 spectrum_protect_plus files that could be read by a local user. IBM X-Force ID: 26 CONFIRM 198836. XF

Non-constant-time comparison of CSRF tokens in UIDL CVE- request handler in com.vaadin:flow-server versions 1.0.0 2021- through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 2021-04- vaadin -- flow 1.9 31404 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 23 CONFIRM (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 CONFIRM (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack.

Non-constant-time comparison of CSRF tokens in CVE- endpoint request handler in com.vaadin:flow-server 2021- versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 2021-04- vaadin -- flow 1.9 31406 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 23 CONFIRM (Vaadin 19.0.0) allows attacker to guess a security token CONFIRM for Fusion endpoints via timing attack.

CVE- Non-constant-time comparison of CSRF tokens in UIDL 2021- request handler in com.vaadin:vaadin-server versions 2021-04- 31403 vaadin -- vaadin 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 1.9 23 CONFIRM 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows CONFIRM attacker to guess a security token via timing attack CONFIRM

Wowza Streaming Engine through 4.8.5 (in a default CVE- installation) has incorrect file permissions of configuration 2021- wowza -- 2021-04- files in the conf/ directory. A regular local user is able to 3.6 31540 streaming_engine 23 read and write to all the configuration files, e.g., modify MISC the application server configuration. MISC wowza -- Wowza Streaming Engine through 4.8.5 (in a default 2021-04- CVE- 2.1 streaming_engine installation) has cleartext passwords stored in the 23 2021- Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

conf/admin.password file. A regular local user is able to 31539 read usernames and passwords. MISC MISC

Severity Not Yet Assigned

Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- not Akuvox C315 115.116.2613 allows remote command Injection 2021- akuvox -- c315 2021- yet via the cfgd_server service. The attack vector is sending a 31726   04-25 calcul payload to port 189 (default root 0.0.0.0). MISC ated MISC

A buffer overflow in the RTSP service of the Ambarella Oryx CVE- RTSP Server 2020-01-07 allows an unauthenticated attacker to not 2020- ambarella -- oryx- send a crafted RTSP request, with a long digest authentication 2021- yet 24918 rtsp_server header, to execute arbitrary code in 04-30 calcul MISC   parse_authentication_header() in libamprotocol-rtsp.so.1 in ated MISC rtsp_svc (or cause a crash). This allows remote takeover of a MISC Furbo Dog Camera, for example. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- 2020- Ampache before version 4.2.2 allows unauthenticated users to not 15153 ampache -- ampache perform SQL injection. Refer to the referenced GitHub 2021- yet MISC   Security Advisory for details and a workaround. This is fixed 04-30 calcul MISC in version 4.2.2 and the development branch. ated CONF IRM

A flaw was found in the Ansible Engine 2.9.18, where CVE- sensitive info is not masked by default and is not protected by not 2021- ansible -- engine the no_log feature when using the sub-option feature of the 2021- yet 20228   basic.py module. This flaw allows an attacker to obtain 04-29 calcul MISC sensitive information. The highest threat from this ated MISC vulnerability is to confidentiality.

Apache Maven will follow repositories that are defined in a CVE- dependency’s Project Object Model (pom) which may be 2021- surprising to some users, resulting in potential risk if a 26291 malicious actor takes over that repository or is able to insert not MISC apache -- maven themselves into a position to pretend to be that repository. 2021- yet MLIS   Maven is changing the default behavior in 3.8.1+ to no longer 04-23 calcul T follow http (non-SSL) repository references by default. More ated MLIS details available in the referenced urls. If you are currently T using a repository manager to govern the repositories used by MLIS your builds, you are unaffected by the risks present in the T Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

legacy behavior, and are unaffected by this vulnerability and MLIS change to default behavior. See this link for more information T about repository management: MLIS https://maven.apache.org/repository-management.html T MLIS T

CVE- 2021- 30128 MISC MLIS T MLIS not T apache -- ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 2021- yet MLIS   version 04-27 calcul T ated MLIS T MLIS T MLIS T MLIS T Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- 2021- 29200 MISC MLIS T not MLIS apache -- ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 2021- yet T   version An unauthenticated user can perform an RCE attack 04-27 calcul MLIS ated T MLIS T MLIS T MLIS T

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and not CVE- apache -- ozone_cluster buckets through a curl command or an unauthenticated HTTP 2021- yet 2020-   request. This enables unauthorized access to buckets and keys 04-27 calcul 17517 thereby exposing data to anonymous clients or users. This ated MISC affected Apache Ozone prior to the 1.1.0 release. Improper Authorization vulnerability in __COMPONENT__ of Apache Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

Ozone allows an attacker to __IMPACT__. This issue affects Apache Ozone Apache Ozone version 1.0.0 and prior versions.

CVE- Apache Superset up to and including 1.0.1 allowed for the 2021- creation of an external URL that could be malicious. By not not 28125 apache -- superset checking user input for open redirects the URL shortener 2021- yet MISC   functionality would allow for a malicious user to create a short 04-27 calcul MLIS URL for a dashboard that could convince the user to click the ated T link. MLIS T

Information Exposure vulnerability in context asset handling CVE- of Apache Tapestry allows an attacker to download files inside 2021- not WEB-INF if using a specially-constructed URL. This was 30638 apache -- tapestry 2021- yet caused by an incomplete fix for CVE-2020-13953. This issue MISC   04-27 calcul affects Apache Tapestry Apache Tapestry 5.4.0 version to MLIS ated Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and T Apache Tapestry 5.7.1. MISC

A remote insecure deserialization vulnerability was discovered not CVE- aruba -- in Aruba AirWave Management Platform version(s) prior to 2021- yet 2021- airwave_management_pla 8.2.12.1. Aruba has released patches for AirWave 04-28 calcul 25152 tform Management Platform that address this security vulnerability. ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

A remote SQL injection vulnerability was discovered in Aruba not CVE- aruba -- AirWave Management Platform version(s) prior to 8.2.12.1. 2021- yet 2021- airwave_management_pla Aruba has released patches for AirWave Management 04-28 calcul 25153 tform Platform that address this security vulnerability. ated MISC

A remote escalation of privilege vulnerability was discovered not CVE- aruba -- in Aruba AirWave Management Platform version(s) prior to 2021- yet 2021- airwave_management_pla 8.2.12.1. Aruba has released patches for AirWave 04-28 calcul 25154 tform Management Platform that address this security vulnerability. ated MISC aruba -- A remote XML external entity vulnerability was discovered in not CVE- airwave_management_pla Aruba AirWave Management Platform version(s) prior to 2021- yet 2021- tform 8.2.12.1. Aruba has released patches for AirWave 04-28 calcul 25164   Management Platform that address this security vulnerability. ated MISC aruba -- A remote insecure deserialization vulnerability was discovered not CVE- airwave_management_pla in Aruba AirWave Management Platform version(s) prior to 2021- yet 2021- tform 8.2.12.1. Aruba has released patches for AirWave 04-28 calcul 25151   Management Platform that address this security vulnerability. ated MISC aruba -- A remote URL redirection vulnerability was discovered in 2021- not CVE- airwave_management_pla Aruba AirWave Management Platform version(s) prior to 04-29 yet 2021- Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info tform 8.2.12.1. Aruba has released patches for AirWave calcul 29137   Management Platform that address this security vulnerability. ated MISC aruba -- A remote XML external entity vulnerability was discovered in not CVE- airwave_management_pla Aruba AirWave Management Platform version(s) prior to 2021- yet 2021- tform 8.2.12.1. Aruba has released patches for AirWave 04-29 calcul 25163   Management Platform that address this security vulnerability. ated MISC

A remote authentication restriction bypass vulnerability was aruba -- not CVE- discovered in Aruba AirWave Management Platform airwave_management_pla 2021- yet 2021- version(s) prior to 8.2.12.1. Aruba has released patches for tform 04-28 calcul 25147 AirWave Management Platform that address this security   ated MISC vulnerability. aruba -- A remote unauthorized access vulnerability was discovered in not CVE- airwave_management_pla Aruba AirWave Management Platform version(s) prior to 2021- yet 2021- tform 8.2.12.1. Aruba has released patches for AirWave 04-29 calcul 25167   Management Platform that address this security vulnerability. ated MISC aruba -- A remote unauthorized access vulnerability was discovered in not CVE- airwave_management_pla Aruba AirWave Management Platform version(s) prior to 2021- yet 2021- tform 8.2.12.1. Aruba has released patches for AirWave 04-29 calcul 25166   Management Platform that address this security vulnerability. ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info aruba -- A remote XML external entity vulnerability was discovered in not CVE- airwave_management_pla Aruba AirWave Management Platform version(s) prior to 2021- yet 2021- tform 8.2.12.1. Aruba has released patches for AirWave 04-28 calcul 25165   Management Platform that address this security vulnerability. ated MISC

A remote disclosure of sensitive information vulnerability was not CVE- discovered in Aruba ClearPass Policy Manager version(s) prior aruba -- 2021- yet 2021- to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for clearpass_policy_manager 04-29 calcul 29141 Aruba ClearPass Policy Manager that address this security ated MISC vulnerability.

A remote disclosure of sensitive information vulnerability was not CVE- discovered in Aruba ClearPass Policy Manager version(s) prior aruba -- 2021- yet 2021- to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for clearpass_policy_manager 04-29 calcul 29144 Aruba ClearPass Policy Manager that address this security ated MISC vulnerability.

A local escalation of privilege vulnerability was discovered in not CVE- aruba -- Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 2021- yet 2020- clearpass_policy_manager 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba 04-28 calcul 7123   ClearPass Policy Manager that address this security ated MISC vulnerability. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

A remote arbitrary command execution vulnerability was not CVE- aruba -- discovered in Aruba ClearPass Policy Manager version(s) prior 2021- yet 2021- clearpass_policy_manager to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for 04-29 calcul 29147   Aruba ClearPass Policy Manager that address this security ated MISC vulnerability.

A remote cross-site scripting (XSS) vulnerability was not CVE- aruba -- discovered in Aruba ClearPass Policy Manager version(s) prior 2021- yet 2021- clearpass_policy_manager to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for 04-29 calcul 29146   Aruba ClearPass Policy Manager that address this security ated MISC vulnerability.

A remote server side request forgery (SSRF) remote code not CVE- aruba -- execution vulnerability was discovered in Aruba ClearPass 2021- yet 2021- clearpass_policy_manager Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. 04-29 calcul 29145   Aruba has released patches for Aruba ClearPass Policy ated MISC Manager that address this security vulnerability.

A remote cross-site scripting (XSS) vulnerability was not CVE- aruba -- discovered in Aruba ClearPass Policy Manager version(s) prior 2021- yet 2021- clearpass_policy_manager to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for 04-29 calcul 29142   Aruba ClearPass Policy Manager that address this security ated MISC vulnerability. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

A remote XML external entity (XXE) vulnerability was not CVE- aruba -- discovered in Aruba ClearPass Policy Manager version(s): 2021- yet 2021- clearpass_policy_manager Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches 04-29 calcul 29140   for Aruba ClearPass Policy Manager that address this security ated MISC vulnerability.

A remote cross-site scripting (XSS) vulnerability was not CVE- aruba -- discovered in Aruba ClearPass Policy Manager version(s) prior 2021- yet 2021- clearpass_policy_manager to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for 04-29 calcul 29139   Aruba ClearPass Policy Manager that address this security ated MISC vulnerability.

A remote disclosure of privileged information vulnerability not CVE- aruba -- was discovered in Aruba ClearPass Policy Manager version(s) 2021- yet 2021- clearpass_policy_manager prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches 04-29 calcul 29138   for Aruba ClearPass Policy Manager that address this security ated MISC vulnerability.

A vulnerability was discovered in Management component of CVE- not Avaya Equinox Conferencing that could potentially allow an 2020- avava -- 2021- yet unauthenticated, remote attacker to gain access to screen 7038 equinox_conferencing 04-28 calcul sharing and whiteboard sessions. The affected versions of CONF ated Management component of Avaya Equinox Conferencing IRM Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

include all 3.x versions before 3.17. Avaya Equinox Conferencing is now offered as Avaya Meetings Server.

An XML External Entities (XXE) vulnerability in Media Server component of Avaya Equinox Conferencing could CVE- allow an authenticated, remote attacker to gain read access to not avava -- 2020- information that is stored on an affected system or even 2021- yet equinox_conferencing 7037 potentially lead to a denial of service. The affected versions of 04-28 calcul   CONF Avaya Equinox Conferencing includes all 9.x versions before ated IRM 9.1.11. Equinox Conferencing is now offered as Avaya Meetings Server.

CVE- AVE DOMINAplus <=1.10.x suffers from clear-text 2020- credentials disclosure vulnerability that allows an not 21994 unauthenticated attacker to issue a request to an unprotected 2021- yet ave -- dominaplus EXPL directory that hosts an XML file '/xml/authClients.xml' and 04-28 calcul OIT- obtain administrative login information that allows for a ated DB successful authentication bypass attack. MISC

not CVE- AVE DOMINAplus <=1.10.x suffers from an unauthenticated ave -- dominaplus 2021- yet 2020- reboot command execution. Attackers can exploit this issue to   04-28 calcul 21996 cause a denial of service scenario. ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

EXPL OIT- DB

AVE DOMINAplus <=1.10.x suffers from an authentication CVE- bypass vulnerability due to missing control check when 2020- not directly calling the autologin GET parameter in 21991 ave -- dominaplus 2021- yet changeparams.php script. Setting the autologin value to 1 MISC   04-28 calcul allows an unauthenticated attacker to permanently disable the EXPL ated authentication security control and access the management OIT- interface with admin privileges without providing credentials. DB

CVE- Aviatrix VPN Client before 2.14.14 on Windows has an 2021- not unquoted search path that enables local privilege escalation to 31776 aviatrix -- vpn_client 2021- yet the SYSTEM user, if the machine is misconfigured to allow MISC   04-29 calcul unprivileged users to write to directories that are supposed to MISC ated be restricted to administrators. CONF IRM

not CVE- babel -- babel Relative Path Traversal in Babel 2.9.0 allows an attacker to 2021- yet 2021-   load arbitrary locale files on disk and execute arbitrary code. 04-29 calcul 20095 ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a CVE- configuration which uses BIND's default settings the 2021- vulnerable code path is not exposed, but a server can be 25216 rendered vulnerable by explicitly setting values for the tkey- CONF gssapi-keytab or tkey-gssapi-credential configuration options. IRM Although the default configuration is not vulnerable, GSS- MLIS TSIG is frequently used in networks where BIND is integrated not bind -- bind T with Samba, as well as in mixed-server environments that 2021- yet MLIS combine BIND servers with Active Directory domain 04-29 calcul   T controllers. For servers that meet these conditions, the ISC ated MLIS SPNEGO implementation is vulnerable to various attacks, T depending on the CPU architecture for which BIND was built: MLIS For named binaries compiled for 64-bit platforms, this flaw T can be used to trigger a buffer over-read, leading to a server DEBI crash. For named binaries compiled for 32-bit platforms, this AN flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.

CVE- 2021- 25214 In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, CONF and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> IRM 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as MLIS not release versions 9.17.0 -> 9.17.11 of the BIND 9.17 T bind -- bind 2021- yet development branch, when a vulnerable version of named MLIS   04-29 calcul receives a malformed IXFR triggering the flaw described T ated above, the named process will terminate due to a failed MLIS assertion the next time the transferred secondary zone is T refreshed. MLIS T DEBI AN Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- 2021- 25215 In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions CONF BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of IRM BIND Supported Preview Edition, as well as release versions MLIS not 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when T bind -- bind 2021- yet a vulnerable version of named receives a query for a record MLIS   04-29 calcul triggering the flaw described above, the named process will T ated terminate due to a failed assertion check. The vulnerability MLIS affects all currently maintained BIND 9 branches (9.11, 9.11- T S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. MLIS T DEBI AN

A flaw was found in binutils readelf 2.35 program. An attacker CVE- not who is able to convince a victim using readelf to read a crafted 2021- binutils -- readelf 2021- yet file could trigger a stack buffer overflow, out-of-bounds write 20294   04-29 calcul of arbitrary data supplied by the attacker. The highest impact MISC ated of this flaw is to confidentiality, integrity, and availability. MISC

The package browserslist from 4.0.0 and before 4.16.5 are CVE- browserlist -- browserlist 2021- not vulnerable to Regular Expression Denial of Service (ReDoS) 2021-   04-28 yet during parsing of queries. 23364 Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

calcul MISC ated MISC MISC MISC MISC

The web interfaces of Buffalo WSR-2533DHPL2 firmware not CVE- buffalo -- buffalo version <= 1.02 and WSR-2533DHP3 firmware version <= 2021- yet 2021-   1.24 do not properly restrict access to sensitive information 04-29 calcul 20092 from an unauthorized actor. ated MISC

The web interfaces of Buffalo WSR-2533DHPL2 firmware not CVE- version <= 1.02 and WSR-2533DHP3 firmware version <= buffalo -- buffalo 2021- yet 2021- 1.24 do not properly sanitize user input. An authenticated   04-29 calcul 20091 remote attacker could leverage this vulnerability to alter device ated MISC configuration, potentially gaining remote code execution.

A path traversal vulnerability in the web interfaces of Buffalo not CVE- buffalo -- buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR- 2021- yet 2021-   2533DHP3 firmware version <= 1.24 could allow 04-29 calcul 20090 unauthenticated remote attackers to bypass authentication. ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR- G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2- CVE- G54 firmware Ver.2.24 and prior, WLA2-G54C firmware not buffalo -- 2021- Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, 2021- yet multiple_network_devices 20716 WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware 04-28 calcul   MISC Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and ated MISC prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition.

Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP- G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR- G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR- CVE- 450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB not buffalo -- multiple_routers 2021- firmware Ver.1.99 and prior, WZR-HP-AG300H firmware 2021- yet 3512 Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and 04-28 calcul   MISC prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR- ated MISC HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR- 600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors.

Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 CVE- firmware Ver.1.87 and prior, WZR-450HP-CWT firmware not 2021- buffalo -- multiple_routers Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and 2021- yet 3511   prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR- 04-28 calcul MISC HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH ated MISC firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS- 600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

prior) allows remote unauthenticated attackers to obtain information such as configuration via unspecified vectors.

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 CVE- sometimes chooses a dependency source based on the highest 2020- gem version number, which means that a rogue gem found at a not 36327 bundler -- bundler public source may be chosen, even if the intended choice was a 2021- yet MISC   private gem that is a dependency of another private gem that is 04-29 calcul MISC explicitly depended on by the application. NOTE: it is not ated MISC correct to use CVE-2021-24105 for every "Dependency MISC Confusion" issue in every product. MISC

CVE- In mjs_json.c in Cesanta MongooseOS mJS 1.26, a not 2021- cesanta -- mongooseos maliciously formed JSON string can trigger an off-by-one 2021- yet 31875   heap-based buffer overflow in mjs_json_parse, which can 04-29 calcul MISC potentially lead to redirection of control flow. ated MISC MISC

A remote code execution vulnerability exists in Chamilo not CVE- through 1.11.14 due to improper input sanitization of a chamilo -- chamilo 2021- yet 2021- parameter used for file uploads, and improper file-extension   04-30 calcul 31933 filtering for certain filenames (e.g., .phar or .pht). A remote ated MISC authenticated administrator is able to upload a file containing Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

arbitrary PHP code into specific directories via MISC main/inc/lib/fileUpload.lib.php directory traversal to achieve MISC PHP code execution.

CVE- not 2021- china -- Command injection vulnerability in China Mobile An Lianbao 2021- yet 25812 mobile_an_lianbao WF-1 1.01 via the 'ip' parameter with a POST request to 04-29 calcul MISC   /api/ZRQos/set_online_client. ated MISC MISC

CVE- The api/ZRAndlink/set_ZRAndlink interface in China Mobile not 2021- china_mobile -- An Lianbao WF-1 router 1.0.1 allows remote attackers to 2021- yet 30228 an_lianbao execute arbitrary commands via shell metacharacters in the 04-29 calcul MISC   iandlink_proc_enable parameter. ated MISC MISC

CVE- The api/zrDm/set_zrDm interface in China Mobile An Lianbao not 2021- china_mobile -- WF-1 router 1.0.1 allows remote attackers to execute arbitrary 2021- yet 30229 an_lianbao_wf-1_router commands via shell metacharacters in the dm_enable, 04-29 calcul MISC   AppKey, or Pwd parameter. ated MISC MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- The api/ZRFirmware/set_time_zone interface in China Mobile not 2021- china_mobile -- An Lianbao WF-1 router 1.0.1 allows remote attackers to 2021- yet 30230 an_lianbao_wf-1_router execute arbitrary commands via shell metacharacters in the 04-29 calcul MISC   zonename parameter. ated MISC MISC

CVE- The api/ZRIGMP/set_MLD_PROXY interface in China not 2021- china_mobile -- Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers 2021- yet 30234 an_lianbao_wf-a_router to execute arbitrary commands via shell metacharacters in the 04-29 calcul MISC MLD_PROXY_WAN_CONNECT parameter. ated MISC MISC

CVE- The api/zrDm/set_ZRElink interface in China Mobile An not 2021- china_mobile -- Lianbao WF-1 router 1.0.1 allows remote attackers to execute 2021- yet 30231 an_lianbao_wf-a_router arbitrary commands via shell metacharacters in the bssaddr, 04-29 calcul MISC   abiaddr, devtoken, devid, elinksync, or elink_proc_enable ated MISC parameter. MISC china_mobile -- CVE- The api/ZRIptv/setIptvInfo interface in China Mobile An 2021- not an_lianbao_wf-a_router 2021- Lianbao WF-1 router 1.0.1 allows remote attackers to execute 04-29 yet   30233 Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

arbitrary commands via shell metacharacters in the iptv_vlan calcul MISC parameter. ated MISC MISC

CVE- The api/ZRIGMP/set_IGMP_PROXY interface in China not 2021- china_mobile -- Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers 2021- yet 30232 an_lianbao_wf-a_router to execute arbitrary commands via shell metacharacters in the 04-29 calcul MISC   IGMP_PROXY_WAN_CONNECT parameter. ated MISC MISC

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected cisco -- device. These vulnerabilities are due to lack of proper input not CVE- adaptive_security_applian validation of the HTTPS request. An attacker could exploit 2021- yet 2021- ce_software these vulnerabilities by sending a crafted HTTPS request to an 04-29 calcul 1445   affected device. A successful exploit could allow the attacker ated CISCO to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected cisco -- system. The vulnerability is due to insufficient boundary not CVE- adaptive_security_applian checks for specific data that is provided to the web services 2021- yet 2021- ce_software interface of an affected system. An attacker could exploit this 04-29 calcul 1493   vulnerability by sending a malicious HTTP request. A ated CISCO successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.

A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, cisco -- local attacker to inject commands that could be executed with not CVE- adaptive_security_applian root privileges on the underlying operating system (OS). This 2021- yet 2021- ce_software vulnerability is due to insufficient input validation. An attacker 04-29 calcul 1488   could exploit this vulnerability by uploading a crafted upgrade ated CISCO package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

A vulnerability in the SIP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an cisco -- unauthenticated, remote attacker to cause a crash and reload of not CVE- adaptive_security_applian an affected device, resulting in a denial of service (DoS) 2021- yet 2021- ce_software condition.The vulnerability is due to a crash that occurs during 04-29 calcul 1501   a hash lookup for a SIP pinhole connection. An attacker could ated CISCO exploit this vulnerability by sending crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a crash and reload of the affected device.

Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected cisco -- device. These vulnerabilities are due to lack of proper input not CVE- adaptive_security_applian validation of the HTTPS request. An attacker could exploit 2021- yet 2021- ce_software these vulnerabilities by sending a crafted HTTPS request to an 04-29 calcul 1504   affected device. A successful exploit could allow the attacker ated CISCO to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability cisco -- not CVE- is due to insufficient input validation of commands that are adaptive_security_applian 2021- yet 2021- supplied by the user. An attacker could exploit this ce_software 04-29 calcul 1476 vulnerability by authenticating to a device and submitting   ated CISCO crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials.

A vulnerability in the REST API of Cisco Firepower Device Manager (FDM) On-Box Software could allow an authenticated, remote attacker to gain read and write access to cisco -- information that is stored on an affected device. This not CVE- firepower_device_manage vulnerability is due to the improper handling of XML External 2021- yet 2021- r Entity (XXE) entries when parsing certain XML files. An 04-29 calcul 1369   attacker could exploit this vulnerability by sending malicious ated CISCO requests that contain references in XML entities to an affected system. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

of sensitive information or causing a partial denial of service (DoS) condition on the affected device.

A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to the insufficient cisco -- not CVE- management of available filesystem resources. An attacker firepower_device_manage 2021- yet 2021- could exploit this vulnerability by uploading files to the device r_software 04-29 calcul 1489 and exhausting available filesystem resources. A successful   ated CISCO exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. Manual intervention is required to free filesystem resources and return the device to an operational state.

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) cisco -- Software could allow an unauthenticated, remote attacker to not CVE- firepower_management_c conduct a cross-site scripting (XSS) attack against a user of the 2021- yet 2021- enter_software interface. These vulnerabilities are due to insufficient 04-29 calcul 1458   validation of user-supplied input by the web-based ated CISCO management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

A vulnerability in an access control mechanism of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access services beyond the cisco -- scope of their authorization. This vulnerability is due to not CVE- firepower_management_c insufficient enforcement of access control in the affected 2021- yet 2021- enter_software software. An attacker could exploit this vulnerability by 04-29 calcul 1477   directly accessing the internal services of an affected device. A ated CISCO successful exploit could allow the attacker to overwrite policies and impact the configuration and operation of the affected device.

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cisco -- not CVE- conduct a cross-site scripting (XSS) attack against a user of the firepower_management_c 2021- yet 2021- interface. These vulnerabilities are due to insufficient enter_software 04-29 calcul 1456 validation of user-supplied input by the web-based   ated CISCO management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the cisco -- not CVE- interface. These vulnerabilities are due to insufficient firepower_management_c 2021- yet 2021- validation of user-supplied input by the web-based enter_software 04-29 calcul 1457 management interface. An attacker could exploit these   ated CISCO vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cisco -- not CVE- conduct a cross-site scripting (XSS) attack against a user of the firepower_managment_ce 2021- yet 2021- interface. These vulnerabilities are due to insufficient nter_software 04-29 calcul 1455 validation of user-supplied input by the web-based   ated CISCO management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are cisco -- not CVE- overwritten. This vulnerability is due to insufficient validation firepower_threat_defense_ 2021- yet 2021- of user input for the file path in a specific CLI command. An software 04-29 calcul 1256 attacker could exploit this vulnerability by logging in to a   ated CISCO targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense (FTD) Software cisco -- could allow an unauthenticated, remote attacker to trigger a not CVE- firepower_threat_defense_ reload of an affected device, resulting in a denial of service 2021- yet 2021- software (DoS) condition. The vulnerability is due to insufficient 04-29 calcul 1402   validation of SSL/TLS messages when the device performs ated CISCO software-based SSL decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message through Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

an affected device. SSL/TLS messages sent to an affected device do not trigger this vulnerability. A successful exploit could allow the attacker to cause a process to crash. This crash would then trigger a reload of the device. No manual intervention is needed to recover the device after the reload.

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the cisco -- underlying operating system of an affected device that is not CVE- firepower_threat_defense_ running in multi-instance mode. This vulnerability is due to 2021- yet 2021- software insufficient validation of user-supplied command arguments. 04-29 calcul 1448   An attacker could exploit this vulnerability by submitting ated CISCO crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, not CVE- remote attacker to bypass a configured file policy for HTTP. cisco -- multiple_products 2021- yet 2021- The vulnerability is due to incorrect handling of specific HTTP   04-29 calcul 1495 header parameters. An attacker could exploit this vulnerability ated CISCO by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

configured file policy for HTTP packets and deliver a malicious payload.

CKEditor 5 provides a WYSIWYG editing solution. This CVE CVE- affects the following npm packages: ckeditor5-engine, 2021- ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5- 21391 markdown-gfm, ckeditor5-media-embed, ckeditor5-paste- MISC from-office, and ckeditor5-widget. Following an internal audit, MISC not a regular expression denial of service (ReDoS) vulnerability MISC ckeditor -- ckeditor 2021- yet has been discovered in multiple CKEditor 5 packages. The MISC   04-29 calcul vulnerability allowed to abuse particular regular expressions, CONF ated which could cause a significant performance drop resulting in IRM a browser tab freeze. It affects all users using the CKEditor 5 MISC packages listed above at version <= 26.0.0. The problem has MISC been recognized and patched. The fix will be available in MISC version 27.0.0. MISC

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and not CVE- cloudengine -- CloudEngine 12800. The affected product cannot deal with 2021- yet 2021- multiple_devices some messages because of module design weakness . 04-28 calcul 22393   Attackers can exploit this vulnerability by sending a large ated MISC amount of specific messages to cause denial of service. This can compromise normal service. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and not CVE- cloudengine -- CloudEngine 12800. When a function is called, the same 2021- yet 2021- multiple_devices memory pointer is copied to two functional modules. Attackers 04-28 calcul 22332   can exploit this vulnerability by performing a malicious ated MISC operation to cause the pointer double free. This may lead to module crash, compromising normal service.

The Alertmanager in CNCF Cortex before 1.8.1 has a local file CVE- disclosure vulnerability when - 2021- experimental.alertmanager.enable-api is used. The HTTP basic not 31232 cncf -- cortex auth password_file can be used as an attack vector to send any 2021- yet MISC   file content via a webhook. The alertmanager templates can be 04-30 calcul MISC used as an attack vector to send any file content because the ated MISC alertmanager can load any text file specified in the templates MISC list.

CVE- not 2021- CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out- cncsoft-b -- cncsoft-b 2021- yet 22660 of-bounds read, which may allow an attacker to execute   04-27 calcul MISC arbitrary code. ated MISC MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs CVE- can only be supplied by third party Composer repositories they 2021- explicitly trust to download and execute source code from, e.g. not 29472 composer -- composer Composer plugins. The main impact is to services passing user 2021- yet MISC   input to Composer, including Packagist.org and Private 04-27 calcul CONF Packagist. This allowed users to trigger remote code execution. ated IRM The vulnerability has been patched on Packagist.org and DEBI Private Packagist within 12h of receiving the initial AN vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue.

not CVE- cpanel -- cpanel cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save 2021- yet 2021-   Profile (SEC-581). 04-26 calcul 31803 ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

AMP Application Deployment Service in CubeCoders AMP cubecoders -- 2.1.x before 2.1.1.2 allows a remote, authenticated user to open not CVE- application_deployment_s ports in the local system firewall by crafting an HTTP(S) 2021- yet 2021- ervice request directly to the applicable API endpoint (despite not 04-30 calcul 31926   having permission to make changes to the system's network ated MISC configuration).

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server CVE- may crash. This may affect other users of this server and/or 2021- cumulative-distribution- require the server to be rebooted for proper operation. In the not 29486 function -- case of a browser app using this library to act on invalid non- 2021- yet MISC cumulative-distribution- numeric data, that browser may crash or lock up. A flaw 04-30 calcul MISC function enabling an infinite-loop was discovered in the code for ated CONF   evaluating the cumulative-distribution-function of input data. IRM Although the documentation explains that numeric data is MISC required, some users may confuse an array of strings like ["1","2","3","4","5"] for numeric data [1,2,3,4,5] when it is in fact string data. An infinite loop is possible when the cumulative-distribution-function is evaluated for a given point when the input data is string data rather than type `number`. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

This vulnerability enables an infinite-cpu-loop denial-of- service-attack on any app using npm:cumulative-distribution- function v1.0.3 or earlier if the attacker can supply malformed data to the library. The vulnerability could also manifest if a data source to be analyzed changes data type from Arrays of number (proper) to Arrays of string (invalid, but undetected by earlier version of the library). Users should upgrade to at least v2.0.0, or the latest version. Tests for several types of invalid data have been created, and version 2.0.0 has been tested to reject this invalid data by throwing a `TypeError()` instead of processing it. Developers using this library may wish to adjust their app's code slightly to better tolerate or handle this TypeError. Apps performing proper numeric data validation before sending data to this library should be mostly unaffected by this patch. The vulnerability can be mitigated in older versions by ensuring that only finite numeric data of type `Array[number]` or `number` is passed to `cumulative- distribution-function` and its `f(x)` function, respectively.

Cygwin Git is a patch set for the git command line tool for the CVE- cygwin environment. A specially crafted repository that not 2021- cygwin -- cygwin contains symbolic links as well as files with backslash 2021- yet 29468   characters in the file name may cause just-checked out code to 04-29 calcul MISC be executed while checking out a repository using Git on ated MISC Cygwin. The problem will be patched in the Cygwin Git MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

v2.31.1-2 release. At time of writing, the vulnerability is CONF present in the upstream Git source code; any Cygwin user who IRM compiles Git for themselves from upstream sources should manually apply a patch to mitigate the vulnerability. As mitigation users should not clone or pull from repositories from untrusted sources. CVE-2019-1354 was an equivalent vulnerability in Git for Visual Studio.

CVE- DAP-1880AC firmware version 1.21 and earlier allows a not 2021- d-link -- dap- remote authenticated attacker to execute arbitrary OS 2021- yet 20696 1880ac_firmware commands by sending a specially crafted request to a specific 04-26 calcul MISC CGI program. ated MISC

CVE- Improper access control vulnerability in DAP-1880AC not d-link -- dap- 2021- firmware version 1.21 and earlier allows a remote 2021- yet 1880ac_firmware 20694 authenticated attacker to bypass access restriction and to start a 04-26 calcul   MISC telnet service via unspecified vectors. ated MISC

Improper following of a certificate's chain of trust vulnerability not d-link -- dap- CVE- in DAP-1880AC firmware version 1.21 and earlier allows a 2021- yet 1880ac_firmware 2021- remote authenticated attacker to gain root privileges via 04-26 calcul   20695 unspecified vectors. ated Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

MISC MISC

CVE- Missing authentication for critical function in DAP-1880AC not d-link -- dap- 2021- firmware version 1.21 and earlier allows a remote attacker to 2021- yet 1880ac_firmware 20697 login to the device as an authenticated user without the access 04-26 calcul   MISC privilege via unspecified vectors. ated MISC

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition not CVE- vulnerability. A remote authenticated attacker could potentially 2021- yet 2021- dell -- emc_idrac9 exploit this vulnerability to gain elevated privileges when a 04-30 calcul 21539 user with higher privileges is simultaneously accessing iDRAC ated MISC through the web interface.

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could not CVE- potentially exploit these vulnerabilities to store malicious 2021- yet 2021- dell -- emc_idrac9 HTML or JavaScript code through multiple affected 04-30 calcul 21543 parameters. When victim users access the submitted data ated MISC through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an not CVE- improper authentication vulnerability. A remote authenticated 2021- yet 2021- dell -- emc_idrac9 malicious user with high privileges could potentially exploit 04-30 calcul 21544 this vulnerability to manipulate the username field under the ated MISC comment section and set the value to any user.

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote not CVE- dell -- emc_idrac9 unauthenticated attacker could potentially exploit this 2021- yet 2021- vulnerability by tricking a victim application user to supply 04-30 calcul 21541   malicious HTML or JavaScript code to DOM environment in ated MISC the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a not CVE- stack-based overflow vulnerability. A remote authenticated dell -- emc_idrac9 2021- yet 2021- attacker could potentially exploit this vulnerability to overwrite   04-30 calcul 21540 configuration information by injecting arbitrarily large ated MISC payload.

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain not CVE- dell -- emc_idrac9 multiple stored cross-site scripting vulnerabilities. A remote 2021- yet 2021-   authenticated malicious user with high privileges could 04-30 calcul 21542 potentially exploit these vulnerabilities to store malicious ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module CVE- firmware versions prior to 2.0.0.82 contain a Weak Password not dell -- emc_networking_x- 2021- Encryption Vulnerability. A remote unauthenticated attacker 2021- yet series 21507 could potentially exploit this vulnerability, leading to the 04-30 calcul   CONF disclosure of certain user credentials. The attacker may be able ated IRM to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage CVE- not vulnerability when the Dell Upgrade Readiness Utility is run 2021- dell -- emc_unity 2021- yet on the system. The credentials of the Unisphere Administrator 21547   04-30 calcul are stored in plain text. A local malicious user with high CONF ated privileges may use the exposed password to gain access with IRM the privileges of the compromised user. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

Dell Hybrid Client versions prior to 1.5 contain a missing not CVE- dell -- hybrid_client authentication for a critical function vulnerability. A local 2021- yet 2021-   unauthenticated attacker may exploit this vulnerability in order 04-30 calcul 21535 to gain root level access to the system. ated MISC

Dell Hybrid Client versions prior to 1.5 contain an information not CVE- dell -- hybrid_client exposure vulnerability. A local unauthenticated attacker may 2021- yet 2021-   exploit this vulnerability in order to gain access to sensitive 04-30 calcul 21534 information via the local API. ated MISC

Dell Hybrid Client versions prior to 1.5 contain an information not CVE- dell -- hybrid_client exposure vulnerability. A local unauthenticated attacker may 2021- yet 2021-   exploit this vulnerability in order to register the client to a 04-30 calcul 21536 server in order to view sensitive information. ated MISC

Dell Hybrid Client versions prior to 1.5 contain an information not CVE- dell -- hybrid_client exposure vulnerability. A local unauthenticated attacker may 2021- yet 2021-   exploit this vulnerability in order to view and exfiltrate 04-30 calcul 21537 sensitive information on the system. ated MISC

Dell OpenManage Enterprise-Modular (OME-M) versions CVE- dell -- 2021- not prior to 1.30.00 contain a security bypass vulnerability. An 2021- openmanage_enterprise- 04-30 yet authenticated malicious user with low privileges may 21530 Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info modular potentially exploit the vulnerability to escape from the calcul CONF   restricted environment and gain access to sensitive information ated IRM in the system, resulting in information disclosure and elevation of privilege.

CVE- Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain not 2021- dell -- unisphere an Authorization Bypass Vulnerability. A local authenticated 2021- yet 21531   malicious user with monitor role may exploit this vulnerability 04-30 calcul CONF to perform unauthorized actions. ated IRM

not CVE- delta -- Delta Industrial Automation COMMGR Versions 1.12 and 2021- yet 2021- industrial_automation prior are vulnerable to a stack-based buffer overflow, which 04-27 calcul 27480   may allow an attacker to execute remote code. ated MISC

django-filter is a generic system for filtering Django QuerySets CVE- based on user selections. In django-filter before version 2.4.0, 2020- automatically generated `NumberFilter` instances, whose value not 15225 django -- django was later converted to an integer, were subject to potential DoS 2021- yet CONF   from maliciously input using exponential format with 04-29 calcul IRM sufficiently large exponents. Version 2.4.0+ applies a ated MISC `MaxValueValidator` with a a default `limit_value` of 1e50 to MISC the form field used by `NumberFilter` instances. In addition, MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

`NumberFilter` implements the new `get_max_validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade.

SQL injection in the getip function in conn/function.php in not CVE- doc -- doc ??100-???????? 1.1 allows remote attackers to inject arbitrary 2021- yet 2021-   SQL commands via the X-Forwarded-For header to 04-29 calcul 29350 admin/product_add.php. ated MISC

CVE- 2021- 30502 The unofficial vscode-ghc-simple (aka Simple Glasgow not MISC dreamforver -- simple_ghc Haskell Compiler) extension before 0.2.3 for Visual Studio 2021- yet MISC   Code allows remote code execution via a crafted workspace 04-25 calcul CONF configuration with replCommand. ated IRM CONF IRM edimax -- CVE- The default administrator account & password of the 2021- not wireless_network_camera 2021- EDIMAX wireless network camera is hard-coded. Remote 04-27 yet   30165 Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

attackers can disassemble firmware to obtain the privileged calcul CONF permission and further control the devices. ated IRM

CVE- 2021- The manage users profile services of the network camera not edimax -- 30167 device allows an authenticated. Remote attackers can modify 2021- yet wireless_network_camera MISC URL parameters and further amend user’s information and 04-28 calcul   MISC escalate privileges to control the devices. ated MISC MISC

CVE- 2021- not edimax -- The sensitive information of webcam device is not properly 30168 2021- yet wireless_network_camera protected. Remote attackers can unauthentically grant MISC 04-28 calcul   administrator’s credential and further control the devices. MISC ated MISC MISC

not CVE- emlog -- emlog Cross Site Scripting (XSS) vulnerability in the article 2021- yet 2021-   comments feature in emlog 6.0. 04-29 calcul 30227 ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- Emmanuel MyDomoAtHome (MDAH) REST API REST API 2020- Domoticz ISS Gateway 0.2.40 is affected by an information not emmanuel -- 21990 disclosure vulnerability due to improper access control 2021- yet mydomoathome EXPL enforcement. An unauthenticated remote attacker can exploit 04-29 calcul   OIT- this, via a specially crafted request to gain access to sensitive ated DB information. MISC

CVE- Etherpad < 1.8.3 is affected by a missing lock check which not 2020- could cause a denial of service. Aggressively targeting random 2021- yet etherpad -- etherpad 22785 pad import endpoints with empty data would flatten all pads 04-28 calcul CONF due to lack of rate limiting and missing ownership check. ated IRM

In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing CVE- not spaces on char / varchar columns during comparisons, 2020- 2021- yet etherpad -- etherpad retrieving database records using UeberDB's MySQL 22784 04-28 calcul connector could allow bypassing access controls enforced on CONF ated key names. IRM

not CVE- Etherpad <1.8.3 stored passwords used by users insecurely in etherpad -- etherpad 2021- yet 2020- the database and in log files. This affects every database   04-28 calcul 22783 backend supported by Etherpad. ated CONF Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

IRM MISC

CVE- not In Etherpad < 1.8.3, a specially crafted URI would raise an 2020- etherpad -- etherpad 2021- yet unhandled exception in the cache mechanism and cause a 22781   04-28 calcul denial of service (crash the instance). CONF ated IRM

CVE- not Etherpad < 1.8.3 is affected by a denial of service in the import 2020- etherpad -- etherpad 2021- yet functionality. Upload of binary file to the import endpoint 22782   04-28 calcul would crash the instance. CONF ated IRM

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image CVE- metadata. An out-of-bounds read was found in Exiv2 versions 2021- not v0.27.3 and earlier. Exiv2 is a command-line utility and C++ 29473 exiv2 -- exiv2 2021- yet library for reading, writing, deleting, and modifying the MISC   04-26 calcul metadata of image files. The out-of-bounds read is triggered CONF ated when Exiv2 is used to write metadata into a crafted image file. IRM An attacker could potentially exploit the vulnerability to cause MISC a denial of service by crashing Exiv2, if they can trick the Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command- line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security.

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is CVE- used to write metadata into a crafted image file. An attacker not 2021- could potentially exploit the vulnerability to cause a denial of exiv2 -- exiv2 2021- yet 29463 service by crashing Exiv2, if they can trick the victim into   04-30 calcul MISC running Exiv2 on a crafted image file. Note that this bug is ated CONF only triggered when writing the metadata, which is a less IRM frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. exiv2 -- exiv2 Exiv2 is a command-line utility and C++ library for reading, 2021- not CVE-   writing, deleting, and modifying the metadata of image files. 04-23 yet 2021- Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

An out-of-bounds read was found in Exiv2 versions v0.27.3 calcul 29470 and earlier. The out-of-bounds read is triggered when Exiv2 is ated CONF used to write metadata into a crafted image file. An attacker IRM could potentially exploit the vulnerability to cause a denial of MISC service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is used to CVE- write metadata into a crafted image file. An attacker could not 2021- potentially exploit the vulnerability to gain code execution, if exiv2 -- exiv2 2021- yet 29464 they can trick the victim into running Exiv2 on a crafted image   04-30 calcul MISC file. Note that this bug is only triggered when writing the ated CONF metadata, which is a less frequently used Exiv2 operation than IRM reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- Requests is a HTTP library written in PHP. Requests not 2021- filterediterator -- mishandles deserialization in FilteredIterator. The issue has 2021- yet 29476 filterediterator been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 04-27 calcul CONF   should update to version 1.8.0. ated IRM MISC

CVE- fluidsynth is a software synthesizer based on the SoundFont 2 not 2021- fluidsynth -- fuidsynth specifications. A use after free violation was discovered in 2021- yet 21417   fluidsynth, that can be triggered when loading an invalid 04-29 calcul MISC SoundFont file. ated CONF IRM

Authenticated Stored XSS in FME Server versions 2019.2 and not CVE- 2020.0 Beta allows a remote attacker to execute codeby fme -- server 2021- yet 2020- injecting arbitrary web script or HTML via modifying the   04-28 calcul 22790 name of the users. The XSS is executed when an administrator ated MISC access the logs.

not CVE- Unauthenticated Stored XSS in FME Server versions 2019.2 fme -- server 2021- yet 2020- and 2020.0 Beta allows a remote attacker to gain admin   04-28 calcul 22789 privileges by injecting arbitrary web script or HTML via the ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

login page. The XSS is executed when an administrator accesses the logs.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that CVE- the target must visit a malicious page or open a malicious file. not 2021- The specific flaw exists within the parsing of JPM files. The 2021- yet foxit -- studio_photo 31434 issue results from the lack of proper validation of user-supplied 04-29 calcul MISC data, which can result in a write past the end of an allocated ated MISC structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN- 12377.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that CVE- the target must visit a malicious page or open a malicious file. not 2021- The specific flaw exists within the handling of PSP files. The 2021- yet foxit -- studio_photo 31438 issue results from the lack of proper validation of the length of 04-29 calcul MISC user-supplied data prior to copying it to a fixed-length stack- ated MISC based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI- CAN-12443. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that CVE- not the target must visit a malicious page or open a malicious file. 2021- 2021- yet foxit -- studio_photo The specific flaw exists within the handling of SGI files. The 31436 04-29 calcul issue results from the lack of proper validation of the length of MISC ated user-supplied data prior to copying it to a heap-based buffer. MISC An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12376.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that CVE- not the target must visit a malicious page or open a malicious file. 2021- foxit -- studio_photo 2021- yet The specific flaw exists within the parsing of CMP files. The 31435   04-29 calcul issue results from the lack of proper initialization of memory MISC ated prior to accessing it. An attacker can leverage this vulnerability MISC to execute code in the context of the current process. Was ZDI- CAN-12331.

This vulnerability allows remote attackers to execute arbitrary CVE- not code on affected installations of Foxit Studio Photo 3.6.6.931. 2021- foxit -- studio_photo 2021- yet User interaction is required to exploit this vulnerability in that 31433   04-29 calcul the target must visit a malicious page or open a malicious file. MISC ated The specific flaw exists within the parsing of ARW files. The MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI- CAN-12333.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that CVE- the target must visit a malicious page or open a malicious file. not 2021- foxit -- studio_photo The specific flaw exists within the parsing of JP2 files. The 2021- yet 31437   issue results from the lack of proper validation of user-supplied 04-29 calcul MISC data, which can result in a write past the end of an allocated ated MISC structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN- 12384.

A smart proxy that provides a restful API to various sub- systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of not CVE- freeipa -- freeipa Foreman smart proxy does not check the SSL certificate, thus, 2021- yet 2021-   an unauthenticated attacker can perform actions in FreeIPA if 04-26 calcul 3494 certain conditions are met. The highest threat from this flaw is ated MISC to system confidentiality. This flaw affects Foreman versions before 2.5.0. Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- GalaxyClient version 2.0.28.9 loads unsigned DLLs such as not galaxyclient -- 2021- zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from 2021- yet galaxyclient 26807 PATH, which allows an attacker to potentially run code locally 04-30 calcul   MISC through unsigned DLL loading. ated MISC

CVE- Gestsup before 3.2.10 allows account takeover through the not 2021- password recovery functionality (remote). The affected gestsup -- gestsup 2021- yet 31646 component is the file forgot_pwd.php - it uses a weak   04-26 calcul MISC algorithm for the generation of password recovery tokens (the ated MISC PHP uniqueid function), allowing a brute force attack. MISC

Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain CVE- access by getting logged in users to click a link containing 2021- malicious code. Users do not need to enter credentials and may not 29484 ghost -- ghost not know they've visited a malicious site. Ghost(Pro) has 2021- yet MISC   already been patched. We can find no evidence that the issue 04-29 calcul MISC was exploited on Ghost(Pro) prior to the patch being added. ated CONF Self-hosters are impacted if running Ghost a version between IRM 4.0.0 and 4.3.2. Immediate action should be taken to secure your site. The issue has been fixed in 4.3.3, all 4.x sites should upgrade as soon as possible. As the endpoint is unused, the Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

patch simply removes it. As a workaround blocking access to /ghost/preview can also mitigate the issue.

CVE- Directory Traversal in the fileDownload function in not 2021- com/java2nb/common/controller/FileController.java in Novel- 2021- yet gitee -- gitee 30048 plus (?????-plus) 3.5.1 allows attackers to read arbitrary files 04-29 calcul MISC via the filePath parameter. ated MISC

not CVE- GNU Wget through 1.21.1 does not omit the Authorization gnu -- wget 2021- yet 2021- header upon a redirect to a different origin, a related issue to   04-29 calcul 31879 CVE-2018-1000007. ated MISC

GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social CVE- graph, and (sometimes) COVID-19 infection status, because not 2021- google -- android Rolling Proximity Identifiers and MAC addresses are written 2021- yet 31815   to the Android system log, and many Android devices have 04-28 calcul MISC applications (preinstalled by the hardware manufacturer or ated MISC network operator) that read system log data and send it to third parties. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

"began several weeks ago and will be complete in the coming days."

CVE- 2021- not Incorrect security UI in downloads in Google Chrome on 21229 2021- yet google -- chrome Android prior to 90.0.4430.93 allowed a remote attacker to MISC 04-30 calcul perform domain spoofing via a crafted HTML page. MISC ated GENT OO

CVE- 2021- not Insufficient data validation in V8 in Google Chrome prior to 21231 2021- yet google -- chrome 90.0.4430.93 allowed a remote attacker to potentially exploit MISC 04-30 calcul heap corruption via a crafted HTML page. MISC ated GENT OO

CVE- Insufficient policy enforcement in extensions in Google not 2021- google -- chrome Chrome prior to 90.0.4430.93 allowed an attacker who 2021- yet 21228   convinced a user to install a malicious extension to bypass 04-30 calcul MISC navigation restrictions via a crafted Chrome Extension. ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

GENT OO

The Alertmanager in Grafana Enterprise Metrics before 1.2.1 CVE- and Metrics Enterprise 1.2.1 has a local file disclosure 2021- vulnerability when experimental.alertmanager.enable-api is not grafana -- 31231 used. The HTTP basic auth password_file can be used as an 2021- yet enterprise_metrics MISC attack vector to send any file content via a webhook. The 04-30 calcul   MISC alertmanager templates can be used as an attack vector to send ated MISC any file content because the alertmanager can load any text file MISC specified in the templates list.

Buffer Overflow in Graphviz Graph Visualization Tools from not CVE- graphviz -- commit ID f8b9e035 and earlier allows remote attackers to 2021- yet 2020- graph_visualization_tools execute arbitrary code or cause a denial of service (application 04-29 calcul 18032   crash) by loading a crafted file into the "lib/common/shapes.c" ated MISC component.

A security vulnerability that can lead to local privilege CVE- escalation has been found in ’guix-daemon’. It affects multi- not guix-daemon -- guix- 2021- user setups in which ’guix-daemon’ runs locally. The attack 2021- yet daemon 27851 consists in having an unprivileged user spawn a build process, 04-26 calcul   MISC for instance with `guix build`, that makes its build directory ated MISC world-writable. The user then creates a hardlink to a root- Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0- 75109-g94f0312546 are vulnerable.

Improper access control vulnerability in Gurunavi App for not CVE- gurunavi -- gurunavi Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and 2021- yet 2021-   earlier allows a remote attacker to lead a user to access an 04-26 calcul 20693 arbitrary website via the vulnerable App. ated MISC

not CVE- hame -- An access control vulnerability in Hame SD1 Wi-Fi firmware 2021- yet 2021- sd1_wifi_firmware <=V.20140224154640 allows an attacker to get system 04-26 calcul 26797   administrator through an open Telnet service. ated MISC

not CVE- In Hardware Sentry KM before 10.0.01 for BMC PATROL, a hardware_sentry -- km 2021- yet 2021- cleartext password may be discovered after a failure or timeout   04-23 calcul 31791 of a command. ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- A flaw was found in RPM's hdrblobInit() in lib/header.c. This not 2021- hdrblobnit -- hdrblobnit flaw allows an attacker who can modify the rpmdb to cause an 2021- yet 20266   out-of-bounds read. The highest threat from this vulnerability 04-30 calcul MISC is to system availability. ated MISC MISC

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability to modify a note. This will affect all instances, which have pdf export enabled. This issue has been fixed by CVE- https://github.com/hedgedoc/hedgedoc/commit/c1789474020a not 2021- hedgedoc -- hedgedoc 6d668d616464cb2da5e90e123f65 and is available in version 2021- yet 29475   1.5.0. Starting the CodiMD/HedgeDoc instance with 04-26 calcul MISC `CMD_ALLOW_PDF_EXPORT=false` or set ated CONF `"allowPDFExport": false` in config.json can mitigate this IRM issue for those who cannot upgrade. This exploit works because while PhantomJS doesn't actually render the `file:///` references to the PDF file itself, it still uses them internally, and exfiltration is possible, and easy through JavaScript rendering. The impact is pretty bad, as the attacker is able to read the CodiMD/HedgeDoc `config.json` file as well any Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

other files on the filesystem. Even though the suggested Docker deploy option doesn't have many interesting files itself, the `config.json` still often contains sensitive information, database credentials, and maybe OAuth secrets among other things.

HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` (replace `http://localhost:3000` with your instance's base-URL e.g. CVE- not `https://demo.hedgedoc.org/..%2F..%2FREADME#`). If you 2021- hedgedoc -- hedgedoc 2021- yet see a README page being rendered, you run an affected 29474   04-26 calcul version. The attack works due the fact that the internal router CONF ated passes the url-encoded alias to the `noteController.showNote`- IRM function. This function passes the input directly to findNote() utility function, that will pass it on the the parseNoteId()- function, that tries to make sense out of the noteId/alias and check if a note already exists and if so, if a corresponding file on disk was updated. If no note exists the note creation- function is called, which pass this unvalidated alias, with a `.md` appended, into a path.join()-function which is read from Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

the filesystem in the follow up routine and provides the pre- filled content of the new note. This allows an attacker to not only read arbitrary `.md` files from the filesystem, but also observes changes to them. The usefulness of this attack can be considered limited, since mainly markdown files are use the file-ending `.md` and all markdown files contained in the hedgedoc project, like the README, are public anyway. If other protections such as a chroot or container or proper file permissions are in place, this attack's usefulness is rather limited. On a reverse-proxy level one can force a URL-decode, which will prevent this attack because the router will not accept such a path.

CVE- 2020- HomeAutomation 3.3.2 suffers from an authentication bypass not 22001 homeautomation -- vulnerability when spoofing client IP address using the X- 2021- yet EXPL homeautomation Forwarded-For header with the local (loopback) IP address 04-27 calcul OIT- value allowing remote control of the smart home solution. ated DB MISC

HomeAutomation 3.3.2 suffers from an authenticated OS not CVE- homeautomation -- command execution vulnerability using custom command v0.1 2021- yet 2020- homeautomation plugin. This can be exploited with a CSRF vulnerability to 04-27 calcul 22000 execute arbitrary shell commands as the web user via the ated MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

'set_command_on' and 'set_command_off' POST parameters in EXPL '/system/systemplugins/customcommand/customcommand.plu OIT- gin.php' by using an unsanitized PHP exec() function. DB

CVE- HomeAutomation 3.3.2 is affected by persistent Cross Site 2020- Scripting (XSS). XSS vulnerabilities occur when input passed not homeautomation -- 21987 via several parameters to several scripts is not properly 2021- yet homeautomation EXPL sanitized before being returned to the user. This can be 04-27 calcul   OIT- exploited to execute arbitrary HTML and script code in a user's ated DB browser session. MISC

CVE- HomeAutomation 3.3.2 is affected by Cross Site Request 2020- Forgery (CSRF). The application interface allows users to not homeautomation -- 21989 perform certain actions via HTTP requests without performing 2021- yet homeautomation EXPL any validity checks to verify the requests. This can be 04-27 calcul   OIT- exploited to perform certain actions with administrative ated DB privileges if a logged-in user visits a malicious web site. MISC

not homeautomation -- In HomeAutomation 3.3.2 input passed via the 'redirect' GET CVE- 2021- yet homeautomation parameter in 'api.php' script is not properly verified before 2020- 04-27 calcul   being used to redirect users. This can be exploited to redirect a 21998 ated Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

user to an arbitrary website e.g. when a user clicks a specially MISC crafted link to the affected script hosted on a trusted domain. MISC

Improper access control vulnerability in Hot Pepper Gourmet not CVE- hot_pepper -- App for Android ver.4.111.0 and earlier, and for iOS 2021- yet 2021- gourmet_app ver.4.111.0 and earlier allows a remote attacker to lead a user 04-27 calcul 20715   to access an arbitrary website via the vulnerable App. ated MISC

There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions not CVE- huawei -- include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 2021- yet 2021- multiple_smart_phones 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 04-28 calcul 22327   10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), ated MISC 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).

There is an out of bounds write vulnerability in Huawei not CVE- huawei -- Smartphone HUAWEI P30 versions 2021- yet 2021- multiple_smart_phones 9.1.0.131(C00E130R1P21) when processing a message. An 04-28 calcul 22330   unauthenticated attacker can exploit this vulnerability by ated MISC sending specific message to the target device. Due to Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal.

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. not CVE- huawei -- This may compromise normal service. Affected product 2021- yet 2021- multiple_smart_phones versions include HUAWEI P30 versions earlier than 04-28 calcul 22331   10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), ated MISC 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).

CVE- IBM Content Navigator 3.0.CD is vulnerable to cross-site not 2021- scripting. This vulnerability allows users to embed arbitrary ibm -- content_navigator 2021- yet 20550 JavaScript code in the Web UI thus altering the intended   04-27 calcul XF functionality potentially leading to credentials disclosure ated CONF within a trusted session. IBM X-Force ID: 199168. IRM ibm -- content_navigator IBM Content Navigator 3.0.CD is vulnerable to cross-site 2021- not CVE-   scripting. This vulnerability allows users to embed arbitrary 04-27 yet 2021- Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

JavaScript code in the Web UI thus altering the intended calcul 20549 functionality potentially leading to credentials disclosure ated CONF within a trusted session. IBM X-Force ID: 199167. IRM XF

CVE- IBM Content Navigator 3.0.CD is vulnerable to cross-site not 2021- scripting. This vulnerability allows users to embed arbitrary ibm -- content_navigator 2021- yet 20448 JavaScript code in the Web UI thus altering the intended   04-27 calcul CONF functionality potentially leading to credentials disclosure ated IRM within a trusted session. IBM X-Force ID: 196624. XF

CVE- IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through not 2021- 5.1.0.2 is potentially vulnerable to CSV Injection. A remote 2021- yet 29667 ibm -- spectrum_scale attacker could execute arbitrary commands on the system, 04-27 calcul CONF caused by improper validation of csv file contents. IBM X- ated IRM Force ID: 199403. XF

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through not CVE- ibm -- spectrum_scale 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability 2021- yet 2021-   allows users to embed arbitrary JavaScript code in the Web UI 04-27 calcul 29666 thus altering the intended functionality potentially leading to ated XF Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

credentials disclosure within a trusted session. IBM X-Force CONF ID: 199400. IRM

CVE- not 2020- IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a ibm -- spectrum_scale 2021- yet 4981 local privileged user to overwrite files due to improper input   04-27 calcul CONF validation. IBM X-Force ID: 192541. ated IRM XF

Path Traversal in iCMS v7.0.13 allows remote attackers to not CVE- icms -- icms delete folders by injecting commands into a crafted HTTP 2021- yet 2020-   request to the "do_del()" method of the component 04-30 calcul 18070 "database.admincp.php". ated MISC

Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being inim -- not CVE- sanitized when called with the 'testemail' module through electronics_smartliving_s 2021- yet 2020- web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB mart 04-29 calcul 21992 executable, ARM) is calling the 'sh' executable via the   ated MISC system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

remotely execute system commands as the root user using default credentials and bypass access controls in place.

CVE- 2020- inim -- not Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses 21995 electronics_smartliving_s 2021- yet default hardcoded credentials. An attacker could exploit this to EXPL mart 04-29 calcul gain Telnet, SSH and FTP access to the system. OIT-   ated DB MISC

An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability exists in Inim Electronics Smartliving SmartLAN/G/SI <=6.x within the GetImage functionality. The CVE- inim -- not application parses user supplied data in the GET parameter 2020- electronics_smartliving_s 2021- yet 'host' to construct an image request to the service through 22002 mart 04-29 calcul onvif.cgi. Since no validation is carried out on the parameter, MISC   ated an attacker can specify an external domain and force the MISC application to make an HTTP request to an arbitrary destination host.

** DISPUTED ** An issue was discovered in Jansson through jansson -- jansson 2021- not CVE- 2.13.1. Due to a parsing error in json_loads, there's an out-of-   04-26 yet 2020- bounds read-access bug. NOTE: the vendor reports that this Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

only occurs when a programmer fails to follow the API calcul 36325 specification. ated MISC

Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote not CVE- jeesns -- jeesns attackers to execute arbitrary code by injecting commands into 2021- yet 2020-   the "CKEditorFuncNum" parameter in the component 04-29 calcul 18035 "CkeditorUploadController.java". ated MISC

A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly not CVE- key_recovery_authority -- sanitize the recovery ID during a key recovery request, 2021- yet 2020- key_recovery_authority enabling a reflected cross-site scripting (XSS) vulnerability. 04-30 calcul 1721   An attacker could trick an authenticated victim into executing ated MISC specially crafted Javascript code.

CVE- 2021- An issue was discovered in klibc before 2.0.9. Multiple not 31872 possible integer overflows in the cpio command on 32-bit 2021- yet MISC kilbc -- kilbc systems may result in a buffer overflow or other security 04-30 calcul MISC impact. ated MISC MLIS T Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

CVE- 2021- not 31870 An issue was discovered in klibc before 2.0.9. Multiplication kilbc -- kilbc 2021- yet MISC in the calloc() function may result in an integer overflow and a   04-30 calcul MISC subsequent heap buffer overflow. ated MISC MLIS T

CVE- 2021- not 31871 An issue was discovered in klibc before 2.0.9. An integer kilbc -- kilbc 2021- yet MISC overflow in the cpio command may result in a NULL pointer   04-30 calcul MISC dereference on 64-bit systems. ated MISC MLIS T

CVE- not 2021- An issue was discovered in klibc before 2.0.9. Additions in the kilbc -- kilbc 2021- yet 31873 malloc() function may result in an integer overflow and a   04-30 calcul MISC subsequent heap buffer overflow. ated MISC MISC Source Primary Publis CVSS & Description Vendor -- Product hed Score Patch Info

MLIS T

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `